Administrator Privileges with VISTA

Started by gian young, January 31, 2009, 10:47:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

gian young

January 31, 2009, 10:47:10 PM
Hi,

It has been brought to my attention that the new level of security adopted by Windows Vista requires the user to have Administrator Privileges before being allowed to access sensitive parts of the operating system.

By default Vista has you running as a user on your operating system, not an administrator.

Running REGSVR32.EXE to register OCX's and Active X's, accessing the System 32 directory, Windows directory, System registry etc, all require the user to have Administrator Privileges.

If this is correct can anyone assist by advising a simple programatic method of checking if the current users has these privileges. Checking whether the current OS is Vista is not difficult but how to check the users access rights escapes me.

My current utilities do access the registry and while I have yet to encounter any difficulties (non reported) with Vista users, I would like to be able to check for the users access rights before attempting to access these sensitive parts of the operating system and causing Windows to send alarming messages and confusing my users.

A simple function to test for Administrator Privileges status would be greatly appreciated.  :-\


Regards

Gian Young

gian young

#1
February 01, 2009, 10:06:05 AM
Hi,

Having now read a bit more about the subject matter from searches on other forums I have begun to see what a can of worms this whole privileges business and VISTA is. I now realize that my original thoughts were a bit simplistic.

I am beginning to wonder if this is all worthwhile, maybe I should start looking elsewhere like Linux rather than have to keep up with MS moving the goal posts all the time.

Regards

Gian Young

David Kenny

#2
February 02, 2009, 11:29:25 AM
This is not my code and I don't remember where I got it now.  I would not have stripped out the credits if there where any though.

Code Select
#COMPILE EXE
#DIM ALL
#REGISTER NONE
#INCLUDE "Win32Api.Inc"

%TOKEN_QUERY = 8
Function IsAdmin As Long
LOCAL os AS OSVERSIONINFO
os.dwOSVersionInfoSize = SIZEOF(os)
GetVersionEx BYVAL VARPTR(os)
IF ISFALSE(os.dwPlatformId = %VER_PLATFORM_WIN32_NT) THEN FUNCTION = 2: EXIT FUNCTION
LOCAL hAccessToken AS LONG, i AS LONG
LOCAL Info AS STRING
LOCAL szInfo AS LONG
LOCAL pTokenGroups AS TOKEN_GROUPS PTR
LOCAL siaNtAuthority AS SID_IDENTIFIER_AUTHORITY
LOCAL psidAdministrators AS LONG ' SID Ptr
IF ISFALSE(OpenProcessToken(GetCurrentProcess, %TOKEN_QUERY, hAccessToken)) THEN _
FUNCTION = -1: EXIT FUNCTION
GetTokenInformation hAccessToken, BYVAL %TOKENGROUPS, BYVAL 0&, BYVAL 0&, szInfo
Info = SPACE$(szInfo): i = GetTokenInformation(hAccessToken, BYVAL %TOKENGROUPS, BYVAL STRPTR(Info), LEN(Info), szInfo)
CloseHandle hAccessToken
IF ISFALSE(i) THEN FUNCTION = -1: EXIT FUNCTION
siaNtAuthority.Value(5) = 5 ' = SECURITY_NT_AUTHORITY
IF ISFALSE(AllocateAndInitializeSid(siaNtAuthority, 2, %SECURITY_BUILTIN_DOMAIN_RID, _
%DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, psidAdministrators)) THEN FUNCTION = -1: EXIT FUNCTION
pTokenGroups = STRPTR(Info)
FOR i = 0 TO @pTokenGroups.GroupCount - 1
IF EqualSid (BYVAL psidAdministrators, BYVAL @pTokenGroups.Groups(i).pSid) THEN FUNCTION = 1: EXIT FOR
NEXT
FreeSid BYVAL psidAdministrators
END FUNCTION
FUNCTION PBMAIN
SELECT CASE IsAdmin
CASE 2: MSGBOX "Under 9x"
CASE 1: MSGBOX "Yes"
CASE 0: MSGBOX "No"
CASE -1: MSGBOX "Unexpected error"
END SELECT
END FUNCTION

David

gian young

#3
February 03, 2009, 03:09:40 AM
Hi David,

Thank you for your help and your input here, I have successfully compiled and tested the code you supplied.

I have re-edited it for use within the FireFly SDK and re-posted the code here for others to play with if interested.

I wish I could give credit to the original author, if known I would.

Code Select
%TOKEN_QUERY = 8

'------------------------------------------------------------------------------------------------------------------------
' Usage
' Select Case GetIsAdmin
' Case 2: MsgBox "Under 9x"
' Case 1: MsgBox "Yes"
' Case 0: MsgBox "No"
' Case -1: MsgBox "Unexpected error"
' End Select
'------------------------------------------------------------------------------------------------------------------------
Function GetIsAdmin() As Long
Local os As OSVERSIONINFO
Local di, szInfo, hAccessToken, psidAdministrators As Long
Local Info As String
Local pTokenGroups As TOKEN_GROUPS Ptr
Local siaNtAuthority As SID_IDENTIFIER_AUTHORITY

os.dwOSVersionInfoSize = SizeOf(os)
GetVersionEx ByVal VarPtr(os)
If IsFalse(os.dwPlatformId = %VER_PLATFORM_WIN32_NT) Then Function = 2: Exit Function
If IsFalse(OpenProcessToken(GetCurrentProcess, %TOKEN_QUERY, hAccessToken)) Then Function = -1: Exit Function
GetTokenInformation hAccessToken, ByVal %TOKENGROUPS, ByVal 0&, ByVal 0&, szInfo
Info = Space$(szInfo): di = GetTokenInformation(hAccessToken, ByVal %TOKENGROUPS, ByVal StrPtr(Info), Len(Info), szInfo)
CloseHandle hAccessToken
If IsFalse(di) Then Function = -1: Exit Function
siaNtAuthority.Value(5) = 5 ' = SECURITY_NT_AUTHORITY
If IsFalse(AllocateAndInitializeSid(siaNtAuthority, 2, %SECURITY_BUILTIN_DOMAIN_RID, _
%DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, psidAdministrators)) Then Function = -1: Exit Function
pTokenGroups = STRPTR(Info)
For di = 0 To @pTokenGroups.GroupCount - 1
If EqualSid (ByVal psidAdministrators, ByVal @pTokenGroups.Groups(di).pSid) Then Function = 1: Exit For
Next
FreeSid ByVal psidAdministrators
End Function

If anyone can add improvements to this code and let us know please be my guest.


Kind Regards

Gian Young

David Kenny

#4
February 04, 2009, 12:33:36 PM
Code courtesy of Semen Matusovski.  POFFS is useful for so many things. :)

David
Print
Go Up Pages1
User actions