stackoom
  简体   繁体   中英

Check if user is a local admin on external machine

 原文  2013-02-26 18:39:02       .net/ windows/ vb.net/ security

Question

I'm writing an app that aggregates all the event log entries on each of several different servers. I can get the event logs by passing in the MachineName to EventLog.GetEventLogs . This will typically fail at some stage is the user is not a local administrator on that machine, so I'd like to check for it ahead of time and skip to the next set of servers if that is the case

For Each svr As String In Servers

    'TODO: check to see if they are a local administrator, else continue for

    Dim logs As List(Of EventLog) = EventLog.GetEventLogs(svr).ToList
    For Each log As EventLog In logs
        LoadEachOSLogEntry(log)
    Next
Next

Most solutions, like the one here , only check if the user is an admin on the currently executing machine.

Dim user As WindowsIdentity = WindowsIdentity.GetCurrent()
Dim principal As New WindowsPrincipal(user)
Dim isAdmin As Boolean = principal.IsInRole(WindowsBuiltInRole.Administrator)

1 answers

solution1
 0  2013-02-26 20:17:25

Here's an attempt.

The following function will return whether or not a user belongs to a particular user group (in my case "Administrators" ) on any machine.

Imports System.DirectoryServices.AccountManagement

Public Shared Function IsMemberOfGroup(userName As String, machineName As String, memberGroup as String) As Boolean
    Dim isMember As Boolean = False
    Using rootContext As New PrincipalContext(ContextType.Machine, machineName), _
          grp As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, memberGroup), _
          usr As UserPrincipal = UserPrincipal.FindByIdentity(rootContext, IdentityType.SamAccountName, userName)
        If grp IsNot Nothing AndAlso usr IsNot Nothing Then
            ' Check if the user is a member of the group.
            isMember = grp.GetMembers(True).Contains(usr)
        Else
            isMember = False
        End If
    End Using
    Return isMember
End Function

The caveat is that the user running the method has to be an admin in order to have rights to this information set in PrincipalContext . I was hoping that the application would be able to determine if the user running the application is an admin.

The only way to make this super helpful is to call it and see if it came up with "Access Denied", similar to hometoast already suggested, but this still doesn't feel super "clean"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check Given user has admin privilege in logged machine in .net How to check if the user is “Admin” Adding Local User to Local Admin Group .Net WebException to check if local machine has internet access Determine User Active Directory Groups from Local Machine off Network login/impersonate as local/domain user from app they launched as admin how to check if current user is in admin group c# Given a Uri value how can one check whether it refers the local machine? DLL References fail with “Access Denied” when using Impersonation for a NON-Local-Admin windows user use local machine IP address to test website on local machine
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM