Getting the logged in user of a Windows computer VB.NET

Question

My program depends on information that changes depending on which user is logged in. An example would be the location of AppData. My program also needs Administrative privileges. If I run the program as Administrator, the program thinks the Administrator is the currently logged in user.

My "solution": Create a second program to run as console. It runs as a standard user, putting information into variables to correctly identify the current user. It then save the main program, from Resources, to disk, starts it, then passes these variables via Arguments.

The problem: I have to Build the program twice before I can test it. This is very annoying.

Although my solution works, I'm tired of it. Is there any other way I can get the currently (active) logged in user? I've tried SystemInformation.UserName.ToString and My.User.Name.ToString. Both give the wrong user.

Edit: System.Security.Principal.WindowsIdentity.GetCurrent().Name does not work.

Proposed Solution: Instead of having a program run before my main program to gather information, I will try to have that program run at the same time my main program does. My main program will wait until the information has been sent back, and then resume. This way, I don't have to double build all the time.

Answer 1

This answer will probably be controversial, because it isn't strictly answering the question in the title. But it is nevertheless the correct answer to the question. The question explicitly asked is what is known as an XY problem. You have encountered a problem, figured out a possible solution in your head, and then run into trouble implementing that solution, so you've asked for help. The issue is that the solution you've figured out in your head is not the correct one.

My program depends on information that changes depending on which user is logged in. An example would be the location of AppData.

This is normal. You do not, however, solve it by detecting which user is logged in. That won't do you any good anyway. Say you know the name of the user: how are you now going to use that to figure out the AppData folder? I suppose you're going to try and compose a path manually, based on your knowledge of the folder's location in a default installation of Windows: C:\Users\<the user name>\AppData\. But you've just blundered. What happens if the user has mapped their profile directory someplace else? What if the user name doesn't match the name of the directory in the Users directory (e.g. if the Administrator account has been renamed)?

The real solution to this problem is altogether simpler. You simply ask Windows for the path of the AppData folder. Let the operating system do its job keeping track of the logged in user.

Normally, in Windows, you would call the SHGetKnownFolderPath function, or its moral equivalent. In the .NET Framework, that functionality is wrapped by the Environment.GetFolderPath method. Simple, and guaranteed to be correct.

You will want to specify either SpecialFolder.CommonApplicationData (the AppData folder for all users), SpecialFolder.ApplicationData (the roaming AppData folder for the current user), or SpecialFolder.LocalApplicationData (the non-roaming AppData folder for the current user).

My program also needs Administrative privileges. If I run the program as Administrator, the program thinks the Administrator is the currently logged in user.

Because it is. If you're running the program as Administrator, then for all intents and purposes, the program will be run as Administrator. That means returning Administrator as the name of the current user, returning the Administrator's AppData folder, and so on and so forth. This is quite logical, it is what enables the program to do Administrator-specific things.

But beyond that, it is bad practice (in all but the most unusual of cases) to have an entire application that requires Administrative privileges. Generally, there are only one or two actions taken by an application that truly require Administrative privileges. For example, I have a little utility that I wrote. None of its basic functions require Administrative privileges, but it has a feature to install itself so that it is launched on startup for all users. Clearly that requires Administrative privileges, but that's only a one-time speciality feature. You don't want the entire app to require Administrative privileges just for that specialized function. What if the current user can't get Administrative privileges? They should still be able to use the software, just with the Administrator-specific functionality disabled or otherwise inaccessible.

And this fits with Windows's model for process elevation. There is no way to temporarily elevate the current process. You have to start a new elevated process, do whatever it is that requires Administrative privileges, and then quit that process. I have written detailed instructions here on how to do that. Of course, they are in C#, but trivially translated to VB.NET.

Is there any other way I can get the currently (active) logged in user? I've tried SystemInformation.UserName.ToString and My.User.Name.ToString. Both give the wrong user.

Like I said above, the information is not "wrong". You said it yourself: they are returning the "currently (active)" user: Administrator. The one you requested the app to be run as.

With the solution I proposed above, your app, running normally, would not be run as Administrator. That would increase security, and it would ensure that you get information applicable to the currently logged in user. When you need to perform actions that require Administrator privileges, you spin off a second elevated process, do the work, and then exit that process. The elevated process acts as Administrator, for all intents and purposes, which is almost always what you want.

For what it's worth, I frequently see questions like yours from people who are trying to write an installer (don't do that, just use one of the many excellent installers already available). Their installer requires Administrative privileges, obviously, so they set it to request elevation on startup. So far, so good. Except that they want to write data to a specific user's AppData folder during the installation. Now they have a problem, because (1) they can't get that path, and (2) there might not even be another logged in user. The solution, and the one officially recommended by the Windows Logo guidelines, is to do this type of initialization on first-run. In other words, the first time that the installed application is run by a normal user. Then you get the AppData folder you expect.

Answer 2

I believe Environment.UserName gets the currently logged in user (not the 'run as' user). Can also query WMI as follows:

ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT UserName FROM Win32_ComputerSystem");
ManagementObjectCollection collection = searcher.Get();
string username = (string)collection.Cast<ManagementBaseObject>().First()["UserName"];

This was from this SO question.

Answer 3

solutions found here Detect Current Logged on User with VB.Net and getting username in vb.net

I also needed to write application to go directly to a local path which I already have the url. c:\users\username\appdata\packages and "environment.username" works for me. I just declared a variable to hold it

Answer 4

Having popped up on my feed as a frequently viewed question, I'd like to take a shot at "answering" my own question.

Backstory is I was trying to create a registry tweak utility (partially as a way to teach myself VB). I was very new to programming at the time. I'd check a box and have it immediately apply. Some of the tweaks were HKEY_CURRENT_USER. At least for Windows 10 if you're in the local Administrators group and you elevate, it still has you as the running user. Perhaps UAC performed differently with Windows 7, perhaps I was running two accounts (User and Administrator). I believe I was trying to account for a fringe case.

Either way, if the user elevates (or runas) a different user, obviously it'll list the process as that user. Here are some ways you might be able to detect the interactive user:

• Event Log: Event IDs 4624 (Logon_Type 2) and 4648 both will list the user trying to elevate. It won't list the actual program, probably svchost.exe. If you have process creation enabled (GPO), you may be able to correlate Event ID 4688 for new processes spawned.
• Executing Path: If it's in the user's folder (aka C:\Users\myuser), it might be a good indicator that's the user trying to elevate (especially if you enumerate local Administrators and find the user is a regular user).
• Least Privilege: I believe I suggested this eventually. Run the program as the interactive user. Elevate only when necessary. If you have control over redirection, you can pass the username.
• Registry: If it's user-specific, hitting HKEY_USER may be applicable (to avoid redirection).
• Check explorer/logonui processes: If a user is logged in interactively, an explorer process should be running. If they're locked, there should also be a logonui process.
• query /user: This command isn't easily parseable. However, it isn't affected by elevation (it always knows the interactive user).
• interactive user: Based on https://serverfault.com/questions/188115/what-is-windows-interactive-user, users are assigned special identities automatically. I haven't figured it out, but perhaps there's a way to enumerate those to determine if a user is interactive.

All of the above aren't necessarily bulletproof nor are they one size fits all. You may need to use more than one together to ensure you get it right, especially if your needs are mission critical. The above also assumes you have the knowledge to implement each individual one. (e.g. How do I read from Event Log using C#.) There's more than enough guides and threads, especially on SO, that will explain it. I don't think it's necessary to rehash that, especially considering my question was more sysadmin related than anything.