The current Advapi32Util#getTokenGroups method can incur significant latency, 20-45 seconds on my corporate machine. Only asking for the primary group is on the order of 20-45 milliseconds.
--
You received this message because you are subscribed to the Google Groups "Java Native Access" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jna-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jna-users/8e610a60086d800f8a302b9f96f27e1be48d3c71.camel%40doppel-helix.eu.
You might consider IsUserAnAdmin() in Shell32, although that suggests calling CheckTokenMembership() instead.
Here’s how I did it, essentially checking the current process for the TOKENELEVATION token. However, I think this only checks if the current process is running elevated, not if the user has the ability to elevate – does that fit your use case?
public boolean isElevated() {
HANDLEByReference hToken = new HANDLEByReference();
boolean success = Advapi32.INSTANCE.OpenProcessToken(Kernel32.INSTANCE.GetCurrentProcess(), WinNT.TOKEN_QUERY,
hToken);
if (!success) {
LOG.error("OpenProcessToken failed. Error: {}", Native.getLastError());
return false;
}
try {
TOKEN_ELEVATION elevation = new TOKEN_ELEVATION();
if (Advapi32.INSTANCE.GetTokenInformation(hToken.getValue(), TOKENELEVATION, elevation, elevation.size(),
new IntByReference())) {
return elevation.TokenIsElevated > 0;
}
} finally {
Kernel32.INSTANCE.CloseHandle(hToken.getValue());
}
return false;
}
Where
private static final int TOKENELEVATION = 0x14;
and
@FieldOrder({ "TokenIsElevated" })
class TOKEN_ELEVATION extends Structure {
public int TokenIsElevated;
To view this discussion on the web visit https://groups.google.com/d/msgid/jna-users/a7ad3cfd-ee18-4fb3-865a-7d5ddec20118n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jna-users/c419872d-aedc-4ab3-a561-cc607014b04fn%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jna-users/CANQs7dDa%2BGgx27L1-MT2JX0Z82mzpUGWOOyPgSfmT_FEWq1S7Q%40mail.gmail.com.
I really like the solution with super-large ERROR printed with ## characters.
To view this discussion on the web visit https://groups.google.com/d/msgid/jna-users/CANb1Va7dwkgnDpofXy%3Dy-V4oBOxVi1DT9w5-Mu_5VWer%3Dpa4Qw%40mail.gmail.com.