Solved

Detect PowerUser or Admin

Posted on 2003-11-07
2
143 Views
Last Modified: 2010-04-05
How can i detect the user type (poweruser or administrator or normal user)
0
Comment
Question by:mece
2 Comments
 
LVL 22

Accepted Solution

by:
Ferruccio Accalai earned 90 total points
ID: 9702009
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
const
 SECURITY_NT_AUTHORITY: SID_IDENTIFIER_AUTHORITY =
    (Value: (0,0,0,0,0,5)); // ntifs
 SECURITY_BUILTIN_DOMAIN_RID: DWORD = $00000020;
 DOMAIN_ALIAS_RID_ADMINS: DWORD = $00000220;
 DOMAIN_ALIAS_RID_USERS : DWORD = $00000221;
 DOMAIN_ALIAS_RID_GUESTS: DWORD = $00000222;
 DOMAIN_ALIAS_RID_POWER_: DWORD = $00000223;

implementation

{$R *.dfm}
function IsAlias(Alias: Cardinal): Boolean;
{ -------------------------------------------------------------
  Returns a boolean indicating whether or not user has admin
  privileges. (Call only then running under NT.)
 
  ------------------------------------------------------------- }
var
  hAccessToken       : tHandle;
  ptgGroups          : pTokenGroups;
  dwInfoBufferSize   : DWORD;
  psidAdministrators : PSID;
  int                : integer;            // counter
  blnResult          : boolean;            // return flag



begin
  Result := False;
  blnResult := OpenThreadToken( GetCurrentThread, TOKEN_QUERY,
                                True, hAccessToken );
  if ( not blnResult ) then
  begin
    if GetLastError = ERROR_NO_TOKEN then
    blnResult := OpenProcessToken( GetCurrentProcess,
                               TOKEN_QUERY, hAccessToken );
  end;

  if ( blnResult ) then
  try

    GetMem(ptgGroups, 1024);
    blnResult := GetTokenInformation( hAccessToken, TokenGroups,
                                      ptgGroups, 1024,
                                      dwInfoBufferSize );
    CloseHandle( hAccessToken );

    if ( blnResult ) then
    begin

      AllocateAndInitializeSid( SECURITY_NT_AUTHORITY, 1,
                                Alias,
                                0,
                          0, 0, 0, 0, 0, 0,
                          psidAdministrators );
      {$R-}
      for int := 0 to ptgGroups.GroupCount - 1 do

        if EqualSid( psidAdministrators,
                     ptgGroups.Groups[ int ].Sid ) then
        begin
          Result := True;
          Break;
        end;
      {$R+}

      FreeSid( psidAdministrators );
    end;

  finally
    FreeMem( ptgGroups );
  end;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
if isAlias(DOMAIN_ALIAS_RID_POWER_) then
{use the constant that you want to check--see consts}
      showmessage('Yes')
else
      showmessage('no');
end;

end.
 
0
 
LVL 2

Expert Comment

by:Robn
ID: 9702028
type
  TTriBool = (tbUnknown, tbTrue, tbFalse);

var
  USER_ADMIN: TTriBool = tbUnknown;

function IsUserAdministrator: Boolean;
const
  DOMAIN_ALIAS_RID_ADMINS = $220;
  SECURITY_BUILTIN_DOMAIN_RID = $20;
var
  i: Integer;
  hProcess, hAccessToken: THandle;
  InfoBuffer: array[0..1023] of UCHAR;
  dwInfoBufferSize: DWORD;
  siaNtAuthority: TSIDIdentifierAuthority;
  psidAdministrators: Pointer;
  ptgGroups: PTokenGroups;
begin
  if USER_ADMIN = tbUnknown then begin
    result := False;
    USER_ADMIN := tbFalse;

    FillChar(ptgGroups, sizeof(ptgGroups), 0);
    FillChar(siaNtAuthority, sizeof(siaNtAuthority), 0);
    siaNtAuthority.Value[5] := 5;

    hProcess := GetCurrentProcess;

    if not OpenProcessToken(hProcess,TOKEN_READ,hAccessToken) then Exit;

    if not GetTokenInformation(hAccessToken, TokenGroups, @InfoBuffer, 1024, dwInfoBufferSize) then Exit;

    AllocateAndInitializeSid(siaNtAuthority, 2,
       SECURITY_BUILTIN_DOMAIN_RID,
       DOMAIN_ALIAS_RID_ADMINS,
       0, 0, 0, 0, 0, 0,
       psidAdministrators);

    ptgGroups := PTokenGroups(@InfoBuffer);

    for i := 0 to ptgGroups^.GroupCount - 1 do begin
       if EqualSid(psidAdministrators, ptgGroups^.Groups[i].Sid) then begin
         USER_ADMIN := tbTrue;
         Break;
       end;
    end;

    FreeSid(psidAdministrators);
  end;
  result := USER_ADMIN = tbTrue;
end;

Hope this helps,
Rob
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question