Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Looking for Delphi 7 code to detect if a program is started with administrator rights?

I am looking for working (obviously) Delphi 7 code so I can check whether my program is started with administrator rights.

Thanks in advance

[--- IMPORTANT UPDATE ---]

Having reviewed the code in the answers so far, I realise that my question maybe is not so clear, or at least is not complete:

  • I want to know whether my Delphi 7 program is started with the 'Run as admin' check box set.

  • In other words: I want to know whether it is possible for my Delphi 7 program to create/update files in the c:\Program Files... folders.

Just checking if you have administrator rights is not enough for this.

like image 565
Edelcom Avatar asked Jun 07 '11 07:06

Edelcom


1 Answers

The Windows API (used) to have a helper function (IsUserAnAdmin) to tell if you are running with administrative privileges.

OS              Account Type   UAC           IsUserAdmin
==============  =============  ============  ===========
Windows XP      Standard       n/a           False
Windows XP      Administrator  n/a           True
Windows Vista   Standard       Disabled      False
Windows Vista   Administrator  Disabled      True
Windows Vista   Standard       Not Elevated  False
Windows Vista   Administrator  Not Elevated  False
Windows Vista   Standard       Elevated      True
Windows Vista   Administrator  Elevated      True

The Shell32 wrapper function is deprecated; which is fine because it was just a wrapper around other code, which you can still call yourself:

function IsUserAdmin: Boolean;
var
  b: BOOL;
  AdministratorsGroup: PSID;
begin
  {
    This function returns true if you are currently running with admin privileges.
    In Vista and later, if you are non-elevated, this function will return false 
    (you are not running with administrative privileges).
    If you *are* running elevated, then IsUserAdmin will return true, as you are 
    running with admin privileges.

    Windows provides this similar function in Shell32.IsUserAnAdmin. 
    But the function is deprecated, and this code is lifted
    from the docs for CheckTokenMembership:
      http://msdn.microsoft.com/en-us/library/aa376389.aspx
  }

  {
    Routine Description: This routine returns TRUE if the callers
    process is a member of the Administrators local group. Caller is NOT
    expected to be impersonating anyone and is expected to be able to
    open its own process and process token.
      Arguments: None.
      Return Value:
        TRUE - Caller has Administrators local group.
        FALSE - Caller does not have Administrators local group.
  }
  b := AllocateAndInitializeSid(
      SECURITY_NT_AUTHORITY,
      2, //2 sub-authorities
      SECURITY_BUILTIN_DOMAIN_RID,  //sub-authority 0
      DOMAIN_ALIAS_RID_ADMINS,      //sub-authority 1
      0, 0, 0, 0, 0, 0,             //sub-authorities 2-7 not passed
      AdministratorsGroup);
  if (b) then
  begin
    if not CheckTokenMembership(0, AdministratorsGroup, b) then
      b := False;
    FreeSid(AdministratorsGroup);
  end;

  Result := b;
end;

In other words: This function gives you the answer you want: Can the user update Program Files.

You need to be weary of code that check if you're a member of the Administrator's group. You can be part of the Administrator's group, but not have any administrative privileges. You can also have administrative privileges, but not be part of the Administrator's group.

like image 51
Ian Boyd Avatar answered Oct 06 '22 01:10

Ian Boyd