Windows processes can run with standard user permissions or with elevated administrator rights. This distinction can directly impact system behavior, administrative tasks, and troubleshooting efforts. Therefore, system administrators, power users, and support technicians must know how to differentiate one from the other to verify process integrity, security, and user elevation context. It all starts with learning how to identify administrator-run processes on Windows 10 to determine if they are elevated or running with administrator privileges. Dive in to learn more.
How do I check if a process is elevated in Windows?
Depending on your technical skill level, environment, and purpose, there are two ways to verify if a process is running with administrator privileges in Windows 10.
Method 1: Using the Task Manager
This method offers a quick visual check for end users and support staff without needing scripting or commands. However, it doesn’t show detailed information. Furthermore, you might not be able to view the elevation of some processes if you don’t have administrative rights.
Note: This method will only work on Windows 10 version 1809 and later.
- Open the Task Manager. Press Ctrl + Shift + Esc or right-click the taskbar and select Task Manager from the menu.
- Click the Details tab.
- Right-click on any of the column headers and click Select columns.
- Browse through the list, check the Elevated option, and click OK.
You should see a new column named Elevated. A Yes value means a process is running as an admin, and a No value means it’s running with standard user privileges.
Method 2: Using PowerShell
The PowerShell method is highly flexible and scriptable for automation or auditing, but it is more complex and will require PowerShell knowledge to execute properly.
Note: Administrator privileges are required.
- Open an elevated PowerShell. Use the Search menu in the taskbar to find PowerShell, right-click on it, and select Run as administrator. If prompted by UAC, click Yes.
- Copy and paste the commands below, and then tap Enter :
| Add-Type -TypeDefinition @”
using System; using System.Runtime.InteropServices; public static class ProcessElevationChecker { [DllImport(“kernel32.dll”, SetLastError = true)] public static extern IntPtr OpenProcess(int processAccess, bool bInheritHandle, int processId); [DllImport(“advapi32.dll”, SetLastError = true)] public static extern bool OpenProcessToken(IntPtr ProcessHandle, int DesiredAccess, out IntPtr TokenHandle); [DllImport(“advapi32.dll”, SetLastError = true)] public static extern bool GetTokenInformation(IntPtr TokenHandle, int TokenInformationClass, out int TokenInformation, int TokenInformationLength, out int ReturnLength); [DllImport(“kernel32.dll”, SetLastError = true)] public static extern bool CloseHandle(IntPtr hObject); const int PROCESS_QUERY_LIMITED_INFORMATION = 0x1000; const int TOKEN_QUERY = 0x0008; const int TokenElevation = 20; public static bool IsProcessElevated(int processId) { IntPtr hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, processId); if (hProcess == IntPtr.Zero) return false; IntPtr hToken; if (!OpenProcessToken(hProcess, TOKEN_QUERY, out hToken)) { CloseHandle(hProcess); return false; } int elevation; int size; bool success = GetTokenInformation(hToken, TokenElevation, out elevation, sizeof(int), out size); CloseHandle(hToken); CloseHandle(hProcess); return success && elevation != 0; } } “@ $processList = Get-Process | Sort-Object ProcessName $results = @() foreach ($proc in $processList) { try { $isElevated = [ProcessElevationChecker]::IsProcessElevated($proc.Id) } catch { $isElevated = $null } $results += [PSCustomObject]@{ Name = $proc.ProcessName PID = $proc.Id Elevated = $isElevated } } $results | Format-Table -AutoSize |
You should see a list of all running processes with their assigned PIDs (Process Identifiers) and current elevation. Under the Elevated column, True means the process is running as an administrator, and False means it’s running with standard user permissions.
Note: If the PowerShell session is not elevated, running these commands will show a False value for every process.
What is an elevated process in Windows 10?
An elevated process in Windows refers to an application or task running with administrative rights instead of default user-level permissions. These processes run at a high integrity level, so they can bypass many of the restrictions imposed on standard applications. The elevated status gives the process authority to perform system-wide changes, such as installing software, modifying protected files, accessing other users’ data, and editing the registry.
