Determine if user has administrator rights (windows)
-
Maybe "GetUserNameEx":http://msdn.microsoft.com/en-us/library/ms724435(v=VS.85).aspx is what you are looking for.
-
Maybe I misunderstood what the msdn page says but isn't this what you want?: [quote]Retrieves the name of the user or other security principal associated with the calling thread.[/quote]
I would have tried it but I'm not on windows at the moment.Edit: Check out "CheckTokenMembership":http://msdn.microsoft.com/en-us/library/aa376389(VS.85).aspx
There is also an example that checks if the User is an admin. -
You're right. I found "CheckTokenMembership":http://msdn.microsoft.com/en-us/library/aa376389(VS.85).aspx, which seems to be an even better solution, but when I use the example code from that page, I get an error, 'CheckTokenMembership' was not declared in this scope.
I have windows.h and winbase.h included. What's wrong? -
First of all you should explain what the "user" mean. I think you're talking about user who run the process and about his security token. If I understood you right then you should use GetSecurityInfo() for retrieving SID of the process owner. And then you can compare it with the admin SID which looks like S-1-5-21-domain-500 where domain is the name of your machine.
Actually I think you don't need to compare whole SID you need to compare only last 3 digit. If the user is in the admin group then last digits will be 500. But the whole comparing would be more precise.
Besides it is a wrong forum for question about WinAPI.P.S. I think you are digging in the wrong way there is no "admin privileges" in windows. Admin just has some privileges and it would be better to check privileges instead of comparing users.
-
Sorry about my lack of knowledge about the innards of the Windows operating system. What exactly is the difference between privileges and rights? And if I changed my previous post to:
Maybe I should just try to edit the registry, and if it fails, I assume the user lacks the correct rights?
Would that work better?
By the way, I don't work for Microsoft, and I didn't build Windows either.
-
What exactly is the difference between privileges and rights?
It is a really big topic and I'd recommend you to read some articles or books(e.g. Jeffrey Richter) about it if you really have an interest. Shortly - rights is the object specific term and privilege is the system wide term.
Maybe I should just try to edit the registry, and if it fails, I assume the user lacks the correct rights?
You can only check if the user has a particular right against a particular registry entry.
Really you'd better tell us what is your end goal because security in windows isn't the easy topic to explain it in the forum. -
< offtopic >
Oh, such a lot of tags for only twelve comments.
< /offtopic > -
Ok, presume you want to check if the user has a right to change some registry entry. You should:
@
if(RegOpenKeyEx(XXX, XXX, XXX, KEY_WRITE, XXX) == ERROR_ACCESS_DENIED)
//user has no right to write in this registry key
@
It's just a pseudo-code but I think you'll grasp the idea -
[quote author="ixSci" date="1287770694"]Ok, presume you want to check if the user has a right to change some registry entry. You should:
@
if(RegOpenKeyEx(XXX, XXX, XXX, KEY_WRITE, XXX) == ERROR_ACCESS_DENIED)
//user has no right to write in this registry key
@
It's just a pseudo-code but I think you'll grasp the idea[/quote]You can actually use QSettings to edit the registry.