private/Test-WinUserIsInRole.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30


Function Test-WinUserIsInRole() {
    [CmdletBinding()]
    param(
        [System.Security.Principal.WindowsIdentity] $Identity,

        [String] $Role, 

        [ValidateSet("Administrator", "User", "Guest", "PowerUser", "AccountOperator", "SystemOperator", "PrintOperator", "BackupOperator", "Replicator")]
        [String] $BuiltInRole
    )

    PROCESS {
        if(!$Identity)
        {
           $Identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
        }
    
        $p = [System.Security.Principal.WindowsPrincipal]$Identity
    
        if($BuiltInRole) {
            $r = [System.Security.Principal.WindowsBuiltInRole]$BuiltInRole;
          
            return $p.IsInRole($r)
        }
    
        return $p.IsInRole($Role);
    }
}