How can I determine if a user can runas admin?
https://stackoverflow.com/questions/10323887
-
03-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
When a user needs to enter their license key, we want to put it in HKLM if we can, and in HKCU if we cannot. If it is in HKLM then all users on the computer have the license without each having to enter it.
We are an AddOn to Office so we run with Office rights. Generally this is not admin rights (unless they have UAC turned off). So WindowsPrincipal.IsInRole(Administrator) will return false regardless of what the user could do.
If the user has local admin rights, we want to launch an applet that has runas=admin and they can then set it in HKLM. However, if they do not have local admin rights, then we put it in HKCU.
So... How can I determine if a user can do runas=admin? We're on .net 3.5.
thanks - dave
Solução
The process I generally use in some client software we wrote looks like this:
- Attempt to start elevated process to set registry keys.
- Wait until the process has completed or thrown an exception.
- Validate registry keys were set by attempting to read expected keys (non-admin can do this)
- If keys were not set, run fallback method (e.g., write to HKCU)
I have a helper function for running elevated code that looks like this (VB.Net). Since I just use the same application with command-line flags to run the elevated process, you can see I'm using the current assembly for the process name. You can replace with your particular process.
Private Function RunElevated(commandLine As String, Optional ByVal timeout As Integer = 0) As Boolean
Dim startInfo As New ProcessStartInfo
startInfo.UseShellExecute = True
startInfo.WorkingDirectory = Environment.CurrentDirectory
Dim uri As New Uri(Assembly.GetEntryAssembly.GetName.CodeBase)
startInfo.FileName = uri.LocalPath
startInfo.Verb = "runas"
startInfo.Arguments = commandLine
Dim success As Boolean
Try
Dim p As Process = Process.Start(startInfo)
' wait thirty seconds for completion
If timeout > 0 Then
If Not p.WaitForExit(30000) Then
' did not complete in thirty seconds, so kill
p.Kill()
success = False
Else
success = True
End If
Else
p.WaitForExit()
success = True
End If
Catch ex As Win32Exception
success = False
Catch ex As Exception
MsgBox("Error occurred while trying to start application as administrator: " & ex.Message)
success = False
End Try
Return success
End Function
In the code above I handle exceptions as a failure code, and also I limit the execution to 30 seconds for our environment. You may not want to have a time-limit in your case, so you can just remove that part of the code.
In the admin mode process, I double-check I'm actually an administrator first using this helper function:
Public Function IsAdmin() As Boolean
Dim id As WindowsIdentity = WindowsIdentity.GetCurrent
Dim p As New WindowsPrincipal(id)
Return p.IsInRole(WindowsBuiltInRole.Administrator)
End Function
Once I know I'm an admin, then I go ahead and set the registry keys and return. The caller program then validates the keys were set successfully to determine whether the fallback procedure needs to be run. This is when RunElevated returns back to the caller, because at that time the sub-process has completed and was either successful or failed to set the keys. That code looks something like this:
Public Function UpdateSettings(...) As Boolean
Dim success As Boolean
Try
If Not IsAdmin() Then
' try to create the registry keys as administrator
success = RunElevated(Command() & " /admin", 30000)
Else
' if we're already admin, then just update directly
success = UpdateSettingsAdmin(...)
End If
success = success And ValidateUpdateSettings(...)
Catch ex As Exception
success = False
End Try
Return success
End Function
