locked
How to get the logged in user is Admin / User RRS feed

  • Question

  • Hi All,

    I am using the following fuction in my application to check whether the user is admin or a normal user. Now my problem is when iam running the application on Windows XP i am getting the correct results(ie when i loged in as admin i am getting the admin / true and when i logged in as user i am getting the user / false). But when i tried to run the same application on VISTA i am getting the return value as false (user) in both the login modes. How to change my code to give the correct results for bot the login modes. Please help me in this.

    BOOL IsUserAdmin(VOID)
    /*++
    Routine Description: This routine returns TRUE if the caller's process is a member of the Administrators local group. Caller is NOT expected to be impersonating anyone and is expected to be able to open its own process and process token.
    Arguments: None.
    Return Value:
       TRUE - Caller has Administrators local group.
       FALSE - Caller does not have Administrators local group. --
    */
    {
    BOOL b;
    SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
    PSID AdministratorsGroup;
    b = AllocateAndInitializeSid(
        &NtAuthority,
        2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS,
        0, 0, 0, 0, 0, 0,
        &AdministratorsGroup);
    if(b)
    {
        if (!CheckTokenMembership( NULL, AdministratorsGroup, &b))
        {
             b = FALSE;
        }
        FreeSid(AdministratorsGroup);
    }

    return(b);
    }

    Thanks,

    Vamsee

    Monday, December 18, 2006 9:28 AM

All replies

  • Hi Vamsee,

    are you sure you actually tried to run this function elevated?  I just tried it and the function
    returns TRUE when called in an elevated process, but FALSE when running in a non-elevated
    process.  I assume that it returns FALSE in the non-elevated case because the Administrators
    group in the token's group list is "for deny only".  You can't actually call that being a member
    of the Administrators group :)


    Hope that helps,
    Corinna
    Tuesday, December 19, 2006 3:58 PM