DelphiXe, Win7x64
How to define, that the user started the program starts it on behalf of system record of the Administrator of system (domain or local). The rights I define so:
Function IsUserAdmin:Bool;
Const
SECURITY_NT_AUTHORITY: TSIDIdentifierAuthority =(Value: (0, 0, 0, 0, 0, 5));
SECURITY_BUILTIN_DOMAIN_RID = $00000020;
DOMAIN_ALIAS_RID_ADMINS = $00000220;
Var
hAccessToken: THandle;
ptgGroups: PTokenGroups;
dwInfoBufferSize: DWORD;
psidAdministrators: PSID;
x: Integer;
bSuccess: BOOL;
begin
Result := False;
bSuccess := OpenThreadToken(GetCurrentThread, TOKEN_QUERY, True, hAccessToken);
if not bSuccess then
begin
if GetLastError = ERROR_NO_TOKEN then
bSuccess := OpenProcessToken(GetCurrentProcess, TOKEN_QUERY, hAccessToken);
end;
if bSuccess then
begin
GetMem(ptgGroups, 1024);
bSuccess := GetTokenInformation(hAccessToken, TokenGroups, ptgGroups,
1024, dwInfoBufferSize);
CloseHandle(hAccessToken);
if bSuccess then
begin
AllocateAndInitializeSid(SECURITY_NT_AUTHORITY, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, psidAdministrators);
{$R-}
for x := 0 to ptgGroups.GroupCount-1 do
if EqualSid(psidAdministrators, ptgGroups.Groups[x].Sid) then
begin
Result := True;
Break;
end;
{$R+}
FreeSid(psidAdministrators);
end;
FreeMem(ptgGroups);
end;
end;
But it only defines an accessory of the user to group of administrators. How to define, what exactly from under the accounting record "Administrator" goes start (taking into account what the record name can be changed (the account is renamed, example "Admin")?
P.S. It is all to that if the user starting the application is in group administrator at inclusion Windows UAC at it start on behalf of the Administrator will be all the same requested.
So it is necessary for me:
- To learn, that the user which starts the program is in group of managers (local or domain) is as works
- Start is made on behalf of the system accounting record the "Administrator" (can and renamed), instead of the created new user with the rights of the administrator
[UPDATE]
Once again, in another way. We will admit, in system there are some accounts: Administrator (a system account of the administrator by default), User1 (consists in group "Administrators", the new created account), User2 (consists in group "Users", the new created account). For any reasons, system account "Administrator" is renamed in "Admin" (or into any other name). There is my application. It is started by different users. As to me to establish, that the user who starts my application, is the administrator of system (Admin). Because for Windows UAC the rights for start from User1 and Admin will differ - also question UAC will appear only if the application starts User1, and if Admin - message UAC will not appear. Here a question: how to define, what the user who has started the application = Admin (old name Administrator), in other words the user and is the administrator of system?
Need:
Function GetCurrentUserName:string;
begin
... detect current user name
end;
Function isCurrentUserisAdministratorPC:bool;
begin
// ??? Result:=isUserPCAdmin(GetCurrentUserName);
end;
// uses
User1 start program: isCurrentUserisAdministratorPC return False;
User2 start program: isCurrentUserisAdministratorPC return False;
Admin start program: isCurrentUserisAdministratorPC return TRUE; //!!!
rename account Admin to Test123.
Test123 start program: isCurrentUserisAdministratorPC return TRUE; //!!!