Elevation is managed by User Access Control (UAC), a Windows feature that prevents unauthorized changes to the operating system. UAC prompts users for approval when they attempt to launch a process that requires higher privileges. Once the user consents or if a policy automatically allows it, the privilege is granted and the process is started in a higher-integrity context.
Why check for elevation?
Checking the elevation of processes in Windows is crucial to prevent unauthorized modifications or harm to the operating system by:
- Troubleshooting UAC or permission-related issues: If administrative tools, installers, and system scripts that need elevated permissions run without proper elevation, they might fail without notice.
- Ensuring security contexts in multi-user environments: On shared machines or remote systems, elevated processes can access sensitive areas of the OS and other users’ data, so unintentional or unauthorized elevation can be a security risk.
- Validating automation scripts or software behavior: Automated scripts and tools running without the proper elevation may fail or execute only partly, leading to deployment errors and system misconfigurations.
Use cases
It is essential to know when and why you should check if a process is running as an administrator or not to ensure stability, security, and correct behavior, especially in managed environments.
- Script validation: When developing administrative scripts, elevation is often required to execute specific actions. If a script runs without sufficient privileges, it can fail, trigger “Access denied” errors, or make the system behave inconsistently.
- Security auditing: In security-sensitive environments, processes running with administrator privileges can be easily exploited or misused. Checking elevation can help detect unauthorized or suspicious activities.
- User training: Non-technical users may not understand the importance of running an application as an administrator, which may prevent specific features from working properly. IT support can help these users check for elevation and relaunch their tools so that the features work.
Troubleshooting
Users may encounter issues when checking for elevated processes in Windows 10 due to system settings, permission restrictions, or version compatibility.
Issue: “Elevated” column mission in the Task Manager
As mentioned, the Task Manager method is only available for Windows 10 version 1809 or newer. If you have an earlier version, consider upgrading or using PowerShell or Command Prompt to check for elevation manually.
Issue: PowerShell returns “Access denied”
When PowerShell tries to access system process information or that of other users’ processes, it will require elevated privileges. Make sure you run PowerShell as an administrator before executing scripts that inspect process elevation.
Issue: UAC prompt not appearing
If the UAC prompt does not appear, UAC might be disabled, or some system policies are blocking elevation prompts. Consider checking UAC settings under Control Panel > User Accounts > Change User Account Control settings and ensure the slider on the left side is set to “Always notify.” You should also verify that Group Policy hasn’t disabled UAC. Follow this path in the Group Policy Editor:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Ensure policies like “User Account Control: Run all administrators in Admin Approval Mode” are enabled.
Frequently Asked Questions
Can I always trust the Task Manager “Elevated” column?
If you’re on a device with Windows 10 version 1809 and above, enabling the “Elevated” column in the Task Manager is a reliable method for checking for processes running with administrator rights. However, this method does not apply to earlier builds, so you must use PowerShell or Command Prompt.
Is the UAC prompt the same as running elevated?
No, UAC prompts are essentially elevation requests. A process is only elevated if you approve the prompt or if it is launched from an already elevated session. The process will not run with admin access if you decline the prompt.
Can I programmatically enforce elevation?
Yes. You can embed a manifest file in an executable or use Start-Process with the -Verb Runas parameter for PowerShell scripts. This will allow elevation to be requested or enforced consistently, which is especially helpful in deployment tools, automation tasks, and secure applications.
Checking for processes running with elevated administrator rights
Knowing whether a process is running with administrator privileges or not is an important task for system administrators, power users, and support professionals who manage Windows environments. Elevated processes have access to system-wide settings and configurations, so checking elevation can help ensure security, troubleshoot failed scripts, and guide users through administrative tasks. Task Manager and PowerShell offer ways to check the elevation state of processes, so always choose the method that best suits your IT knowledge and goals.
