?
Solved

Detect PowerUser or Admin

Posted on 2003-11-07
2
Medium Priority
?
152 Views
Last Modified: 2010-04-05
How can i detect the user type (poweruser or administrator or normal user)
0
Comment
Question by:mece
2 Comments
 
LVL 23

Accepted Solution

by:
Ferruccio Accalai earned 360 total points
ID: 9702009
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
const
 SECURITY_NT_AUTHORITY: SID_IDENTIFIER_AUTHORITY =
    (Value: (0,0,0,0,0,5)); // ntifs
 SECURITY_BUILTIN_DOMAIN_RID: DWORD = $00000020;
 DOMAIN_ALIAS_RID_ADMINS: DWORD = $00000220;
 DOMAIN_ALIAS_RID_USERS : DWORD = $00000221;
 DOMAIN_ALIAS_RID_GUESTS: DWORD = $00000222;
 DOMAIN_ALIAS_RID_POWER_: DWORD = $00000223;

implementation

{$R *.dfm}
function IsAlias(Alias: Cardinal): Boolean;
{ -------------------------------------------------------------
  Returns a boolean indicating whether or not user has admin
  privileges. (Call only then running under NT.)
 
  ------------------------------------------------------------- }
var
  hAccessToken       : tHandle;
  ptgGroups          : pTokenGroups;
  dwInfoBufferSize   : DWORD;
  psidAdministrators : PSID;
  int                : integer;            // counter
  blnResult          : boolean;            // return flag



begin
  Result := False;
  blnResult := OpenThreadToken( GetCurrentThread, TOKEN_QUERY,
                                True, hAccessToken );
  if ( not blnResult ) then
  begin
    if GetLastError = ERROR_NO_TOKEN then
    blnResult := OpenProcessToken( GetCurrentProcess,
                               TOKEN_QUERY, hAccessToken );
  end;

  if ( blnResult ) then
  try

    GetMem(ptgGroups, 1024);
    blnResult := GetTokenInformation( hAccessToken, TokenGroups,
                                      ptgGroups, 1024,
                                      dwInfoBufferSize );
    CloseHandle( hAccessToken );

    if ( blnResult ) then
    begin

      AllocateAndInitializeSid( SECURITY_NT_AUTHORITY, 1,
                                Alias,
                                0,
                          0, 0, 0, 0, 0, 0,
                          psidAdministrators );
      {$R-}
      for int := 0 to ptgGroups.GroupCount - 1 do

        if EqualSid( psidAdministrators,
                     ptgGroups.Groups[ int ].Sid ) then
        begin
          Result := True;
          Break;
        end;
      {$R+}

      FreeSid( psidAdministrators );
    end;

  finally
    FreeMem( ptgGroups );
  end;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
if isAlias(DOMAIN_ALIAS_RID_POWER_) then
{use the constant that you want to check--see consts}
      showmessage('Yes')
else
      showmessage('no');
end;

end.
 
0
 
LVL 2

Expert Comment

by:Robn
ID: 9702028
type
  TTriBool = (tbUnknown, tbTrue, tbFalse);

var
  USER_ADMIN: TTriBool = tbUnknown;

function IsUserAdministrator: Boolean;
const
  DOMAIN_ALIAS_RID_ADMINS = $220;
  SECURITY_BUILTIN_DOMAIN_RID = $20;
var
  i: Integer;
  hProcess, hAccessToken: THandle;
  InfoBuffer: array[0..1023] of UCHAR;
  dwInfoBufferSize: DWORD;
  siaNtAuthority: TSIDIdentifierAuthority;
  psidAdministrators: Pointer;
  ptgGroups: PTokenGroups;
begin
  if USER_ADMIN = tbUnknown then begin
    result := False;
    USER_ADMIN := tbFalse;

    FillChar(ptgGroups, sizeof(ptgGroups), 0);
    FillChar(siaNtAuthority, sizeof(siaNtAuthority), 0);
    siaNtAuthority.Value[5] := 5;

    hProcess := GetCurrentProcess;

    if not OpenProcessToken(hProcess,TOKEN_READ,hAccessToken) then Exit;

    if not GetTokenInformation(hAccessToken, TokenGroups, @InfoBuffer, 1024, dwInfoBufferSize) then Exit;

    AllocateAndInitializeSid(siaNtAuthority, 2,
       SECURITY_BUILTIN_DOMAIN_RID,
       DOMAIN_ALIAS_RID_ADMINS,
       0, 0, 0, 0, 0, 0,
       psidAdministrators);

    ptgGroups := PTokenGroups(@InfoBuffer);

    for i := 0 to ptgGroups^.GroupCount - 1 do begin
       if EqualSid(psidAdministrators, ptgGroups^.Groups[i].Sid) then begin
         USER_ADMIN := tbTrue;
         Break;
       end;
    end;

    FreeSid(psidAdministrators);
  end;
  result := USER_ADMIN = tbTrue;
end;

Hope this helps,
Rob
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
Stellar Phoenix SQL Database Repair software easily fixes the suspect mode issue of SQL Server database. It is a simple process to bring the database from suspect mode to normal mode. Check out the video and fix the SQL database suspect mode problem.
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
Suggested Courses

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question