Two questions about the windows admin account

**Davos** · Apr 2nd, 2003, 09:02 AM

1. How can retrieve in code the administrator login details. I need this because people are going to use my program from within many user accounts and it will have to run using the administrator account using the LogonUser function.

2. How can I tell in code when I'm not running the windows administrator account? I saw this function for determining if I can write to the registry, but it does not always return false, and I want something more general.

VB Code:

Private Function CheckTokenPrivileges()
    Dim dateStr As String
    If winVersion = "WNT3" Or winVersion = "WNT4" Or winVersion = "W2000" Or winVersion = "WXP" Then
        If EnablePrivilege(SE_BACKUP_NAME) = False And GetString(HKEY_LOCAL_MACHINE, "SOFTWARE\Xenon\Data", "AUN") <> "" Then
            AdminPasswDialog.Show vbModal, Me   'ask for admin login data
        Else
            Call SetNTPrivileges(True, GetString(HKEY_LOCAL_MACHINE, "SOFTWARE\Xenon\Data", "AUN"), _
                GetString(HKEY_LOCAL_MACHINE, "SOFTWARE\Xenon\Data", "APW"), _
                GetString(HKEY_LOCAL_MACHINE, "SOFTWARE\Xenon\Data", "ADM"))
        End If
    End If
End Function
Private Function EnablePrivilege(seName As String) As Boolean   'used to see what token privileges user has. It can't had any new ones though
 
    Dim p_lngRtn As Long
    Dim p_lngToken As Long
    Dim p_lngBufferLen As Long
    Dim p_typLUID As LUID
    Dim p_typTokenPriv As TOKEN_PRIVILEGES
    Dim p_typPrevTokenPriv As TOKEN_PRIVILEGES
    p_lngRtn = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, p_lngToken)
    If p_lngRtn = 0 Then
        Exit Function ' Failed
    ElseIf Err.LastDllError <> 0 Then
        Exit Function ' Failed
    End If
    p_lngRtn = LookupPrivilegeValue(0&, seName, p_typLUID)  'Used to look up privileges LUID.
    If p_lngRtn = 0 Then
        Exit Function ' Failed
    End If
    ' Set it up to adjust the program's security privilege.
    p_typTokenPriv.PrivilegeCount = 1
    p_typTokenPriv.Privileges.Attributes = SE_PRIVILEGE_ENABLED
    p_typTokenPriv.Privileges.pLuid = p_typLUID
    EnablePrivilege = (AdjustTokenPrivileges(p_lngToken, False, p_typTokenPriv, Len(p_typPrevTokenPriv), p_typPrevTokenPriv, p_lngBufferLen) <> 0)
End Function

Many thanks to all.

**JordanChris** · Apr 2nd, 2003, 11:05 AM

Does this help?
Does the current user have administration rights?

VB Code:

'Called with:
MsgBox IsUserAdmin("YourUserName") 
 
 
Private Declare Function NetUserGetInfo Lib "netapi32" (ByVal servername As String, ByVal username As String, ByVal level As Long, bufptr As Long) As Long 
Private Const NERR_Success = 0 
Private Declare Sub MoveMemory Lib "kernel32" Alias "RtlMoveMemory" (pDest As Any, pSource As Any, ByVal dwLength As Long) 
Private Declare Function NetApiBufferFree Lib "netapi32" (ByVal Buffer As Long) As Long 
 
Private Const USER_PRIV_GUEST = 0 
Private Const USER_PRIV_USER = 1 
Private Const USER_PRIV_ADMINISTRATOR = 2 
 
Private Type USER_INFO_3 
usri3_name As Long 
usri3_password As Long 
usri3_password_age As Long 
usri3_priv As Long 
usri3_home_dir As Long 
usri3_comment As Long 
usri3_flags As Long 
usri3_script_path As Long 
usri3_auth_flags As Long 
usri3_full_name As Long 
usri3_usr_comment As Long 
usri3_parms As Long 
usri3_workstations As Long 
usri3_last_logon As Long 
usri3_last_logoff As Long 
usri3_acct_expires As Long 
usri3_max_storage As Long 
usri3_units_per_week As Long 
usri3_logon_hours As Long 
usri3_bad_pw_count As Long 
usri3_num_logons As Long 
usri3_logon_server As Long 
usri3_country_code As Long 
usri3_code_page As Long 
usri3_user_id As Long 
usri3_primary_group_id As Long 
usri3_profile As Long 
usri3_home_dir_drive As Long 
usri3_password_expired As Long 
End Type 
 
Public Function IsUserAdmin(p_strUserName As String) As Boolean 
Dim udtUSER_INFO As USER_INFO_3 
Dim lngBufferPointer As Long 
 
IsUserAdmin = False 
 
If (NetUserGetInfo("", StrConv(p_strUserName, vbUnicode), 3, lngBufferPointer) = NERR_Success) Then 
Call MoveMemory(udtUSER_INFO, ByVal lngBufferPointer, Len(udtUSER_INFO)) 
Call NetApiBufferFree(ByVal lngBufferPointer) 
 
If udtUSER_INFO.usri3_priv = USER_PRIV_ADMINISTRATOR Then 
IsUserAdmin = True 
End If 
End If 
End Function

**Davos** · Apr 3rd, 2003, 03:31 AM

Thanks Jordan, that was spot on!

