Detecting Admin Privileges Via Code

[Bowman, John C.]

Hi All,

I'm not certain if this is the best place to post this, so please educate me
if it's not. Bascially, I need to know the "correct"(?) method for how to
detect if a the current user has administrative privileges via c or c++ code
for some installation routines. I've been striking out so far finding this
in MSDN or anywhere. Any help would be appreciated.

TIA,

John Bowman
Thermo Fisher Scientific

 

[Alun Jones]

"Bowman, John C." <john.bowman@thermofisher.com> wrote in message
news:#jvmcnC7IHA.4204@TK2MSFTNGP03.phx.gbl...
> I'm not certain if this is the best place to post this, so please educate
> me if it's not. Bascially, I need to know the "correct"(?) method for how
> to detect if a the current user has administrative privileges via c or c++
> code for some installation routines. I've been striking out so far finding
> this in MSDN or anywhere. Any help would be appreciated.

Meta-question:
What can a "user with administrative privileges" do that you need to do?

Meta-answer:
Then you should test to see if the user can do that.

In general, you should not ask "have I got permission to do X" when asked to
do X, you should try to do X, and then display an error if you are told you
do not have permissions.

The reason is that frequently the task you are looking at is one that can be
delegated to non-administrators.

As an example, in Windows 2000, you had to have SE_TCB_NAME privilege in
order to call LogonUser. I didn't bother checking in my code to see if I had
SE_TCB_NAME privilege, I just called LogonUser. As a result, when Windows
2003 came out, and didn't have that restriction, my code just plain worked
exactly the same. Code that says "does the user have SE_TCB_NAME privilege"
would carry on refusing to call LogonUser.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

 

[Anteaus]

This certainly works, so it is possible:

http://www.autoitscript.com/autoit3/docs/functions/IsAdmin.htm

Might be worth asking on the Autoit forum how it was coded. Jon (chief
coder) is usually obliging.

 

[Bowman, John C.]

Alun,

Thanks for the response. The answer is I must require administrative
privileges because it's a tool that runs numerous installers and it should
not allow the user to proceed w/o admin rights. This includes of course
writing to HKLM/ C:\Program Files, etc. since it's part of an installation
process.

John

"Alun Jones" <alun@texis.invalid> wrote in message
news:E57B06C5-94F7-4CA5-BC40-D8EEC66E3CA0@microsoft.com...
> "Bowman, John C." <john.bowman@thermofisher.com> wrote in message
> news:#jvmcnC7IHA.4204@TK2MSFTNGP03.phx.gbl...
>> I'm not certain if this is the best place to post this, so please educate
>> me if it's not. Bascially, I need to know the "correct"(?) method for how
>> to detect if a the current user has administrative privileges via c or
>> c++ code for some installation routines. I've been striking out so far
>> finding this in MSDN or anywhere. Any help would be appreciated.
>
> Meta-question:
> What can a "user with administrative privileges" do that you need to do?
>
> Meta-answer:
> Then you should test to see if the user can do that.
>
> In general, you should not ask "have I got permission to do X" when asked
> to do X, you should try to do X, and then display an error if you are told
> you do not have permissions.
>
> The reason is that frequently the task you are looking at is one that can
> be delegated to non-administrators.
>
> As an example, in Windows 2000, you had to have SE_TCB_NAME privilege in
> order to call LogonUser. I didn't bother checking in my code to see if I
> had SE_TCB_NAME privilege, I just called LogonUser. As a result, when
> Windows 2003 came out, and didn't have that restriction, my code just
> plain worked exactly the same. Code that says "does the user have
> SE_TCB_NAME privilege" would carry on refusing to call LogonUser.
>
> Alun.
> ~~~~
> --
> Texas Imperial Software | Web: http://www.wftpd.com/
> 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
>
>
>

 

[Alun Jones]

"Bowman, John C." <john.bowman@thermofisher.com> wrote in message
news:u8rWMEb7IHA.1196@TK2MSFTNGP05.phx.gbl...
> Thanks for the response. The answer is I must require administrative
> privileges because it's a tool that runs numerous installers and it should
> not allow the user to proceed w/o admin rights. This includes of course
> writing to HKLM/ C:\Program Files, etc. since it's part of an installation
> process.

Why shouldn't it be allowed to proceed as a user who is _not_ an
administrator, but which has the privilege to write to HKLM, Program Files,
etc?

Alun.
~~~~

 

[Dan]

Sorry, to intrude but was this posted from another newsgroup. The first
person I have just says unknown with nothing inside from the poster and then
I see Alun Jones response clearly. Can someone elaborate because I have not
plonked anyone and just post via my Windows Live aka old-school hotmail
account.

"Alun Jones" wrote:

> "Bowman, John C." <john.bowman@thermofisher.com> wrote in message
> news:u8rWMEb7IHA.1196@TK2MSFTNGP05.phx.gbl...
> > Thanks for the response. The answer is I must require administrative
> > privileges because it's a tool that runs numerous installers and it should
> > not allow the user to proceed w/o admin rights. This includes of course
> > writing to HKLM/ C:\Program Files, etc. since it's part of an installation
> > process.
>
> Why shouldn't it be allowed to proceed as a user who is _not_ an
> administrator, but which has the privilege to write to HKLM, Program Files,
> etc?
>
> Alun.
> ~~~~
>
>