Determine if user has administrator rights (windows)
-
wrote on 21 Oct 2010, 23:36 last edited by
How can I tell if the user running my application had administrator rights?
-
wrote on 22 Oct 2010, 08:15 last edited by
I doubt there is a way in the Qt to do it. You should use WinAPI for such a thing.
-
wrote on 22 Oct 2010, 15:50 last edited by
What function in the Windows API does that, and what include files do I need to include? Do I need to install the Windows SDK?
-
wrote on 22 Oct 2010, 16:56 last edited by
Maybe "GetUserNameEx":http://msdn.microsoft.com/en-us/library/ms724435(v=VS.85).aspx is what you are looking for.
-
wrote on 22 Oct 2010, 17:03 last edited by
No, I want to know if the user had administrator privileges, not if his user-name is "Administrator". He just needs to be in the administrator group.
-
wrote on 22 Oct 2010, 17:08 last edited by
Maybe I misunderstood what the msdn page says but isn't this what you want?: [quote]Retrieves the name of the user or other security principal associated with the calling thread.[/quote]
I would have tried it but I'm not on windows at the moment.Edit: Check out "CheckTokenMembership":http://msdn.microsoft.com/en-us/library/aa376389(VS.85).aspx
There is also an example that checks if the User is an admin. -
wrote on 22 Oct 2010, 17:19 last edited by
You're right. I found "CheckTokenMembership":http://msdn.microsoft.com/en-us/library/aa376389(VS.85).aspx, which seems to be an even better solution, but when I use the example code from that page, I get an error, 'CheckTokenMembership' was not declared in this scope.
I have windows.h and winbase.h included. What's wrong? -
wrote on 22 Oct 2010, 17:21 last edited by
First of all you should explain what the "user" mean. I think you're talking about user who run the process and about his security token. If I understood you right then you should use GetSecurityInfo() for retrieving SID of the process owner. And then you can compare it with the admin SID which looks like S-1-5-21-domain-500 where domain is the name of your machine.
Actually I think you don't need to compare whole SID you need to compare only last 3 digit. If the user is in the admin group then last digits will be 500. But the whole comparing would be more precise.
Besides it is a wrong forum for question about WinAPI.P.S. I think you are digging in the wrong way there is no "admin privileges" in windows. Admin just has some privileges and it would be better to check privileges instead of comparing users.
-
wrote on 22 Oct 2010, 17:24 last edited by
Maybe I should just try to edit the registry, and if it fails, I assume the user lacks the correct privileges?
-
wrote on 22 Oct 2010, 17:27 last edited by
You don't understand what are you talking about. You don't need privileges to access registry you need rights. Maybe you just explain what is the your main goal in common?
-
wrote on 22 Oct 2010, 17:36 last edited by
Sorry about my lack of knowledge about the innards of the Windows operating system. What exactly is the difference between privileges and rights? And if I changed my previous post to:
Maybe I should just try to edit the registry, and if it fails, I assume the user lacks the correct rights?
Would that work better?
By the way, I don't work for Microsoft, and I didn't build Windows either.
-
wrote on 22 Oct 2010, 17:46 last edited by
Why does the MSDN code sample not work in Qt?
-
wrote on 22 Oct 2010, 17:54 last edited by
What exactly is the difference between privileges and rights?
It is a really big topic and I'd recommend you to read some articles or books(e.g. Jeffrey Richter) about it if you really have an interest. Shortly - rights is the object specific term and privilege is the system wide term.
Maybe I should just try to edit the registry, and if it fails, I assume the user lacks the correct rights?
You can only check if the user has a particular right against a particular registry entry.
Really you'd better tell us what is your end goal because security in windows isn't the easy topic to explain it in the forum. -
wrote on 22 Oct 2010, 17:57 last edited by
My application requires registry editing, and in main() I want to make sure the user has the rights to edit the registry so I don't get errors when I try to do it.
-
wrote on 22 Oct 2010, 18:04 last edited by
< offtopic >
Oh, such a lot of tags for only twelve comments.
< /offtopic > -
wrote on 22 Oct 2010, 18:04 last edited by
Ok, presume you want to check if the user has a right to change some registry entry. You should:
@
if(RegOpenKeyEx(XXX, XXX, XXX, KEY_WRITE, XXX) == ERROR_ACCESS_DENIED)
//user has no right to write in this registry key
@
It's just a pseudo-code but I think you'll grasp the idea -
wrote on 22 Oct 2010, 18:06 last edited by
Thanks! I think I'll try that. But I am still wondering why the MSDN sample code didn't work.
-
wrote on 22 Oct 2010, 18:09 last edited by
I don't know, may be some troubles with Windows SDK? Check the headers which you had included whether they have that function declaration.
-
wrote on 22 Oct 2010, 18:14 last edited by
It says I need to include Windows.h, and I did. I also tried including Winbase.h. Still doesn't work.
-
wrote on 22 Oct 2010, 19:45 last edited by
[quote author="ixSci" date="1287770694"]Ok, presume you want to check if the user has a right to change some registry entry. You should:
@
if(RegOpenKeyEx(XXX, XXX, XXX, KEY_WRITE, XXX) == ERROR_ACCESS_DENIED)
//user has no right to write in this registry key
@
It's just a pseudo-code but I think you'll grasp the idea[/quote]You can actually use QSettings to edit the registry.
1/23