0

I wanted to detect if my program is started via "Run as Administrator" or not. On two machines it works by doing:

new System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent()).IsInRole(System.Security.Principal.WindowsBuiltInRole.Administrator)

Because when I run programs, by default they don't run as Administrator, so I can check it like that.

However on yet another machine (this one has Win7 and UAC disabled) and when I start any program there it automatically starts with admin rights, without ever having to "Right click -> Run as Administrator". Can I somehow filter this instance out?

Background is simply, that on the very first start it should prevent the user from starting it elevated, but if the user starts it elevated every time anyways it shouldn't care.

Hope it makes sense, Matty

Tony Stark
  • 434
  • 4
  • 13
Matty
  • 49
  • 5
  • Relevant: [What precisely does "run as administrator" do?](https://stackoverflow.com/questions/8986971/what-precisely-does-run-as-administrator-do) – John Wu Jun 11 '21 at 16:11
  • 1
    I'm 99% sure the answer is no. When your program starts, the token is in place (and it's either the "admin" (if the user has admin rights) or "standard user" (reduced rights) token). You can check to see if your program has rights to do something , but that's about it. You can also manifest your app to influence how the "which token to use" decision is made. I'm not quite following your rationale - perhaps you can explain it better. In addition to @JohnWu's link, look at: https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works – Flydog57 Jun 11 '21 at 16:59
  • Yeah, but the background is just that on the first start it creates a settings file and if on the first start it creates this file while having admin rights, trying to change this file lateron with mere user rights wasn't possible – Matty Jun 12 '21 at 18:23

1 Answers1

0

I found out that the "EnableLUA" setting in the Registry in "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" was actually set to 0 so UAC is completely disabled and starts everything as an Admin so I will just add a check for this value to be 1 additionally :)

Matty
  • 49
  • 5