1

I have a list of users created in my system:

  • Administrator (by default)
  • Guest
  • User1 (Standard User)
  • User2 (Administrator User)

I want to know the rights given to all these users in C# through WMI ,how is this possible??Is there any other way to find them. Even If one user has this right it must exit from the loop

I use the below code :

WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
bool isAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator);
if (isAdmin == true)
{
    current_logged_user = "Yes";
}
else
{
    current_logged_user = "No";
}

This gives me only the currently logged info,but I need for all the users

link

The below link just give the members of administrartors link

Community
  • 1
  • 1
TechBrkTru
  • 346
  • 1
  • 25

2 Answers2

0

You can try this:

bool IsInGroup(string user, string group)
{
    using (var identity = new WindowsIdentity(user))
    {
        var principal = new WindowsPrincipal(identity);
        return principal.IsInRole(group);
    }
}

You can change IsInRole(group) to IsInRole(WindowsBuiltInRole.Administrator)

Do you have a domain server ?

Fabian Stern
  • 376
  • 1
  • 9
  • i just want to know what rights have been given to all the user accounts that has been created in my single system @Fabian Stern – TechBrkTru Jun 11 '15 at 11:36
  • Try to avoid variable/parameters with the name `group`. It's a keyword that is used in LINQ. – Caramiriel Jun 11 '15 at 12:32
0

You should be able to return all users via WMI with

        string groupNameToSearchFor = "Administrators"; // can be any group,maybe better to use something like builtin.administrators

        using (PrincipalContext pc = new PrincipalContext(ContextType.Machine, null))
        {
            ManagementObjectSearcher usersSearcher = new ManagementObjectSearcher(@"SELECT * FROM Win32_UserAccount");
            ManagementObjectCollection users = usersSearcher.Get();

            foreach (ManagementObject user in users)
            {
                if ((bool)user["LocalAccount"] == true && int.Parse(user["SIDType"].ToString()) == 1)
                {
                    var userPrincipal = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, user["Name"].ToString());
                    GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc, groupNameToSearchFor);
                    MessageBox.Show("Is User admin? -> " + (bool)userPrincipal.IsMemberOf(gp));

                }
            }
        }

You have to include the usings for 

using System.DirectoryServices.AccountManagement;
using System.Management;

And also check if the user is really a user and not a different object (not sure if my checks are enough).

Edit: you can cast the users you need after you got the list with 

        var localUsers = users.Cast<ManagementObject>().Where(
            u => (bool)u["LocalAccount"] == true &&
                 (bool)u["Disabled"] == false &&
                 (bool)u["Lockout"] == false &&
                 int.Parse(u["SIDType"].ToString()) == 1 &&
                 u["Name"].ToString() != "HomeGroupUser$");
Marc Wittmann
  • 2,286
  • 2
  • 28
  • 41
  • Your local Machine. You can also search in active directory but you wanted the local users, right? – Marc Wittmann Jun 11 '15 at 12:09
  • when i use "Administrators" i get an exception ?? why??@Marc Wittmann – TechBrkTru Jun 11 '15 at 12:14
  • I get an error like this :A local variable named 'user' cannot be declared in this scope because it would give a different meaning to 'user', which is already used in a 'parent or current' scope to denote something else @Marc Wittmann – TechBrkTru Jun 11 '15 at 12:16
  • that means you already have a variable user declared.. just rename your or my user variable to something else like userToCheck or something. And make sure you use only the real users in the loop (debug the loop) – Marc Wittmann Jun 11 '15 at 12:23
  • Will this same code work on each and every different local machine,because currently its working in mine properly..@ Marc Wittmann – TechBrkTru Jun 11 '15 at 12:37