问题
I need to determine if my program is running with full administrator rights. By that I mean if uac is turned on (for win vista/7) that I need to determine if the program actually has admin rights (like if the user right clicked and selected "run as administator") and not limited by uac. How do I do this in C++?
回答1:
- Win9x: Everyone is "admin"
- NT4: OpenThreadToken/OpenProcessToken + GetTokenInformation(...,TokenGroups,...) on DOMAIN_ALIAS_RID_ADMINS SID in a loop
- 2000+: OpenThreadToken/OpenProcessToken + CheckTokenMembership on DOMAIN_ALIAS_RID_ADMINS SID
Other alternatives are: IsUserAnAdmin or AccessCheck
Checking the TOKEN_ELEVATION* stuff in the token is not required for testing the current process but it is useful if you need to find out if the user could elevate because they have a split token etc.
回答2:
An expansion on Anders' answer for those (like me) who are less Windows literate:
BOOL isMember;
PSID administratorsGroup = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT =
SECURITY_NT_AUTHORITY;
if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&administratorsGroup))
{
throw(oops_t(GetLastError(), "AllocateAndInitializeSid"));
}
if (!CheckTokenMembership(nullptr, administratorsGroup, &isMember))
{
throw(oops_t(GetLastError(), "CheckTokenMembership"));
}
if (!isMember)
{
throw(oops_t(ERROR_ACCESS_DENIED, "Test for Admin privileges"));
}
来源:https://stackoverflow.com/questions/4230602/detect-if-program-is-running-with-full-administrator-rights