Is your Windows account running with more power than it should be?

A simple bit of code can help you stay on top of your Cyber Essentials compliance — and it takes less than a minute to run.

If you're working towards Cyber Essentials certification — or already hold it — you'll know that managing user account privileges is one of the five core controls you need to get right. But knowing the requirement and actually checking your machines are two different things. That's where a small, practical script can make a real difference.

What Cyber Essentials says about privileged accounts

Cyber Essentials is the UK government-backed cybersecurity certification scheme designed to protect organisations from the most common cyber threats. One of its five key controls is User Access Control, and it has some clear rules around administrative (elevated) accounts:

• Admin accounts must only be used for admin tasks — not for day-to-day work like browsing the web or reading email

• Every person who needs admin access should have a separate standard account for their regular work

• Elevated privileges should be removed or restricted when they're no longer needed

The reason this matters is straightforward: if someone is logged into an admin account and clicks a malicious link or opens a dodgy attachment, any malware that runs will inherit those admin privileges. That means it can do far more damage — encrypting files across the network, installing backdoors, or spreading to other machines — than it ever could from a standard account.

So how do you check?

Here's the thing — most organisations don't have a quick, repeatable way to audit this. It often comes up as a gap during Cyber Essentials assessments, not because IT teams don't care, but because there's been no simple tool to run the check.

A short script can fix that. Here are three versions depending on what you're working with:

PowerShell (recommended)

powershell

$identity = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = [Security.Principal.WindowsPrincipal]$identity

if ($principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    Write-Host "Running as Administrator (elevated)" -ForegroundColor Green
} else {
    Write-Host "NOT running as Administrator" -ForegroundColor Yellow
}

Paste this into a PowerShell window and run it. Green means the current session is elevated. Yellow means it's running as a standard user — which is exactly what you want for day-to-day work.

Command Prompt (one-liner)

cmd

net session >nul 2>&1 && echo Elevated (Administrator) || echo NOT elevated

Quick and simple — good for a fast spot-check.

Python (if you're already using it in your environment)

python

import ctypes, sys

def is_admin():
    try:
        return ctypes.windll.shell32.IsUserAnAdmin()
    except Exception:
        return False

if is_admin():
    print("Running as Administrator (elevated)")
else:
    print("NOT running as Administrator")
    print("Re-run this script as Administrator to get elevated access.")

No third-party packages needed — this uses the built-in Windows Shell API.

What to do with the results

If any of your users are running elevated accounts for their everyday work, that's a Cyber Essentials gap that needs addressing. The fix is straightforward:

1. Create a separate standard account for day-to-day tasks (email, web, documents)

2. Reserve the admin account strictly for tasks that require it — installing software, changing system settings, and so on

3. Review all accounts regularly so that permissions don't accumulate over time as people change roles

This principle is sometimes called least privilege — give every user only the access they need to do their job, nothing more.

The bigger picture

Passing a Cyber Essentials assessment isn't just about ticking a box. It's about building habits and processes that genuinely reduce your risk. Scripts like the ones above are a small but practical part of that — they make invisible things visible, and they're easy to share with your team or build into a regular review process.

If you'd like help auditing your accounts more broadly — across all machines on your network, not just one at a time — that's a natural next step, and it's something we can help with.

Got questions about Cyber Essentials or where to start with your compliance journey? Get in touch — we're always happy to help.

Cyber Essentials is a UK government-backed scheme managed by IASME on behalf of the National Cyber Security Centre (NCSC). Certification demonstrates that your organisation has the fundamental controls in place to protect against the most common cyber threats.