ctypes.windll.shell32.IsUserAdmin() not returning 1 when user is in admins group

Question

I am trying to use

ctypes.windll.shell32.IsUserAdmin()

to determine if the running process was started by a user in the Admins group, but I am getting inconsistent / incorrect results.

On a windows 7 professional install, when logging in as a user that is not Administrator but is a memebr of the administrators group, I get

>>> ctypes.windll.shell32.IsUserAnAdmin()
0

But the user is in the admins group.

I get the expected answer on a windows server 2008 machine when logging in as Administrator;

>>> ctypes.windll.shell32.IsUserAnAdmin()
1

Does anybody know / have any hints as to why I am getting a 0 returned on the win7 box, even though the user is in the administartors group?

• I am wondering if the issue can be caused by some interaction of local vs domain admins / groups, but my knowledge there is sketchy at best..

Thanks,

Matt.

Answer 1

This is UAC. If you run elevated, you will see the behaviour you expect. But with a standard token under UAC your user doesn't have administrator rights, even when in the admin group.

For the special Administrator user account, UAC does not apply and processes under that special user are always given a privileged token. So the difference you see is not with the OS but with the user. Log on as the special Administrator account on Windows 7 and see that it behaves just as the server 2008 box does.