I need to determine if my program is running with full administrator rights. By that I mean if uac is turned on (for win vista/7) that I need to determine if the program actually has admin rights (like if the user right clicked and selected "run as administator") and not limited by uac. How do I do this in C++?
19
votes
Don't put [tags] in the subject line. That is what the Tags are for.
– abelenky
You can just try doing the operation you need the rights for.
– ruslik
possible duplicate of How to check if a process has elevated privileges in windows 7 using native C++ ?
– Kate Gregory
possible duplicate of How to check if a process has the administrative rights
– CinCout
2 Answers
12
votes
- Win9x: Everyone is "admin"
- NT4: OpenThreadToken/OpenProcessToken + GetTokenInformation(...,TokenGroups,...) on DOMAIN_ALIAS_RID_ADMINS SID in a loop
- 2000+: OpenThreadToken/OpenProcessToken + CheckTokenMembership on DOMAIN_ALIAS_RID_ADMINS SID
Other alternatives are: IsUserAnAdmin or AccessCheck
Checking the TOKEN_ELEVATION* stuff in the token is not required for testing the current process but it is useful if you need to find out if the user could elevate because they have a split token etc.
0
votes
An expansion on Anders' answer for those (like me) who are less Windows literate:
BOOL isMember;
PSID administratorsGroup = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT =
SECURITY_NT_AUTHORITY;
if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&administratorsGroup))
{
throw(oops_t(GetLastError(), "AllocateAndInitializeSid"));
}
if (!CheckTokenMembership(nullptr, administratorsGroup, &isMember))
{
throw(oops_t(GetLastError(), "CheckTokenMembership"));
}
if (!isMember)
{
throw(oops_t(ERROR_ACCESS_DENIED, "Test for Admin privileges"));
}
