Author: Jonas Bilinkevicius
How to check if a user has administrator rights in NT
Answer:
Solve 1:
1 { ... }
2 const
3 SECURITY_NT_AUTHORITY: TSIDIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 5));
4
5 const
6 SECURITY_BUILTIN_DOMAIN_RID = $00000020;
7 DOMAIN_ALIAS_RID_ADMINS = $00000220;
8
9 function IsAdmin: Boolean;
10 var
11 hAccessToken: THandle;
12 ptgGroups: PTokenGroups;
13 dwInfoBufferSize: DWORD;
14 psidAdministrators: PSID;
15 x: Integer;
16 bSuccess: BOOL;
17 begin
18 Result := False;
19 bSuccess := OpenThreadToken(GetCurrentThread, TOKEN_QUERY, True, hAccessToken);
20 if not bSuccess then
21 begin
22 if GetLastError = ERROR_NO_TOKEN then
23 bSuccess := OpenProcessToken(GetCurrentProcess, TOKEN_QUERY, hAccessToken);
24 end;
25 if bSuccess then
26 begin
27 GetMem(ptgGroups, 1024);
28 bSuccess := GetTokenInformation(hAccessToken, TokenGroups, ptgGroups,
29 1024, dwInfoBufferSize);
30 CloseHandle(hAccessToken);
31 if bSuccess then
32 begin
33 AllocateAndInitializeSid(SECURITY_NT_AUTHORITY, 2,
34 SECURITY_BUILTIN_DOMAIN_RID,
35 DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, psidAdministrators);
36 for x := 0 to ptgGroups.GroupCount - 1 do
37 if EqualSid(psidAdministrators, ptgGroups.Groups[x].Sid) then
38 begin
39 Result := True;
40 Break;
41 end;
42 FreeSid(psidAdministrators);
43 end;
44 FreeMem(ptgGroups);
45 end;
46 end;
Solve 2:
47 function IsAdmin: boolean;
48 {Returns a boolean indicating whether or not user has admin privileges.
49 Call only when running under NT.}
50 var
51 hAccessToken: THandle;
52 ptgGroups: pTokenGroups;
53 dwInfoBufferSize: DWORD;
54 psidAdministrators: PSID;
55 i: integer; {counter}
56 blnResult: boolean; {return flag}
57 const
58 SECURITY_NT_AUTHORITY: SID_IDENTIFIER_AUTHORITY = (Value: (0, 0, 0, 0, 0, 5));
59 {ntifs}
60 SECURITY_BUILTIN_DOMAIN_RID: DWORD = $00000020;
61 DOMAIN_ALIAS_RID_ADMINS: DWORD = $00000220;
62 DOMAIN_ALIAS_RID_USERS: DWORD = $00000221;
63 DOMAIN_ALIAS_RID_GUESTS: DWORD = $00000222;
64 DOMAIN_ALIAS_RID_POWER: DWORD = $000002203;
65 begin
66 if Win32Platform <> VER_PLATFORM_WIN32_NT then
67 begin
68 Result := True;
69 Exit;
70 end;
71 Result := False;
72 ptgGroups := nil;
73 blnResult := OpenThreadToken(GetCurrentThread, TOKEN_QUERY, True, hAccessToken);
74 if not blnResult then
75 begin
76 if GetLastError = ERROR_NO_TOKEN then
77 blnResult := OpenProcessToken(GetCurrentProcess, TOKEN_QUERY, hAccessToken);
78 end;
79 if blnResult then
80 try
81 GetMem(ptgGroups, 1024);
82 blnResult := GetTokenInformation(hAccessToken, TokenGroups, ptgGroups,
83 1024, dwInfoBufferSize);
84 CloseHandle(hAccessToken);
85 if blnResult then
86 begin
87 AllocateAndInitializeSid(SECURITY_NT_AUTHORITY, 2,
88 SECURITY_BUILTIN_DOMAIN_RID,
89 DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, psidAdministrators);
90 {$R-}
91 for i := 0 to ptgGroups.GroupCount - 1 do
92 if EqualSid(psidAdministrators, ptgGroups.Groups[i].Sid) then
93 begin
94 Result := True;
95 Break;
96 end;
97 {$IFDEF RPLUS}{$R+}{$ENDIF}
98 FreeSid(psidAdministrators);
99 end;
100 finally;
101 if ptgGroups <> nil then
102 FreeMem(ptgGroups);
103 end;
104 end;
|
