3

I am writing an application with c++/c. How can I detect if the process was launched as an administrator (right click run as admin)?

zero298
  • 25,467
  • 10
  • 75
  • 100
soolidsnake
  • 33
  • 3

1 Answers1

2

Assuming the problem statement is "how to determine if my process has been elevated under UAC",

  1. Check UAC is enabled
  2. Check if IsUserAnAdmin() returns true
  3. Check the process token's elevation type is TokenElevationTypeFull

If all three tests are true, your process has been elevated under UAC. Note that it's possible the GetProcessElevationType check on its own would be enough, but in our own code we do the others in case there are other types of split token in the future.

Details:

  1. Check UAC is enabled

There may be other ways to do this, but the easiest is to look in the registry. If the value EnableLUA exists under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System then UAC is enabled.

  1. Check if IsUserAnAdmin() returns true

This is easy - simply call the IsUserAnAdmin() function. Note that the this function is deprecated; you can also use the CheckTokenMembership() function.

  1. Check the process token's elevation type is TokenElevationTypeFull

You can obtain the token's elevation type using the following function:

// TokenElevationTypeDefault -- User is not using a split token. (e.g. UAC disabled or local admin "Administrator" account which UAC may not apply to.)
// TokenElevationTypeFull    -- User has a split token, and the process is running elevated.
// TokenElevationTypeLimited -- User has a split token, but the process is not running elevated.
bool GetProcessElevationType(TOKEN_ELEVATION_TYPE *pOutElevationType)
{
    *pOutElevationType = TokenElevationTypeDefault;
    bool fResult = false;

    HANDLE hProcToken = NULL; 

    if (::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &hProcToken))
    {
        DWORD dwSize = 0;
        TOKEN_ELEVATION_TYPE elevationType = TokenElevationTypeDefault;

        if (::GetTokenInformation(hProcToken, TokenElevationType, &elevationType, sizeof(elevationType), &dwSize)
        &&  dwSize == sizeof(elevationType))
        {
            *pOutElevationType = elevationType;
            fResult = true;
        }

        ::CloseHandle(hProcToken);
    }

    return fResult;
}
Jonathan Potter
  • 36,172
  • 4
  • 64
  • 79
  • I'm dubious about step 1, since I don't think there's any guarantee that registry key will continue to exist in future versions of Windows. It should also be noted that in many cases (apparently not this one, but more often than not) all you *really* want to know is whether you have admin privilege or not, i.e., just step 2. – Harry Johnston Aug 05 '16 at 02:07
  • @HarryJohnston Note that that registry key [is documented](https://technet.microsoft.com/en-us/library/ff715520.aspx). – Jonathan Potter Aug 05 '16 at 02:09
  • Uh, I don't think that's the right link. That's a setting in an XML file, not a registry key. At any rate, if I remember rightly that key can be configured via group policy, so it is presumably documented in that context - but group policy doesn't promise forwards compatibility. (I'm not sure why you'd bother with step 1 anyway, since if UAC is disabled, step 3 will always return TokenElevationTypeDefault?) – Harry Johnston Aug 05 '16 at 02:16
  • @HarryJohnston As I said in my answer, "Note that it's possible the GetProcessElevationType check on its own would be enough". That's just what we do in our code. Feel free to do something else :) – Jonathan Potter Aug 05 '16 at 02:24
  • https://stackoverflow.com/a/8196291/1836776 is another, possibly simpler, solution. – Marc Durdin Oct 08 '20 at 23:49