There are 1000 scripts out there to tell you if a user is *in the local administrators group*.  However, what you usually want to know is "is the current process running as an elevated administrator".  The difference between these is not small.  I can be in the local administrators group, but be running under UAC and my process does not have full administrator rights.  Or I can be in a group that is in a group that is in the local administrators group and elevated - but a script looking directly for my name won't find my user id directly in the administrators group.  Or my script can be running under the System account which has local administrators rights, but is not in the local administrators group.

If ([bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")) {
  write-host "You are an administrator"
  }

For more explanation and updated Ready-To-Run code for this topic, check out our video course "PSH-205 Managing the Enterprise Windows Desktop with PowerShell" [ Free for a limited time ]

If you would like the test to be available to the entire script you can do this:

$IsAdmin = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")

The following is a  way to determine if you are running under the system account (handy for when your code is running under a management system like SCCM 2007 or Altiris).  However, if all you want to know is whether your process is running as an elevated administrator, the above code works for system account processes as well:

If (([System.Security.Principal.WindowsIdentity]::GetCurrent()).IsSystem) {
  write-host "Running under the system account"
  add-content -path "$env:SystemDrive\users\public\syscheck.txt" -force -value "systemaccount"
  }


You can test the above code in a live system and the creation of the file will tell you whether the powershell code is running under and detecting system account context.

Another easy way is to test with psexec like this: