WHat is my account type
José
administrator or as a limited user?
--
José
Mike Collins
you can determine if your current account rights match those of the
adminitration group. there are a number of steps to go through to do this:
1) call OpenProcessToken on the current process.
2) call GetTokenInformation on the returned handle
3) call AllocateAndInitializeSid to get information on the admin rights..
4) use EqualSid to compare the two.
I believe Remy posted some code here last year explaining how to do this, if
not I can post my version which as I remember is based on his (it might
actually be his...)
HTH Mike
"José" <jo...@127.0.0.1> wrote in message
news:lko372tv8d3pmfa8a...@4ax.com...
Remy Lebeau (TeamB)
"Mike Collins" <i...@TheBottomOfThePost.com> wrote in message
news:4471...@newsgroups.borland.com...
> I believe Remy posted some code here last year explaining how to do
> this, if not I can post my version which as I remember is based on his
> (it might actually be his...)
All code samples that I have ever posted are available and fully searchable
in the newsgroup archives at http://www.deja.com
Gambit
José
<no....@no.spam.com> wrote in borland.public.cppbuilder.nativeapi:
>All code samples that I have ever posted are available and fully searchable
>in the newsgroup archives at http://www.deja.com
Well, I found a function named IsAdmin(void)
It does one amazing thing: it requires no headers and it compiles
immediately without error. It contains the functions by Mike. These
are not found in the help file.
Unfortunately the function seems to return true at all times.
--
José
José
borland.public.cppbuilder.nativeapi:
>Unfortunately the function seems to return true at all times.
If you are so stupid to code
if (IsAdmin)
instead of
if (IsAdmin())
Shame on me.
--
José
Remy Lebeau (TeamB)
> Well, I found a function named IsAdmin(void)
>
> It does one amazing thing: it requires no headers
The necessary headers are already included by the VCL by default.
> It contains the functions by Mike. These are not found in the help file.
As they are Microsoft functions, they are listed in Microsoft's
documentation, not Borland's. The win32.hlp file does include all of them.
> Unfortunately the function seems to return true at all times.
The only way that can happen is if the code is run from a process that
actually does have admin rights.
Gambit
Colin B Maharaj
José wrote:
> Is there a system call which tells me whether I am signed on as an
> administrator or as a limited user?
No coded by Me but works for me...for the last 5 years on WinXP,NT, NT
Server, 2000 - NOT ME,98,95.
//------------------------------------------------------------
BOOL IsAdminLoggedOn(void)
{
HANDLE hToken;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
BOOL bReturn = FALSE;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = {SECURITY_NT_AUTHORITY};
int FM_ACCESS_READ = 1;
int FM_ACCESS_WRITE= 2;
try
{
// AccessCheck() requires an impersonation token.
ImpersonateSelf(SecurityImpersonation);
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE,
&hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
return false;
// If the thread does not have an access token, we'll
// examine the access token associated with the process.
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY,
&hToken))
return false;
}
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
return false;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
return false;
if (!InitializeSecurityDescriptor(psdAdmin,
SECURITY_DESCRIPTOR_REVISION))
return false;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psidAdmin) - sizeof(DWORD);
// Allocate memory for ACL.
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
return false;
// Initialize the new ACL.
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
return false;
dwAccessMask= FM_ACCESS_READ | FM_ACCESS_WRITE;
// Add the access-allowed ACE to the DACL.
if (!AddAccessAllowedAce(pACL, ACL_REVISION2,
dwAccessMask, psidAdmin))
return false;
// Set our DACL to the SD.
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
return false;
// AccessCheck is sensitive about what is in the SD; set
// the group and owner.
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
return false;
dwAccessDesired = FM_ACCESS_READ;
//
// Initialize GenericMapping structure even though we
// won't be using generic rights.
//
GenericMapping.GenericRead = FM_ACCESS_READ;
GenericMapping.GenericWrite = FM_ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = FM_ACCESS_READ | FM_ACCESS_WRITE;
if (!AccessCheck(psdAdmin, hToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&bReturn)) {
printf("AccessCheck() failed with error %lu\n", GetLastError());
return false;
}
RevertToSelf();
}
__finally
{
// Cleanup
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
}
return bReturn;
}
//------------------------------------------------------------
Bob Gonder
>Is there a system call which tells me whether I am signed on as an
>administrator or as a limited user?
You might look at
BOOL IsUserAnAdmin(VOID);