Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Administrator priviliges

4 views
Skip to first unread message

Stephane Baillargeon

unread,
Jan 17, 2002, 4:11:26 PM1/17/02
to
Can someone guide me into checking on a windows 2k system how to check
wether a user that is currently logged on has Administrator privilages?

thanks.


Clemens Ladisch

unread,
Jan 18, 2002, 5:42:17 AM1/18/02
to
Stephane Baillargeon wrote:
> Can someone guide me into checking on a windows 2k system how to check
> wether a user that is currently logged on has Administrator privilages?

HOWTO: Determine Whether a Thread Is Running in User Context of Local
Administrator Account (Q118626)
<
http://support.microsoft.com/support/kb/articles/Q118/6/26.ASP>


HTH
Clemens

Stephane Baillargeon

unread,
Jan 18, 2002, 1:32:42 PM1/18/02
to
Can you tell me what's the meaning of the keyword __leave in a __try block?


Remy Lebeau

unread,
Jan 18, 2002, 3:11:25 PM1/18/02
to
It's a VC++-specific language extension for exiting the try{} statement,
much as a break in a loop or switch(). Builder doesn't support _leave.


Gambit

"Stephane Baillargeon" <solution...@sympatico.ca> wrote in message
news:3c486a5f$1_1@dnews...

Stephane Baillargeon

unread,
Jan 18, 2002, 5:17:10 PM1/18/02
to
This is the answer to one of my posts. After extensive testing and
manipulation to try and convert the code from VC++ to BCB, here it is:

For those who want to test if the user currently logged on has Administrator
priviliges on Windows 2000 here's the code. I haven't tested it with
Windows NT.

New Code
-----------
#include <windows.h>

#define ACCESS_READ 1
#define ACCESS_WRITE 2

bool IsAdmin()
{
HANDLE hToken;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
BOOL bReturn = FALSE;

PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;

PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;

__try
{
// AccessCheck() requires an impersonation token.
ImpersonateSelf(SecurityImpersonation);

if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
{
if (GetLastError() == ERROR_NO_TOKEN)
{
// If the thread does not have an access token, we'll
// examine the access token associated with the process.
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY,
&hToken))
return bReturn;
}
}

if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
return bReturn;

psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);

if (psdAdmin == NULL)
return bReturn;

if (!InitializeSecurityDescriptor(psdAdmin,
SECURITY_DESCRIPTOR_REVISION))
return bReturn;

// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psidAdmin) - sizeof(DWORD);

// Allocate memory for ACL.
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
return bReturn;

// Initialize the new ACL.
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
return bReturn;

dwAccessMask= ACCESS_READ | ACCESS_WRITE;

// Add the access-allowed ACE to the DACL.
if (!AddAccessAllowedAce(pACL, ACL_REVISION2,
dwAccessMask, psidAdmin))
return bReturn;

// Set our DACL to the SD.
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
return bReturn;

// AccessCheck is sensitive about what is in the SD; set
// the group and owner.
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);

if (!IsValidSecurityDescriptor(psdAdmin))
return bReturn;

dwAccessDesired = ACCESS_READ;

//
// Initialize GenericMapping structure even though we
// won't be using generic rights.
//
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;

if (!AccessCheck(psdAdmin, hToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&bReturn))
{
MessageDlg("AccessCheck() failed with error " + GetLastError(),
mtError, TMsgDlgButtons() << mbOK, 0);
return bReturn;
}
RevertToSelf();
}
__finally
{
// Cleanup
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
}

return bReturn;
}

Colin Maharaj

unread,
Jan 18, 2002, 8:25:44 PM1/18/02
to
Have you tested this under NT Server?
I remember asking for this bit of code earlier on but it did not work
under NT server...

Stephane Baillargeon

unread,
Jan 18, 2002, 9:13:05 PM1/18/02
to
> Have you tested this under NT Server?

No I didn't as stipulated in my post.

I tested it on Windows 2000 Pro SP2


Remy Lebeau

unread,
Jan 18, 2002, 9:50:42 PM1/18/02
to
I just tested it with NT 4, and it worked.