**Davos** · Apr 3rd, 2003, 08:20 AM

I can't seem to get the return values expected here using the LogonUser. I get 0 whether the user exists or not. Any ideas anyone?

Aslo, anyone has a reply to my 1st question. Thank!

VB Code:

Dim lngReturnCode As Long
    Dim lngTokenHandle As Long
    Dim strServerName As String
    
    On Error GoTo ErrTrap
    
    lngReturnCode = RevertToSelf()  'The blnSwitch value passed in will decipher whether to turn the privelages on or off depending on the value.
                                    'If this is true, I attempt to log onto the domain with the hard coded user name & password. I then take the
                                    'currently logged on users logon thread and promote them to have inherited these admin user rights.
    Select Case blnSwitch
        Case True
            If Len(domain) = 0 Then domain = vbNullString
            lngReturnCode = LogonUser(uname, domain, pword, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, lngTokenHandle)
            If (lngReturnCode = 0) Then
                lngReturnCode = ImpersonateLoggedOnUser(lngTokenHandle)
                If (lngReturnCode = 0) Then
                    blnWorkedOk = False
                    Msg = GetLangText(lngArr(), "[ClFormDialog-String20]")
                    Style = vbOKOnly + vbExclamation
                    Title = GetLangText(lngArr(), "[ClFormDialog-String18]")
                    If MsgBox(Msg, Style, Title) = vbOK Then
                        Unload Me
                        End
                    End If
                Else
                    GoTo LoggedOK
                End If
            Else
                GoTo LoggedOK
            End If  'return the users normal privileges and log off the above admin user.
        Case False
            lngReturnCode = RevertToSelf()
    End Select
    
LoggedOK:
    blnWorkedOk = True
    Debug.Print (GetLastError)
    Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Xenon\Data\", "AUN", uname)
    Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Xenon\Data\", "APW", pword)
    Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Xenon\Data\", "ADM", domain)
    CloseHandle lngTokenHandle
    Exit Function

**Davos** · Apr 3rd, 2003, 09:16 AM

What I'm trying to do is to install an app so the installation (Windows Installer) and the running of the app works for all users. Anyone know how to peform this?

The approach I have now is for the application to ask the windows administrator logon details to the user and run using this throughout. Problem is if the password changes, the app has to throw up this box again to ask for the new logon details. I want to avoid having to ask for the details again and wish to make all accounts install & use the app.

As the program writes to the registry and the windows directory, an alternative could be to find an area that does not require rights.

Anyone?

Thanks.

**Davos** · Apr 3rd, 2003, 12:50 PM

*bump* !!

Anyone ?

**Davos** · Apr 4th, 2003, 03:21 AM

Plz!!!

**swatty** · Apr 4th, 2003, 03:31 AM

How do you install your app.

Did you make it with PDW ?

If so there is an option you can set so all users can use the program .

**Davos** · Apr 4th, 2003, 03:33 AM

Ok. Thanks. I use Windows installer. I saw that using the compressed bootstrap otion I can choose what account to make the installtion run under. So I suppose this answers my 1st question. The other question is still out there. Thanks.

**Davos** · Apr 5th, 2003, 10:11 AM

Anyone?

**Davos** · Apr 6th, 2003, 05:07 AM

Please! Please!

**Davos** · Apr 7th, 2003, 12:13 PM

My program has to be able to run no matter what the current user's rights are. The way i see i can do it is if i use logonuser and logon using the admin stuff. Problem is i need to prompt the user with a dialog box so he enters the username and password. I want to avoid this and have this application look for the details and run using them. I can't ask anyone individual to set up a admin account, even temporary, as the program will be sold to the public and we can't expect people to know how to do such a thing.

So, when the user enters some username and password in this box i have, the application then uses logonuser to try and log on. Problem is logonuser always returns 0 whether the logon details were actually correct or not. 0, According to msdn indicates an error.

How can i then check the validity of the admin details the user gives or logon automatically without user intervention?

Best option would be to look up the credentials of some admin that has sufficient rights to at least make the app write to the registry and disk.

Any help anyone?

Thanks.

**Steve Stunning** · Sep 18th, 2003, 07:54 AM

Greetings and Salutations,

Did you ever solve your problem?

**Davos** · Sep 18th, 2003, 07:57 AM

Hi Steve,

Thanks. No I could not solve it, but the method I finally settled for is ok. I ask with a form for the admin credentials.

Would still be better if this could be looked up in code instead.

Would you have some alternative solution?

Thanks.

**Steve Stunning** · Sep 18th, 2003, 09:28 AM

Try this out. I believe it may help.

**Davos** · Sep 18th, 2003, 09:53 AM

Thanks but I wanted code that would retrieve the admin credentials not just that said if a user is an admin or not.

thks anyway,

Thread: Two questions about the windows admin account

Thread Tools

Display

Two questions about the windows admin account

Thanks

LogonUser

More such questions

Please

Posting Permissions