Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is WindowsPrincipal.IsInRole always returning false for the "Administrators" group?

My local user account is in the Administrators group, and I wanted to simply figure out how a windows forms project would determine if I'm in the administrators group. So, I started a windows forms project and tried the following:

[STAThread]
static void Main()
{
    string adminGroup1 = @"BUILTIN\Administrators";
    string adminGroup2 = Environment.MachineName + @"\Administrators";
    string adminGroup3 = Environment.MachineName.ToLower() + @"\Administrators";
    string adminGroup4 = "Administrators";
    string adminGroup5 = "administrators";

    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
    WindowsPrincipal currentUser1 = (WindowsPrincipal)Thread.CurrentPrincipal;
    bool IsAdmin1_1 = currentUser1.IsInRole(adminGroup1); // false
    bool IsAdmin1_2 = currentUser1.IsInRole(adminGroup2); // false
    bool IsAdmin1_3 = currentUser1.IsInRole(adminGroup3); // false
    bool IsAdmin1_4 = currentUser1.IsInRole(adminGroup4); // false
    bool IsAdmin1_5 = currentUser1.IsInRole(adminGroup5); // false

    WindowsPrincipal currentUser2 = new WindowsPrincipal(WindowsIdentity.GetCurrent());
    bool IsAdmin2_1 = currentUser2.IsInRole(adminGroup1); // false
    bool IsAdmin2_2 = currentUser2.IsInRole(adminGroup2); // false
    bool IsAdmin2_3 = currentUser2.IsInRole(adminGroup3); // false
    bool IsAdmin2_4 = currentUser1.IsInRole(adminGroup4); // false
    bool IsAdmin2_5 = currentUser2.IsInRole(adminGroup5); // false

    Application.EnableVisualStyles();
    Application.SetCompatibleTextRenderingDefault(false);
    Application.Run(new Form1());
}

Why are all the above checks failing?

like image 212
Candide Avatar asked Feb 16 '12 11:02

Candide


1 Answers

try

currentUser1.IsInRole(WindowsBuiltInRole.Administrator)

See MSDN.

"In Windows Vista and later versions of the Windows operating system, User Account Control (UAC) determines the privileges of a user. [..] The code that executes the IsInRole method does not display the Consent dialog box. The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group"

like image 114
Yahia Avatar answered Oct 12 '22 12:10

Yahia