• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 108
  • Last Modified:

vb.net and checking for local admin rights

I have a button click which checks to see if a domain user is a member of the local admin group on a workstation.  It works when i supply a local workstation username, but when i supply a domain account, it tells me everytime theyre not apart of the admin group when theyre:

  Public Shared Function IsMemberOfGroup(userName As String, machineName As String, memberGroup As String) As Boolean
        Dim isMember As Boolean = False
        Using rootContext As New PrincipalContext(ContextType.Machine, machineName), _
              grp As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, memberGroup), _
              usr As UserPrincipal = UserPrincipal.FindByIdentity(rootContext, IdentityType.SamAccountName, userName)
            If grp IsNot Nothing AndAlso usr IsNot Nothing Then
                ' Check if the user is a member of the group.
                isMember = grp.GetMembers(True).Contains(usr)
            Else
                isMember = False
            End If
        End Using
        Return isMember
    End Function

    Private Sub Button15_Click_1(sender As Object, e As EventArgs) Handles Button15.Click
        Dim str As String = tbUser.Text
        str = str.Remove(0, 5)
        Dim localusrname As String = str
        If IsMemberOfGroup(localusrname, TextBox1.Text, "administrators") Then
            tbadmin.Text = "Admin rights granted to " & tbUser.Text & " on Workstation: " & TextBox1.Text & " and Primary User has been updated in the local Registry."
        Else
            tbadmin.Text = "Admin rights have not been updated yet for " & tbUser.Text & " on Workstation: " & TextBox1.Text & "." & " Make sure you run the Fix Admin Rights tool first!" & " If you have, please verify it is successful and the user has access to the correct group, then reboot and re-check."
        End If
    End Sub

Open in new window

0
derek7467
Asked:
derek7467
  • 3
1 Solution
 
chaauCommented:
For the group you need to use GroupPrincipal.FindByIdentity method:
Public Shared Function IsGroupMemberOfGroup(group As String, machineName As String, memberGroup As String) As Boolean
        Dim isMember As Boolean = False
        Using rootContext As New PrincipalContext(ContextType.Machine, machineName), _
              grp As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, memberGroup), _
              grp1 As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, IdentityType.SamAccountName, group)
            If grp IsNot Nothing AndAlso usr IsNot Nothing Then
                ' Check if the user is a member of the group.
                isMember = grp.GetMembers(True).Contains(grp1)
            Else
                isMember = False
            End If
        End Using
        Return isMember
    End Function

Open in new window

0
 
derek7467Author Commented:
Why is there a group and a membergroup?  Where do i define who the user is im searching for?
0
 
derek7467Author Commented:
the info found on the link i provided resolved my issue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now