stackoom
  简体   繁体   中英

Testing application for Administrative Running Rights

 原文  2011-05-23 15:05:44       windows/ vb.net/ uac

Question

I want a sure-shot method to test if the application was run via the UAC box and has full administrative rights. Earlier, I thought of making a folder in C:\\Windows\\ for testing but running it on other computers proved to be a failure!

The UAC box provides all administrative rights to the computer to do anything(including making folders and creating files in places which needs there rights) and also makes sure that any child program so called or created also does have the same rights as the parent.

Is there a sure-shot way to test if my application has been provided all the administrative rights that I can maximum get by the user while running the application or not? If yes, I would be glad to have to piece of code-work!

2 answers

solution1
 19 ACCPTED  2011-05-23 15:08:29

C#: 

using System.Security.Principal;

...

var identity = WindowsIdentity.GetCurrent();
var principal = new WindowsPrincipal(identity);
bool isElevated = principal.IsInRole(WindowsBuiltInRole.Administrator);

VB.Net: 

Imports System.Security.Principal

...

Dim identity = WindowsIdentity.GetCurrent()
Dim principal = new WindowsPrincipal(identity)
Dim isElevated as Boolean = principal.IsInRole(WindowsBuiltInRole.Administrator)

solution2
 0  2019-03-12 06:23:36

After a fair bit of poking around, I found that the most common solutions to this question return false negatives if the user's UAC is set to anything but Off .

My solution these days is to do this: 

Imports System.Security.Principal
Imports System.DirectoryServices.AccountManagement
Imports System.DirectoryServices.ActiveDirectory
Imports Microsoft.VisualBasic.ApplicationServices

''' <summary>Checks whether the current user is belongs to any Administrators groups.</summary>
''' <param name="AuthGroups">Optional. A flag indicating whether to use GetAuthorizationGroups instead of the - faster - GetGroups. Default=true.</param>
''' <returns>True if the user belongs to an Administrators group, false otherwise.</returns>
Public Function IsAdministrator(
    Optional ByVal AuthGroups As Boolean = True) As Boolean

    Static bResult As Boolean? = Nothing
    Try
        If bResult Is Nothing Then
            bResult = New WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)
            If Not bResult Then
                Dim oContext As PrincipalContext = Nothing
                Try 'Domain check first
                    Domain.GetComputerDomain()
                    oContext = New PrincipalContext(ContextType.Domain)
                Catch
                    'Fall through to machine check
                End Try
                If oContext Is Nothing Then oContext = New PrincipalContext(ContextType.Machine)
                'Dim oPrincipal As UserPrincipal = UserPrincipal.FindByIdentity(oContext, WindowsIdentity.GetCurrent().Name) ' Don't use - slow
                Using oSearchUser As Principal = New UserPrincipal(oContext)
                    oSearchUser.SamAccountName = WindowsIdentity.GetCurrent().Name
                    Using oSearcher As PrincipalSearcher = New PrincipalSearcher(oSearchUser)
                        Using oUser As Principal = oSearcher.FindOne()
                            If oUser IsNot Nothing Then
                                If AuthGroups Then
                                    bResult = CType(oUser, UserPrincipal).GetAuthorizationGroups().Any(Function(p) _
                                        p.Sid.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid) OrElse
                                        p.Sid.IsWellKnown(WellKnownSidType.AccountDomainAdminsSid) OrElse
                                        p.Sid.IsWellKnown(WellKnownSidType.AccountAdministratorSid) OrElse
                                        p.Sid.IsWellKnown(WellKnownSidType.AccountEnterpriseAdminsSid))
                                Else
                                    bResult = oUser.GetGroups().Any(Function(p) _
                                        p.Sid.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid) OrElse
                                        p.Sid.IsWellKnown(WellKnownSidType.AccountDomainAdminsSid) OrElse
                                        p.Sid.IsWellKnown(WellKnownSidType.AccountAdministratorSid) OrElse
                                        p.Sid.IsWellKnown(WellKnownSidType.AccountEnterpriseAdminsSid))
                                End If
                            End If
                        End Using
                    End Using
                End Using
            End If
        End If
    Catch
        bResult = False
    End Try
    Return bResult.GetValueOrDefault(False)
End Function

This method is a composite of a few other answers, so I only take credit for packaging it up into a function that will only ever run once and therefore if there is a bit of a delay due to the fall-through, you can probably hide it in start-up.

The AuthGroups argument gives you a choice of the more thorough, recursive AuthorizationGroups check (default) or the faster Groups check.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to detect if a batch script is running with administrative rights? Start my C# application with administrative rights access network path from PowerShell running with Administrative Rights Running neo4j on windows without administrative rights Prevent starting with administrative rights C# Application not running with administrative privilege Building a project with Administrative rights on execution? Running an application as Windows Service requires Administrator rights or not? Service or started program by a service with administrative rights Can't open PowerShell with administrative rights
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM