Link to home
Start Free TrialLog in
Avatar of Accidental Hyper-V Administrator
Accidental Hyper-V AdministratorFlag for United States of America

asked on

How might I determine if the currently logged on user had Admin privilidges ?

For this question, I have a pc in a workgroup.
Three user id's have been defined.
Administrator
Adminmember
Standarduser
This is a virgin Windows 7 X64 machine.
No policies modified.  Ever.
All possible updates applied.

What I am try to do is:      Determine if the currently logged account has Admin right or privileges.

I have seen several examples on the web of thing that might work.
I IE:  Running "OPENFILES" and monitor the result.
Running "Net Session" and monitoring the result code.
Or even trying to read HKEY_USERS\S-1-5-19\Environment\TEMP registry value. (Just attempt to read it.)

All three result in fallers (a good thing) if the account in use at the time (Standarduser) is a standard user

And all three result is the positive, if the account in use at the time ((Administrator) is THE local Administrator account.

But all three fail, if the account in use at the time (Adminmember), is a member of the local Administrators group.
This really confuses me.

My goal is to identify if the currently logged on user account has Administrative rights or privileges or not.

Thanks for any ideas.
SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Maidine Fouad
Maidine Fouad
Flag of Morocco image
Hello

Using some c# code you can do that, try this  :

static bool isAdmin(string user, string computer_name)
{
    using (PrincipalContext computer = new PrincipalContext(ContextType.Machine, computer_name))
    {
        using (PrincipalContext domain = new PrincipalContext(ContextType.Domain))
        {
            UserPrincipal u= UserPrincipal.FindByIdentity(domain, IdentityType.SamAccountName, user);
            GroupPrincipal p = GroupPrincipal.FindByIdentity(computer, "XXX");//XXX is in our case Administrators

            foreach (UserPrincipal usr in p.GetMembers(true))
            {
                if (u!= null)
                {
                    if (up.SamAccountName.ToUpper() == usr.SamAccountName.ToUpper())
                    {
                        return true;
                    }
                }
            }
        }
    }
    return false;
}

Open in new window

Avatar of Accidental Hyper-V Administrator
Accidental Hyper-V Administrator
Flag of United States of America image

ASKER

Thanks.
I do appreciate your efforts.

Unfortunately (for me), I don’t know anything about C#.
I have an existing VBScript that I was hoping to add lines of code to, in order to check for Admin rights.
And then execute various functions based on the currently logged on rights level.

I'm not smart enough to figure out how to add the C# code into my script
SOLUTION
Avatar of Maidine Fouad
Maidine Fouad
Flag of Morocco image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Accidental Hyper-V Administrator
Accidental Hyper-V Administrator
Flag of United States of America image

ASKER

Thanks to all.  
You’re the greatest !