×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Is Current User In Admin Group - Windows 10

Is Current User In Admin Group - Windows 10

Is Current User In Admin Group - Windows 10

(OP)
Hi All,

Need to know if current (logged-in) user is an administrator in Windows 10. In Windows 10, a user can never have "true" (super administrator) privileges, but can have administrator privileges for software installation, etc. This is why some of the older APIs work (e.g. IsUserAnAdmin()), in Windows 7, but not in Windows 10.

Does anyone have code they can share which works on Windows 10. I think something that indicates if the current user is in the administrator group.

RE: Is Current User In Admin Group - Windows 10

FUNCTION IsAdmin
#DEFINE SECURITY_NT_AUTHORITY 5
#DEFINE SECURITY_BUILTIN_DOMAIN_RID 0x20
#DEFINE DOMAIN_ALIAS_RID_ADMINS 0x220
 
DECLARE Long AllocateAndInitializeSid IN Advapi32.dll ;
      String pIdentifierAuthority, Short nSubAuthorityCount, ;
      Long dwSubAuthority0, Long dwSubAuthority1, Long dwSubAuthority2, ;
      Long dwSubAuthority3, Long dwSubAuthority4, Long dwSubAuthority5, ;
      Long dwSubAuthority6, Long dwSubAuthority7, Long @ pSid
 
DECLARE Long FreeSid IN Advapi32.dll Long pSid
 
DECLARE Long CheckTokenMembership IN Advapi32.dll Long TokenHandle, ;
        Long SidToCheck, Long @ IsMember
 
DECLARE Long GetLastError IN WIN32API
 
LOCAL lcpIdentifierAuthority, lnSid, lnIsMember
lcpIdentifierAuthority = REPLICATE(CHR(0),5) + CHR(SECURITY_NT_AUTHORITY ) 
lnSid = 0
llIsAdmin = .F.
IF AllocateAndInitializeSid(lcpIdentifierAuthority, ;
       2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, ;
       0, 0, 0, 0, 0, 0, @lnSid) <> 0
 
    lnIsMember = 0
    IF CheckTokenMembership( 0, lnSid, @lnIsMember)   <> 0 
       IF lnIsMember <> 0
          llIsAdmin = .T.
       ENDIF   
    ELSE
   *? "CheckTokenMembership Error "  + apierror(GetLastError())
    ENDIF
 
    = FreeSid(lnSid)
ELSE
   *? "AllocateAndInitializeSid Error "  + apierror(GetLastError())
ENDIF    
 
RETURN llIsAdmin 

RE: Is Current User In Admin Group - Windows 10

That's brilliant Tore.

Best Regards,
Scott
MIET, MASHRAE, CDCP, CDCS, CDCE, CTDC, CTIA, ATS

"Everything should be made as simple as possible, and no simpler."hammer

RE: Is Current User In Admin Group - Windows 10

(OP)
Hi Tore. Thanks for responding. Unfortunately, the function does not work on Windows 10 (I'm testing at home on Windows 10 Pro). It does work on Windows 7. I may be wrong, but I have a feeling the problem lies with how Windows 10 defines an administrator. One can be a so-called administrator, but still has to "RunAs" for certain things in the registry, powershell, command prompt, etc. The real (super) administrator account is disabled by default in Windows 10. Your function would probably work for that account.

RE: Is Current User In Admin Group - Windows 10

That mode of running processes unelevated as the norm, even if a user account is an administrator exists since Vista introduced UAC. It's normal.
The VFPX API Code making use of the Win API IsUserAnAdmin() function returns 0 (No) for me, too. Yes.

The usual way to ask for elevation is with a manifest setting requestedExecutionLevel to requireAdminstrator.

If you want to determine whether that means the current user would only need to click a confirm button, as he is admin or will be prompted to log in as an admin account, that may be useful to know in advance, but in the end, there's nothing you can do anyhow. Whenever your software needs the admin execution level you should put such functions into a separate EXE with such a manifest, if you don't want to require admin privileges right away just for starting your software. At least I'm not aware of an API function, that would elevate an already running process and cause that Windows prompt/dialogs when doing so. The normal case will just be redirection into virtual registry and directory branches and therefore only seeming to succeed, eg when you want to write a self-registering COM Server with DllRegisterServer, that's hardly working anyway, as a DLL has to be already registered to start an OLE class from it. And an EXE needs other calls.

It's easiest to register and VFP DLL or EXE COM Server with a setup.

Related: https://docs.microsoft.com/en-us/windows/desktop/c...
You see there is Self-Registration, I haven't read it full, but as far as I get it you can avoid an installation procedure, but a previous installer must have set up a license to use for components of upgrades or updates to register themselves, so this still isn't self-contained as possibility you can do "cold" without any previous steps of authorizing that. I assume in itself it wouldn't be a security hole, as merely being able to regsiter classes without an admin doesn't mean you can do more in the protected registry than adding the keys for OLE registration and the OLE Server itself will not run elevated anyway. Still, Windows doesn't make it too easy to use some OLE/COM/ACtiveX.

Bye, Olaf.

Olaf Doschke Software Engineering
https://www.doschke.name

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close