stackoom
  简体   繁体   中英

How to check if a specified user is admin on a local computer or not?

 原文  2011-09-03 19:19:27       c/ windows

Question

I want to know, if a user is administrator on a PC or not? I found a code snippet, which does this, but i have a problem with it. The problem with this code is, that this function will return if the user, who started the process has admin rights or not. But i want to query if a specific user has administrator rights or not. Can i do this somehow? This is important because my application will run under SYSTEM account, so it will always return that the user is admin, but i want to know if the logged on user is admin or not?

Code snippet: 

BOOL IsUserAdmin( VOID )
/*++ 
Routine Description: This routine returns TRUE if the caller's
process is a member of the Administrators local group. Caller is NOT
expected to be impersonating anyone and is expected to be able to
open its own process and process token. 
Arguments: None. 
Return Value: 
  TRUE - Caller has Administrators local group. 
  FALSE - Caller does not have Administrators local group. --
*/ 
{
BOOL b;
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
PSID AdministratorsGroup; 

b = AllocateAndInitializeSid(
                                &NtAuthority,
                                2,
                                SECURITY_BUILTIN_DOMAIN_RID,
                                DOMAIN_ALIAS_RID_ADMINS,
                                0, 0, 0, 0, 0, 0,
                                &AdministratorsGroup
                            ); 
if ( b ) 
{
    if ( !CheckTokenMembership( NULL, AdministratorsGroup, &b ) ) 
    {
        b = FALSE;
    } 
    FreeSid( AdministratorsGroup ); 
}

return ( b );
}

3 answers

solution1
 2 ACCPTED  2011-09-03 19:39:51

You need to take the following steps.

  1. Decide which logged on user you want to pick on, there could be more than one. I would identify them using a process, eg the explorer process.
  2. Call OpenProcessToken() passing the process handle. Make sure you specify TOKEN_DUPLICATE .
  3. Call DuplicateToken() to get an impersonation token.
  4. Call CheckTokenMembership() as before but passing the token rather than NULL .
  5. Tidy up!

solution2
 1  2011-09-03 19:50:38

  1. Run your user interface within the logged-on user account. This protects the privileged service against shatter attacks.

  2. Use DCOM to forward requests from the GUI to the privileged service. Use impersonation within the privileged service to discover the rights of the user.

solution3
 0  2011-09-03 19:42:03

Have a look at this blog article on MSDN:

How To Determine Whether a Thread Is Running in User Context of Local Administrator Account

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to start a local port on user's computer (Edited question) How to check whether a Windows user has admin privileges in C? How to check for computer power loss? Check if a user is a local or domain account C: How to check if the computer is locked/sleep? Where should I store the JWT on the local computer (and how)? How to get local network IP address of a remote computer How to check (in C/C++ code) if Openssl is installed on my computer? How to create file for any user(any computer) desktop in c ? SSPI: acquire credentials for another user from a process running with local admin privileges
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM