Solved

vb.net and checking for local admin rights

Posted on 2014-12-10
4
56 Views
Last Modified: 2014-12-17
I have a button click which checks to see if a domain user is a member of the local admin group on a workstation.  It works when i supply a local workstation username, but when i supply a domain account, it tells me everytime theyre not apart of the admin group when theyre:

  Public Shared Function IsMemberOfGroup(userName As String, machineName As String, memberGroup As String) As Boolean
        Dim isMember As Boolean = False
        Using rootContext As New PrincipalContext(ContextType.Machine, machineName), _
              grp As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, memberGroup), _
              usr As UserPrincipal = UserPrincipal.FindByIdentity(rootContext, IdentityType.SamAccountName, userName)
            If grp IsNot Nothing AndAlso usr IsNot Nothing Then
                ' Check if the user is a member of the group.
                isMember = grp.GetMembers(True).Contains(usr)
            Else
                isMember = False
            End If
        End Using
        Return isMember
    End Function

    Private Sub Button15_Click_1(sender As Object, e As EventArgs) Handles Button15.Click
        Dim str As String = tbUser.Text
        str = str.Remove(0, 5)
        Dim localusrname As String = str
        If IsMemberOfGroup(localusrname, TextBox1.Text, "administrators") Then
            tbadmin.Text = "Admin rights granted to " & tbUser.Text & " on Workstation: " & TextBox1.Text & " and Primary User has been updated in the local Registry."
        Else
            tbadmin.Text = "Admin rights have not been updated yet for " & tbUser.Text & " on Workstation: " & TextBox1.Text & "." & " Make sure you run the Fix Admin Rights tool first!" & " If you have, please verify it is successful and the user has access to the correct group, then reboot and re-check."
        End If
    End Sub

Open in new window

0
Comment
Question by:derek7467
  • 3
4 Comments
 
LVL 24

Expert Comment

by:chaau
ID: 40492667
For the group you need to use GroupPrincipal.FindByIdentity method:
Public Shared Function IsGroupMemberOfGroup(group As String, machineName As String, memberGroup As String) As Boolean
        Dim isMember As Boolean = False
        Using rootContext As New PrincipalContext(ContextType.Machine, machineName), _
              grp As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, memberGroup), _
              grp1 As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, IdentityType.SamAccountName, group)
            If grp IsNot Nothing AndAlso usr IsNot Nothing Then
                ' Check if the user is a member of the group.
                isMember = grp.GetMembers(True).Contains(grp1)
            Else
                isMember = False
            End If
        End Using
        Return isMember
    End Function

Open in new window

0
 

Author Comment

by:derek7467
ID: 40496027
Why is there a group and a membergroup?  Where do i define who the user is im searching for?
0
 

Accepted Solution

by:
derek7467 earned 0 total points
ID: 40496335
0
 

Author Closing Comment

by:derek7467
ID: 40504366
the info found on the link i provided resolved my issue
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an analog clock UserControl seems fairly straight forward.  It is, after all, essentially just a circle with several lines in it!  Two common approaches for rendering an analog clock typically involve either manually calculating points with…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question