Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is Current User In Admin Group - Windows 10 1

Status
Not open for further replies.
vernpace

vernpace

Programmer
Feb 22, 2015
209
US
Hi All,

Need to know if current (logged-in) user is an administrator in Windows 10. In Windows 10, a user can never have "true" (super administrator) privileges, but can have administrator privileges for software installation, etc. This is why some of the older APIs work (e.g. IsUserAnAdmin()), in Windows 7, but not in Windows 10.

Does anyone have code they can share which works on Windows 10. I think something that indicates if the current user is in the administrator group.

 
Sort by date Sort by votes
[pre]FUNCTION IsAdmin
#DEFINE SECURITY_NT_AUTHORITY 5
#DEFINE SECURITY_BUILTIN_DOMAIN_RID 0x20
#DEFINE DOMAIN_ALIAS_RID_ADMINS 0x220

DECLARE Long AllocateAndInitializeSid IN Advapi32.dll ;
String pIdentifierAuthority, Short nSubAuthorityCount, ;
Long dwSubAuthority0, Long dwSubAuthority1, Long dwSubAuthority2, ;
Long dwSubAuthority3, Long dwSubAuthority4, Long dwSubAuthority5, ;
Long dwSubAuthority6, Long dwSubAuthority7, Long @ pSid

DECLARE Long FreeSid IN Advapi32.dll Long pSid

DECLARE Long CheckTokenMembership IN Advapi32.dll Long TokenHandle, ;
Long SidToCheck, Long @ IsMember

DECLARE Long GetLastError IN WIN32API

LOCAL lcpIdentifierAuthority, lnSid, lnIsMember
lcpIdentifierAuthority = REPLICATE(CHR(0),5) + CHR(SECURITY_NT_AUTHORITY )
lnSid = 0
llIsAdmin = .F.
IF AllocateAndInitializeSid(lcpIdentifierAuthority, ;
2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, ;
0, 0, 0, 0, 0, 0, @lnSid) <> 0

lnIsMember = 0
IF CheckTokenMembership( 0, lnSid, @lnIsMember) <> 0
IF lnIsMember <> 0
llIsAdmin = .T.
ENDIF
ELSE
*? "CheckTokenMembership Error " + apierror(GetLastError())
ENDIF

= FreeSid(lnSid)
ELSE
*? "AllocateAndInitializeSid Error " + apierror(GetLastError())
ENDIF

RETURN llIsAdmin[/pre]
 
Upvote 0 Downvote
That's brilliant Tore.


Best Regards,
Scott
MIET, MASHRAE, CDCP, CDCS, CDCE, CTDC, CTIA, ATS

"Everything should be made as simple as possible, and no simpler."[hammer]
 
Upvote 0 Downvote
Hi Tore. Thanks for responding. Unfortunately, the function does not work on Windows 10 (I'm testing at home on Windows 10 Pro). It does work on Windows 7. I may be wrong, but I have a feeling the problem lies with how Windows 10 defines an administrator. One can be a so-called administrator, but still has to "RunAs" for certain things in the registry, powershell, command prompt, etc. The real (super) administrator account is disabled by default in Windows 10. Your function would probably work for that account.
 
Upvote 0 Downvote
That mode of running processes unelevated as the norm, even if a user account is an administrator exists since Vista introduced UAC. It's normal.
The VFPX API Code making use of the Win API IsUserAnAdmin() function returns 0 (No) for me, too. Yes.

The usual way to ask for elevation is with a manifest setting requestedExecutionLevel to requireAdminstrator.

If you want to determine whether that means the current user would only need to click a confirm button, as he is admin or will be prompted to log in as an admin account, that may be useful to know in advance, but in the end, there's nothing you can do anyhow. Whenever your software needs the admin execution level you should put such functions into a separate EXE with such a manifest, if you don't want to require admin privileges right away just for starting your software. At least I'm not aware of an API function, that would elevate an already running process and cause that Windows prompt/dialogs when doing so. The normal case will just be redirection into virtual registry and directory branches and therefore only seeming to succeed, eg when you want to write a self-registering COM Server with DllRegisterServer, that's hardly working anyway, as a DLL has to be already registered to start an OLE class from it. And an EXE needs other calls.

It's easiest to register and VFP DLL or EXE COM Server with a setup.

Related: You see there is Self-Registration, I haven't read it full, but as far as I get it you can avoid an installation procedure, but a previous installer must have set up a license to use for components of upgrades or updates to register themselves, so this still isn't self-contained as possibility you can do "cold" without any previous steps of authorizing that. I assume in itself it wouldn't be a security hole, as merely being able to regsiter classes without an admin doesn't mean you can do more in the protected registry than adding the keys for OLE registration and the OLE Server itself will not run elevated anyway. Still, Windows doesn't make it too easy to use some OLE/COM/ACtiveX.

Bye, Olaf.

Olaf Doschke Software Engineering
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dmusicant
  • Locked
  • Question
Running Visual Foxpro on local Windows 10 machines, what if any adjustments are needed if I upgrade to Windows 11? 1
Replies
8
Views
781
tomk3
tomk3
EinTerraner
  • Locked
  • Question
User defined property in Property-window
Replies
9
Views
768
xinjie
xinjie
StefanFoerner
  • Locked
  • Question
ProgressTaskbar: Show Your own ProgressBar in the Windows Taskbar (Windows 7 / 8 / 8.1 / 10 / 11) 4
Replies
9
Views
540
Chris Miller
Chris Miller
Rajesh Karunakaran
  • Locked
  • Question
TRY/CATCH routine: Is FINALLY is mandatory in version before 9.0?
Replies
13
Views
809
ggreen61
ggreen61
StefanFoerner
  • Locked
  • Question
Windows Fluent Design: Blur the Window Background of Your VFP Forms (Windows 10 / 11) 1
Replies
0
Views
329
StefanFoerner
StefanFoerner

Part and Inventory Search

Sponsor

Back
Top