How to determine if the user has administrator privileges
in in c m m s s>> m in>>> m m m m m 2 m m m m 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 *********************************************************** ******* // // function: isadmin - this function checks the token of the // call thread to see letter beller belongs to // the administrators group. // // parameters: none // // Return Value: True if the caller is an administrator on the local // machine. OtherWise, False. // ************************************ ***************************************************** BOOL Isadmin (Void) {Handle Htoken; DWORD DWSTATUS; DWORD DWACCESSMASK; DWORD DWACCESDESIRED; DWORD dwACLSize; DWORD dwStructureSize = sizeof (PRIVILEGE_SET); PACL pACL = NULL; PSID psidAdmin = NULL; BOOL bReturn = FALSE; PRIVILEGE_SET ps; GENERIC_MAPPING GenericMapping; PSECURITY_DESCRIPTOR psdAdmin = NULL; SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY; __try {// AccessCheck () requires an Impersonation token. ImpersonateSelf (Securityimpersonation);
if {if (GetLastError () = ERROR_NO_TOKEN!) __leave (OpenThreadToken (GetCurrentThread (), TOKEN_QUERY, FALSE, & hToken)!); // If the thread does not have an access token, we'll // examine the access token associated with the process if (OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, & hToken)!) __leave;.} if (AllocateAndInitializeSid (& SystemSidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, & psidAdmin)!) __leave PSDADMIN = LOCALLALLOC (LPTR, Security_DESCRIPTOR_MIN_LENGTH); if (psdadmin == null) __leave; if __leave; // Compute size needed for the ACL dwACLSize = sizeof (ACL) sizeof (ACCESS_ALLOWED_ACE) GetLengthSid (psidAdmin) - sizeof (DWORD); (InitializeSecurityDescriptor (psdAdmin, SECURITY_DESCRIPTOR_REVISION)!). // Allocate memory for Acl. PACL = (PACL) Localalloc (LPTR, DWACLSIZE); if (PACL == NULL) __LEAVE
. // Initialize the new ACL if (InitializeAcl (pACL, dwACLSize, ACL_REVISION2)!) __Leave; dwAccessMask = ACCESS_READ | ACCESS_WRITE; // Add the access-allowed ACE to the DACL if (AddAccessAllowedAce (pACL, ACL_REVISION2, dwAccessMask,.! Psidadmin)) __leave; // setur dacl to the sd. if (! setsecurityDescriptordacl (psdadmin, true, pacl, false) __leave; // accesscheck is sensitive about what is in the sd; set // The group and owner. SetSecurityDescriptorgroup (Psdadmin, Psidadmin, False); SetSecurityDescriptorowner (Psdadmin, Psidadmin, False); if (! IsvalidsecurityDescriptor (psdadmin)) __leave; dwAccessDesired = ACCESS_READ; // // Initialize GenericMapping structure even though we // will not be using generic rights // GenericMapping.GenericRead = ACCESS_READ;. GenericMapping.GenericWrite = ACCESS_WRITE; GenericMapping.GenericExecute = 0; GenericMapping.GenericAll = Access_read | access_write; if (! Accesscheck (Psdadmin, Htoken, DwaccessDesired, & genericMapping, & PS, & PS, & PS, & PS, & PS)
