Detect if running with administrator privileges under Windows XP
https://stackoverflow.com/questions/560366
-
05-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to work out how to detect whether a user is running with admin rights under Windows XP. This is fairly easy to do in Vista/Win7 thanks to the whoami command. Here's a snippet in Ruby for how to do it under Vista:
Note, the following link now incorporates the solution suggested by muteW
The trouble is, whoami doesn't come with Windows XP and so the above linked method will always return false on WinXP, even if we're running as an administrator.
So, does anyone know of a way to detect whether we're running as an admin under Windows XP using Ruby, command-line tools, batch-files, or even third-party (needs to be open source, really) tools?
Solution
This will detect if the user is running in elevated mode (eg a command prompt that was "Run As" Administrator). It relies on the fact that you require admin privileges to read the LOCAL SERVICE account reg key:
reg query "HKU\S-1-5-19"
this will return a non-zero error code if it cannot be read, and zero if it can.
Works from XP up...
OTHER TIPS
If you run
>net localgroup administrators
in a command shell you should get the list of administrator accounts in Windows XP. Simply parse and scan the output to check for the particular user account you want. For e.g. to check if the current user is an administrator you could do -
>net localgroup administrators | find "%USERNAME%"
Piskvor option its fine, or check this url http://weseetips.com/2008/04/16/how-to-check-whether-current-user-have-administrator-privilege/
this is the code in that page
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
PSID AdministratorsGroup;
// Initialize SID.
if( !AllocateAndInitializeSid( &NtAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&AdministratorsGroup))
{
// Initializing SID Failed.
return false;
}
// Check whether the token is present in admin group.
BOOL IsInAdminGroup = FALSE;
if( !CheckTokenMembership( NULL,
AdministratorsGroup,
&IsInAdminGroup ))
{
// Error occurred.
IsInAdminGroup = FALSE;
}
// Free SID and return.
FreeSid(AdministratorsGroup);
return IsInAdminGroup;
Check out the CheckTokenMembership method. There is a sample there of IsUserAdmin() implementation plus some other useful community feedback on when that function does not return what is expected and what to do to improve it.
This will find out without shelling out:
require 'win32/registry'
is_admin = false
begin
Win32::Registry::HKEY_USERS.open('S-1-5-19') {|reg| }
is_admin = true
rescue
end
The strategy is similar to Peter's, but with less overhead.
Here is the better (PowerShell) way of doing it: https://stackoverflow.com/a/16617861/863980
In one line, you can say (copy/paste in posh and it will work):
(@(([ADSI]"WinNT://./Administrators,group").psbase.Invoke("Members")) | `
foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}) -contains "Administrator"
=> returns True when user belongs to Administrators group (as opposed to checking user IS Administrator)
(Note: backtick or grave accent ` escapes the carriage return in PowerShell, in Ruby it executes the shell commands, like C++'s system('command')..)
So in Ruby, you can say (copy/paste in irb):
def is_current_user_local_admin?
return `powershell "(@(([ADSI]'WinNT://./Administrators,group').psbase.Invoke('Members')) | foreach {$_.GetType().InvokeMember('Name', 'GetProperty', $null, $_, $null)}) -contains 'Administrator'"`.include? "True"
end
Don't know the (even better) WMI way of doing it though. With that, you could have done something like (in Ruby again):
require 'win32ole'
wmi = WIN32OLE.connect('WinNT://./Administrators,group')
# don't know what should come here...
