[英]Universal test for Admin privileges
Is there a single guaranteed method to test if the current user has admin rights? 有没有一种保证的方法可以测试当前用户是否具有管理员权限? I have tried this 我已经试过了
$isAdmin = (new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole("Administrators")
And it works, as long as Windows was originally installed in English. 只要Windows最初以英语安装,它就可以工作。 If Windows is installed in Spanish you have to test for Administra d ors. 如果安装在西班牙语Windows,你必须测试Administra d口服补液盐。 And there are a few other languages that work similarly. 还有其他几种类似的语言。 My first thought is to just test for all the possible spellings, but if there is something simple, elegant and foolproof, that would be my preference. 我的第一个想法是仅测试所有可能的拼写,但是如果有一些简单,优雅且简单的方法,那将是我的偏爱。
You are calling the String
definition of the IsInRole
Method, and this is why you have problems in different languages. 您正在调用IsInRole
方法的String
定义,这就是为什么您使用其他语言遇到问题的原因。
If you will look at the IsInRole
OverLoadDefinitions you'll see that the first Defintion is a String
which is the definition you are calling in your code 如果您查看IsInRole
OverLoadDefinitions,您会看到第一个定义是一个String
,这是您在代码中调用的定义
OverloadDefinitions
-------------------
bool IsInRole(string role)
bool IsInRole(System.Security.Principal.WindowsBuiltInRole role)
bool IsInRole(int rid)
bool IsInRole(System.Security.Principal.SecurityIdentifier sid)
bool IPrincipal.IsInRole(string role)
This string-based overload shares the same disadvantage of the NET LOCALGROUP Administrators
command, it relies on group names which are not the same in different OS Languages. 这种基于字符串的重载具有NET LOCALGROUP Administrators
命令的相同缺点,它依赖于在不同OS语言中不同的组名。
To solve this problem, use the System.Security.Principal.WindowsBuiltInRole
OverLoadDefinition: 若要解决此问题,请使用System.Security.Principal.WindowsBuiltInRole
OverLoadDefinition:
$role = [System.Security.Principal.WindowsBuiltInRole] "Administrator"
And check against this role instead: 并对照此角色进行检查:
$isAdmin = (new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole($role)
This way you don't need to care about differrent OS languages 这样,您无需关心不同的OS语言
*To get all the available WindowsBuiltInRoles: *要获取所有可用的WindowsBuiltInRoles:
[System.Enum]::GetValues([System.Security.Principal.WindowsBuiltInRole])
You can use the SID for Administrators as it's a well-known SID (static). 您可以将SID用于管理员,因为它是众所周知的SID (静态)。
SID: S-1-5-32-544 SID: S-1-5-32-544
Name: Administrators 名称:管理员
Description: A built-in group. 说明:内置组。 After the initial installation of the operatingsystem, the only member of the group is the Administrator account. 初始安装操作系统后,组的唯一成员是Administrator帐户。 When a computer joins a domain, the Domain Admins group is added to the Administrators group. 当计算机加入域时,“域管理员”组将添加到“管理员”组。 When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group. 当服务器成为域控制器时,Enterprise Admins组也将添加到Administrators组。
$isAdmin = (new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole(([System.Security.Principal.SecurityIdentifier]"S-1-5-32-544"))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.