How do I properly check if a process is running with administrative rights?
I checked the IsUserAnAdim
function in MSDN, but it is not recommended as it might be altered or unavailable in subsequent versions of Windows. Instead, it is recommended to use the CheckTokenMembership
function.
Then I looked at the alternate example in MSDN from a description of the CheckTokenMembership
function. However, there is Stefan Ozminski's comment in MSDN that mentions that this example does not work properly in Windows Vista if UAC is disabled.
Finally I tried to use Stefan Ozminski's code from MSDN, but it determines that the process has administrative rights even if I launch it under an ordinary user without the administrative rights in Windows 7.
Open one terminal window, and run the command: watch -n 1 "ps aux | grep passwd". This will watch for the passwd process. Open a second terminal window and run: passwd. Look at the first terminal window, you'll see a process come up for passwd.
Select Start > Settings > Privacy. Select the app (for example, Calendar) and choose which app permissions are on or off. The Privacy page won't list apps with permission to use all system resources.
You should use "net session" command and look for an error return code of "0" to verify administrator rights.
This will tell you if you are running with elevated privileges or not. You can set the manifest to run with most possible if you want it to prompt. There are also other ways to ask windows through code for alternate credentials.
BOOL IsElevated( ) { BOOL fRet = FALSE; HANDLE hToken = NULL; if( OpenProcessToken( GetCurrentProcess( ),TOKEN_QUERY,&hToken ) ) { TOKEN_ELEVATION Elevation; DWORD cbSize = sizeof( TOKEN_ELEVATION ); if( GetTokenInformation( hToken, TokenElevation, &Elevation, sizeof( Elevation ), &cbSize ) ) { fRet = Elevation.TokenIsElevated; } } if( hToken ) { CloseHandle( hToken ); } return fRet; }
You can use LsaOpenPolicy()
function. The LsaOpenPolicy
function opens a handle to the Policy object on a local or remote system.
You must run the process "As Administrator" so that the call doesn't fail with ERROR_ACCESS_DENIED
.
Source: MSDN
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With