Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 99
  • Last Modified:

vb.net and checking for local admin rights

I have a button click which checks to see if a domain user is a member of the local admin group on a workstation.  It works when i supply a local workstation username, but when i supply a domain account, it tells me everytime theyre not apart of the admin group when theyre:

  Public Shared Function IsMemberOfGroup(userName As String, machineName As String, memberGroup As String) As Boolean
        Dim isMember As Boolean = False
        Using rootContext As New PrincipalContext(ContextType.Machine, machineName), _
              grp As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, memberGroup), _
              usr As UserPrincipal = UserPrincipal.FindByIdentity(rootContext, IdentityType.SamAccountName, userName)
            If grp IsNot Nothing AndAlso usr IsNot Nothing Then
                ' Check if the user is a member of the group.
                isMember = grp.GetMembers(True).Contains(usr)
            Else
                isMember = False
            End If
        End Using
        Return isMember
    End Function

    Private Sub Button15_Click_1(sender As Object, e As EventArgs) Handles Button15.Click
        Dim str As String = tbUser.Text
        str = str.Remove(0, 5)
        Dim localusrname As String = str
        If IsMemberOfGroup(localusrname, TextBox1.Text, "administrators") Then
            tbadmin.Text = "Admin rights granted to " & tbUser.Text & " on Workstation: " & TextBox1.Text & " and Primary User has been updated in the local Registry."
        Else
            tbadmin.Text = "Admin rights have not been updated yet for " & tbUser.Text & " on Workstation: " & TextBox1.Text & "." & " Make sure you run the Fix Admin Rights tool first!" & " If you have, please verify it is successful and the user has access to the correct group, then reboot and re-check."
        End If
    End Sub

Open in new window

0
derek7467
Asked:
derek7467
  • 3
1 Solution
 
chaauCommented:
For the group you need to use GroupPrincipal.FindByIdentity method:
Public Shared Function IsGroupMemberOfGroup(group As String, machineName As String, memberGroup As String) As Boolean
        Dim isMember As Boolean = False
        Using rootContext As New PrincipalContext(ContextType.Machine, machineName), _
              grp As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, memberGroup), _
              grp1 As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, IdentityType.SamAccountName, group)
            If grp IsNot Nothing AndAlso usr IsNot Nothing Then
                ' Check if the user is a member of the group.
                isMember = grp.GetMembers(True).Contains(grp1)
            Else
                isMember = False
            End If
        End Using
        Return isMember
    End Function

Open in new window

0
 
derek7467Author Commented:
Why is there a group and a membergroup?  Where do i define who the user is im searching for?
0
 
derek7467Author Commented:
the info found on the link i provided resolved my issue
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now