[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Detect PowerUser or Admin

Posted on 2003-11-07
2
Medium Priority
?
150 Views
Last Modified: 2010-04-05
How can i detect the user type (poweruser or administrator or normal user)
0
Comment
Question by:mece
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Accepted Solution

by:
Ferruccio Accalai earned 360 total points
ID: 9702009
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
const
 SECURITY_NT_AUTHORITY: SID_IDENTIFIER_AUTHORITY =
    (Value: (0,0,0,0,0,5)); // ntifs
 SECURITY_BUILTIN_DOMAIN_RID: DWORD = $00000020;
 DOMAIN_ALIAS_RID_ADMINS: DWORD = $00000220;
 DOMAIN_ALIAS_RID_USERS : DWORD = $00000221;
 DOMAIN_ALIAS_RID_GUESTS: DWORD = $00000222;
 DOMAIN_ALIAS_RID_POWER_: DWORD = $00000223;

implementation

{$R *.dfm}
function IsAlias(Alias: Cardinal): Boolean;
{ -------------------------------------------------------------
  Returns a boolean indicating whether or not user has admin
  privileges. (Call only then running under NT.)
 
  ------------------------------------------------------------- }
var
  hAccessToken       : tHandle;
  ptgGroups          : pTokenGroups;
  dwInfoBufferSize   : DWORD;
  psidAdministrators : PSID;
  int                : integer;            // counter
  blnResult          : boolean;            // return flag



begin
  Result := False;
  blnResult := OpenThreadToken( GetCurrentThread, TOKEN_QUERY,
                                True, hAccessToken );
  if ( not blnResult ) then
  begin
    if GetLastError = ERROR_NO_TOKEN then
    blnResult := OpenProcessToken( GetCurrentProcess,
                               TOKEN_QUERY, hAccessToken );
  end;

  if ( blnResult ) then
  try

    GetMem(ptgGroups, 1024);
    blnResult := GetTokenInformation( hAccessToken, TokenGroups,
                                      ptgGroups, 1024,
                                      dwInfoBufferSize );
    CloseHandle( hAccessToken );

    if ( blnResult ) then
    begin

      AllocateAndInitializeSid( SECURITY_NT_AUTHORITY, 1,
                                Alias,
                                0,
                          0, 0, 0, 0, 0, 0,
                          psidAdministrators );
      {$R-}
      for int := 0 to ptgGroups.GroupCount - 1 do

        if EqualSid( psidAdministrators,
                     ptgGroups.Groups[ int ].Sid ) then
        begin
          Result := True;
          Break;
        end;
      {$R+}

      FreeSid( psidAdministrators );
    end;

  finally
    FreeMem( ptgGroups );
  end;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
if isAlias(DOMAIN_ALIAS_RID_POWER_) then
{use the constant that you want to check--see consts}
      showmessage('Yes')
else
      showmessage('no');
end;

end.
 
0
 
LVL 2

Expert Comment

by:Robn
ID: 9702028
type
  TTriBool = (tbUnknown, tbTrue, tbFalse);

var
  USER_ADMIN: TTriBool = tbUnknown;

function IsUserAdministrator: Boolean;
const
  DOMAIN_ALIAS_RID_ADMINS = $220;
  SECURITY_BUILTIN_DOMAIN_RID = $20;
var
  i: Integer;
  hProcess, hAccessToken: THandle;
  InfoBuffer: array[0..1023] of UCHAR;
  dwInfoBufferSize: DWORD;
  siaNtAuthority: TSIDIdentifierAuthority;
  psidAdministrators: Pointer;
  ptgGroups: PTokenGroups;
begin
  if USER_ADMIN = tbUnknown then begin
    result := False;
    USER_ADMIN := tbFalse;

    FillChar(ptgGroups, sizeof(ptgGroups), 0);
    FillChar(siaNtAuthority, sizeof(siaNtAuthority), 0);
    siaNtAuthority.Value[5] := 5;

    hProcess := GetCurrentProcess;

    if not OpenProcessToken(hProcess,TOKEN_READ,hAccessToken) then Exit;

    if not GetTokenInformation(hAccessToken, TokenGroups, @InfoBuffer, 1024, dwInfoBufferSize) then Exit;

    AllocateAndInitializeSid(siaNtAuthority, 2,
       SECURITY_BUILTIN_DOMAIN_RID,
       DOMAIN_ALIAS_RID_ADMINS,
       0, 0, 0, 0, 0, 0,
       psidAdministrators);

    ptgGroups := PTokenGroups(@InfoBuffer);

    for i := 0 to ptgGroups^.GroupCount - 1 do begin
       if EqualSid(psidAdministrators, ptgGroups^.Groups[i].Sid) then begin
         USER_ADMIN := tbTrue;
         Break;
       end;
    end;

    FreeSid(psidAdministrators);
  end;
  result := USER_ADMIN = tbTrue;
end;

Hope this helps,
Rob
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question