Solved

Detect PowerUser or Admin

Posted on 2003-11-07
2
142 Views
Last Modified: 2010-04-05
How can i detect the user type (poweruser or administrator or normal user)
0
Comment
Question by:mece
2 Comments
 
LVL 22

Accepted Solution

by:
Ferruccio Accalai earned 90 total points
Comment Utility
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
const
 SECURITY_NT_AUTHORITY: SID_IDENTIFIER_AUTHORITY =
    (Value: (0,0,0,0,0,5)); // ntifs
 SECURITY_BUILTIN_DOMAIN_RID: DWORD = $00000020;
 DOMAIN_ALIAS_RID_ADMINS: DWORD = $00000220;
 DOMAIN_ALIAS_RID_USERS : DWORD = $00000221;
 DOMAIN_ALIAS_RID_GUESTS: DWORD = $00000222;
 DOMAIN_ALIAS_RID_POWER_: DWORD = $00000223;

implementation

{$R *.dfm}
function IsAlias(Alias: Cardinal): Boolean;
{ -------------------------------------------------------------
  Returns a boolean indicating whether or not user has admin
  privileges. (Call only then running under NT.)
 
  ------------------------------------------------------------- }
var
  hAccessToken       : tHandle;
  ptgGroups          : pTokenGroups;
  dwInfoBufferSize   : DWORD;
  psidAdministrators : PSID;
  int                : integer;            // counter
  blnResult          : boolean;            // return flag



begin
  Result := False;
  blnResult := OpenThreadToken( GetCurrentThread, TOKEN_QUERY,
                                True, hAccessToken );
  if ( not blnResult ) then
  begin
    if GetLastError = ERROR_NO_TOKEN then
    blnResult := OpenProcessToken( GetCurrentProcess,
                               TOKEN_QUERY, hAccessToken );
  end;

  if ( blnResult ) then
  try

    GetMem(ptgGroups, 1024);
    blnResult := GetTokenInformation( hAccessToken, TokenGroups,
                                      ptgGroups, 1024,
                                      dwInfoBufferSize );
    CloseHandle( hAccessToken );

    if ( blnResult ) then
    begin

      AllocateAndInitializeSid( SECURITY_NT_AUTHORITY, 1,
                                Alias,
                                0,
                          0, 0, 0, 0, 0, 0,
                          psidAdministrators );
      {$R-}
      for int := 0 to ptgGroups.GroupCount - 1 do

        if EqualSid( psidAdministrators,
                     ptgGroups.Groups[ int ].Sid ) then
        begin
          Result := True;
          Break;
        end;
      {$R+}

      FreeSid( psidAdministrators );
    end;

  finally
    FreeMem( ptgGroups );
  end;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
if isAlias(DOMAIN_ALIAS_RID_POWER_) then
{use the constant that you want to check--see consts}
      showmessage('Yes')
else
      showmessage('no');
end;

end.
 
0
 
LVL 2

Expert Comment

by:Robn
Comment Utility
type
  TTriBool = (tbUnknown, tbTrue, tbFalse);

var
  USER_ADMIN: TTriBool = tbUnknown;

function IsUserAdministrator: Boolean;
const
  DOMAIN_ALIAS_RID_ADMINS = $220;
  SECURITY_BUILTIN_DOMAIN_RID = $20;
var
  i: Integer;
  hProcess, hAccessToken: THandle;
  InfoBuffer: array[0..1023] of UCHAR;
  dwInfoBufferSize: DWORD;
  siaNtAuthority: TSIDIdentifierAuthority;
  psidAdministrators: Pointer;
  ptgGroups: PTokenGroups;
begin
  if USER_ADMIN = tbUnknown then begin
    result := False;
    USER_ADMIN := tbFalse;

    FillChar(ptgGroups, sizeof(ptgGroups), 0);
    FillChar(siaNtAuthority, sizeof(siaNtAuthority), 0);
    siaNtAuthority.Value[5] := 5;

    hProcess := GetCurrentProcess;

    if not OpenProcessToken(hProcess,TOKEN_READ,hAccessToken) then Exit;

    if not GetTokenInformation(hAccessToken, TokenGroups, @InfoBuffer, 1024, dwInfoBufferSize) then Exit;

    AllocateAndInitializeSid(siaNtAuthority, 2,
       SECURITY_BUILTIN_DOMAIN_RID,
       DOMAIN_ALIAS_RID_ADMINS,
       0, 0, 0, 0, 0, 0,
       psidAdministrators);

    ptgGroups := PTokenGroups(@InfoBuffer);

    for i := 0 to ptgGroups^.GroupCount - 1 do begin
       if EqualSid(psidAdministrators, ptgGroups^.Groups[i].Sid) then begin
         USER_ADMIN := tbTrue;
         Break;
       end;
    end;

    FreeSid(psidAdministrators);
  end;
  result := USER_ADMIN = tbTrue;
end;

Hope this helps,
Rob
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

The uses clause is one of those things that just tends to grow and grow. Most of the time this is in the main form, as it's from this form that all others are called. If you have a big application (including many forms), the uses clause in the in…
Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now