Gambit

"Stephane Baillargeon" <solution...@sympatico.ca> wrote in message

news:3c48d648$1_1@dnews...

Stephane Baillargeon

unread,
Jan 18, 2002, 10:57:03 PM1/18/02
to
> I tested it on Windows 2000 Pro SP2

Did you have SP5 installed?


Remy Lebeau

unread,
Jan 18, 2002, 11:12:54 PM1/18/02
to
I have NT4 SP6 installed, actually.


Gambit

"Stephane Baillargeon" <solution...@sympatico.ca> wrote in message

news:3c48eea7$1_2@dnews...

Gravieren

unread,
Jan 21, 2002, 1:43:41 PM1/21/02
to
Hello

Try

//--------------------------------------------------------------------------
--
// Funktion CurrentUserIsAdmin() prüft, ob der aktuelle Benutzer
// Administrator-Rechte unter Win NT/2000 hat
//--------------------------------------------------------------------------
--
// Rückgabewert: true, falls der User Admin-Rechte hat, anderengfalls false
//--------------------------------------------------------------------------
--
// Um sicherzustellen, dass das Programm auch unter Win95-ME starten kann,
// wird die NETAPI32.DLL dynamisch geladen.
//
// (werden die NetApi-Funktionen statisch eingebunden, wird der
// Programmstart unter Win95 mit der Meldung "Fehler beim Starten des
// Programms. Die Datei xxx.exe ist mit fehlenden Export-NETAPI32.DLL:
// NetUserGetInfo verknüpft" abgebrochen)
//--------------------------------------------------------------------------
--
#include <lm.h>

// Definition der Funktionszeiger:
typedef NET_API_STATUS (NET_API_FUNCTION * pfNetUserGetInfo)(LPCWSTR,
LPCWSTR, DWORD, LPBYTE);
typedef NET_API_STATUS (NET_API_FUNCTION * pfNetApiBufferFree)(LPVOID);

bool CurrentUserIsAdmin()
{

bool blRetVal;
HINSTANCE hNetApi=LoadLibrary("NETAPI32.DLL");
if(hNetApi)
{
// Zeiger auf die NetUserGetInfo() und
// NetApiBufferFree() besorgen:
pfNetUserGetInfo pfUserGetInfo= (pfNetUserGetInfo)
GetProcAddress(hNetApi,"NetUserGetInfo");
pfNetApiBufferFree pfBufferFree =(pfNetApiBufferFree)
GetProcAddress(hNetApi,"NetApiBufferFree");

// Funktionszeiger auf NULL prüfen:
blRetVal = pfUserGetInfo && pfBufferFree;

if(blRetVal) // falls alles ok:
{
wchar_t wcaUserName[256]; // für den Benutzernamen
USER_INFO_1* pUserInfo; // Zeiger audie USER_INFO-Struktur
DWORD ilUserInfoSize = sizeof(wcaUserName);
GetUserNameW(wcaUserName, &ilUserInfoSize); // Benutzernamen ermitteln
// USER_INFO Struktur füllen:
if(pfUserGetInfo(NULL, wcaUserName, 1, (byte*)&pUserInfo) !=
NERR_Success)
blRetVal = false;
else blRetVal = pUserInfo->usri1_priv == USER_PRIV_ADMIN;
// Speicher aufräumen
pfBufferFree(pUserInfo);
}
FreeLibrary(hNetApi);
}
return blRetVal;
}

//--------------------------------------------------------------------------
-
// Anwendungsbeispiel:
//--------------------------------------------------------------------------
-
void __fastcall TForm1::Button1Click(TObject *Sender)
{
if(OsWinNt())
{
if(CurrentUserIsAdmin()) ShowMessage("Admin !");
else ShowMessage("Kein Admin !");
}
else ShowMessage("Kein NT!");
}


m.f.g. Gebhardt Karl


"Stephane Baillargeon" <solution...@sympatico.ca> schrieb im
Newsbeitrag news:3c473e12$1_1@dnews...

0 new messages