The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

Detect if application is running with admin privileges

I have an "old" classic VB EXE.

Application runs fine under a least priviliged account, and DOES NOT REQUIRE admin privileges.

Sometimes users select to open the app "as admin", but I want to prevent that.

How can I detect if an application us running with admin privileges? Is there an API or something?

Thank you, I would appreciate your help.

Jos
Jos Send private email
Wednesday, October 15, 2008
 
 
As far as Win32 API calls go, you can have a look at some of the LSA (Local Security Authority) calls.

LsaEnumerateAccountRights() or LsaEnumerateAccountsWithUserRight()

would be the two I'd look into.
AverageMidget Send private email
Wednesday, October 15, 2008
 
 
Codger
Thursday, October 16, 2008
 
 
""Sometimes users select to open the app "as admin", but I want to prevent that""

Unless you are a virus/malware writer I do not see a legitimate reason to stop the user to run your app as an admin especially if that's intentional.
john
Thursday, October 16, 2008
 
 
"""Unless you are a virus/malware writer I do not see a legitimate reason to stop the user to run your app as an admin especially if that's intentional."""

If you're a malware writer, wouldn't you *want* your application to be run as admin? It would sure make it easier to wreak lots of havoc on the system. You might, OTOH, want to keep *other* programs from running as admin.
(User deleted) Send private email
Thursday, October 16, 2008
 
 
There are many legitimate reasons for running an application "as admin", so I'm not sure why you want to prevent it.  What if they are trying to open or save a file to a location where their normal account doesn't have access?

What if their account is a local administrator...are you going to prevent them from even using your application?
bILLg
Thursday, October 16, 2008
 
 
+1 bILLg

Preventing admins from running your program is a very odd requirement.
DJ Send private email
Thursday, October 16, 2008
 
 
I do not want to prevent from running as an admin, I just want to know wether its running as admin or non-admin.
Jos Send private email
Thursday, October 16, 2008
 
 
P.S. I just want to know, so I make some changes so users don't fight for objects ownership and other stuff.

I get the current process id with GetCurrentProcess, then use GetTokenInformation and see if its running as admin.

Thanks a lot for your replies!!!!



P.S.2. I'm not a virus/malware writer.
Jos Send private email
Thursday, October 16, 2008
 
 
P.S. 3:
I'll use IsUserAnAdmin.

Thanks codger
Jos Send private email
Thursday, October 16, 2008
 
 
If you want it to work right on Vista where users can be admins, but not have admin rights take a look at http://blogs.msdn.com/junfeng/archive/2007/01/26/how-to-tell-if-the-current-user-is-in-administrators-group-programmatically.aspx
Adam
Friday, October 17, 2008
 
 
IsUserAnAdmin() respects UAC elevation in the manner you'd expect an application to care about it.  If the process is elevated it returns True, otherwise False.

This could be used to determine whether to include admin options in menus, etc. or to create an elevated child process when some "over the shoulder" elevated action is required, etc.  Sort of a "mode switch."

"Is the user in the Admin group" seems almost pointless.  If they are, they can elevate.  If not, they'll need admin credentials.  Case closed.


I suppose IsUserAnAdmin() could be used in a malware setting, some trojan code biding its time until someone ran the program elevated.  That's not its purpose though, and it might be seen as one more reason to avoid elevating unnecessarily.
Codger
Saturday, October 18, 2008
 
 
Codger

IsUserAnAdmin() is what i was looking for.
Easier and better.

thanks !
Jos Send private email
Wednesday, October 22, 2008
 
 
> I just want to know, so I make some changes so users don't fight for objects ownership and other stuff.

Then investigate things like "mutexes". That way you can actually achieve your stated objective without relying on accidental byproducts of the current OS implementation.

If they can "fight for objects ownership" then the objects are global, and there's plenty of things where non-admins can easily share access and claim exclusive access for, so IsUserAdmin() seems unlikely to actually be relevant.

Wednesday, October 29, 2008
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz