Guest Al Posted February 3, 2009 Posted February 3, 2009 I am using the techinque to get the TokenElevationType using the API GetTokenInformation on Vista to determine if a user is an admin. It seems to work fine on Vista Business/Ultimate etc. However, it fails on Vista Home. Does anyone have any clues? The code is along the following lines: TOKEN_ELEVATION_TYPE elevationType; DWORD dwSize; GetTokenInformation(hUserToken, TokenElevationType, &elevationType, sizeof(elevationType), &dwSize); switch (elevationType) { case TokenElevationTypeDefault: TRACE(_T("TokenElevationTypeDefault - User is not using a split token\n")); m_bAdmin = FALSE; break; case TokenElevationTypeFull: TRACE(_T("TokenElevationTypeFull - User has a split token, and the process is running elevated\n")); m_bAdmin = TRUE; break; case TokenElevationTypeLimited: TRACE(_T("TokenElevationTypeLimited - User has a split token, but the process is not running elevated\n")); m_bAdmin = TRUE; break; } Thanks. Quote
Guest Sam Hobbs Posted February 4, 2009 Posted February 4, 2009 First, when posting questions about a function that returns potential errors, include the error code. This function returns an error code that is obtained by GetLastError. If you have not used GetLastError for this then if you do use it for this you might have an answer. If the error code does not immediately tell you what the problem is then search for GetTokenInformation with the error code. You might need to convert the error code to a symbolic name; look in winerror.h to do that. Or you might need to search the error code with a "0x" prefix. Search the MSDN, and if that does not help, search the Windows programming security group (Google groups might help) and if that does not help search the internet. Second, any time a question says something such as "doesn't work" or "fails", it is usually necessary to be more specific about the symptoms, as I describe above. Finally, this is not a programming group. You should ask in the Windows programming security group. "Al" <Al@discussions.microsoft.com> wrote in message news:DC7AACBF-4361-4353-B1D9-B45489949218@microsoft.com...<span style="color:blue"> >I am using the techinque to get the TokenElevationType using the API > GetTokenInformation on Vista to determine if a user is an admin. It seems > to > work fine on Vista Business/Ultimate etc. However, it fails on Vista Home. > Does anyone have any clues? > > The code is along the following lines: > > TOKEN_ELEVATION_TYPE elevationType; > DWORD dwSize; > > GetTokenInformation(hUserToken, TokenElevationType, &elevationType, > sizeof(elevationType), &dwSize); > > switch (elevationType) > { > case TokenElevationTypeDefault: > TRACE(_T("TokenElevationTypeDefault - User is not using a split > tokenn")); > m_bAdmin = FALSE; > break; > > case TokenElevationTypeFull: > TRACE(_T("TokenElevationTypeFull - User has a split token, and the > process is running elevatedn")); > m_bAdmin = TRUE; > break; > > case TokenElevationTypeLimited: > TRACE(_T("TokenElevationTypeLimited - User has a split token, but the > process is not running elevatedn")); > m_bAdmin = TRUE; > break; > > } > > Thanks. </span> Quote
Guest SuperXero Posted February 4, 2009 Posted February 4, 2009 How about this instead. Right Click on my computer, click manage, local users and groups, users, right click, properties, member of. If they are in the administrators group they are an admin. SuperXero 'HackingManual.Net' (http://hackingmanual.net) -- SuperXero Quote
Guest Al Posted February 4, 2009 Posted February 4, 2009 You obviously are clueless about what I asked. If you don't know, that is fine but please don't waste everyone's time by responding with useless messages. "Sam Hobbs" wrote: <span style="color:blue"> > First, when posting questions about a function that returns potential > errors, include the error code. This function returns an error code that is > obtained by GetLastError. If you have not used GetLastError for this then if > you do use it for this you might have an answer. If the error code does not > immediately tell you what the problem is then search for GetTokenInformation > with the error code. You might need to convert the error code to a symbolic > name; look in winerror.h to do that. Or you might need to search the error > code with a "0x" prefix. Search the MSDN, and if that does not help, search > the Windows programming security group (Google groups might help) and if > that does not help search the internet. > > Second, any time a question says something such as "doesn't work" or > "fails", it is usually necessary to be more specific about the symptoms, as > I describe above. > > Finally, this is not a programming group. You should ask in the Windows > programming security group. > > > > "Al" <Al@discussions.microsoft.com> wrote in message > news:DC7AACBF-4361-4353-B1D9-B45489949218@microsoft.com...<span style="color:green"> > >I am using the techinque to get the TokenElevationType using the API > > GetTokenInformation on Vista to determine if a user is an admin. It seems > > to > > work fine on Vista Business/Ultimate etc. However, it fails on Vista Home. > > Does anyone have any clues? > > > > The code is along the following lines: > > > > TOKEN_ELEVATION_TYPE elevationType; > > DWORD dwSize; > > > > GetTokenInformation(hUserToken, TokenElevationType, &elevationType, > > sizeof(elevationType), &dwSize); > > > > switch (elevationType) > > { > > case TokenElevationTypeDefault: > > TRACE(_T("TokenElevationTypeDefault - User is not using a split > > tokenn")); > > m_bAdmin = FALSE; > > break; > > > > case TokenElevationTypeFull: > > TRACE(_T("TokenElevationTypeFull - User has a split token, and the > > process is running elevatedn")); > > m_bAdmin = TRUE; > > break; > > > > case TokenElevationTypeLimited: > > TRACE(_T("TokenElevationTypeLimited - User has a split token, but the > > process is not running elevatedn")); > > m_bAdmin = TRUE; > > break; > > > > } > > > > Thanks. </span> > </span> Quote
Guest Mark H Posted February 4, 2009 Posted February 4, 2009 http://www.developmentnow.com/groups/post....threadid=851943 http://blogs.msdn.com/cjacks/archive/2006/...dows-Vista.aspx If that doesn't answer it, contact Wang. (e-mail at end of post, first link) "Al" <Al@discussions.microsoft.com> wrote in message news:DC7AACBF-4361-4353-B1D9-B45489949218@microsoft.com...<span style="color:blue"> > I am using the techinque to get the TokenElevationType using the API > GetTokenInformation on Vista to determine if a user is an admin. It seems</span> to<span style="color:blue"> > work fine on Vista Business/Ultimate etc. However, it fails on Vista Home. > Does anyone have any clues? > > The code is along the following lines: > > TOKEN_ELEVATION_TYPE elevationType; > DWORD dwSize; > > GetTokenInformation(hUserToken, TokenElevationType, &elevationType, > sizeof(elevationType), &dwSize); > > switch (elevationType) > { > case TokenElevationTypeDefault: > TRACE(_T("TokenElevationTypeDefault - User is not using a split</span> token\n"));<span style="color:blue"> > m_bAdmin = FALSE; > break; > > case TokenElevationTypeFull: > TRACE(_T("TokenElevationTypeFull - User has a split token, and the > process is running elevatedn")); > m_bAdmin = TRUE; > break; > > case TokenElevationTypeLimited: > TRACE(_T("TokenElevationTypeLimited - User has a split token, but the > process is not running elevatedn")); > m_bAdmin = TRUE; > break; > > } > > Thanks.</span> Quote
Guest FromTheRafters Posted February 4, 2009 Posted February 4, 2009 http://blogs.msdn.com/cjacks/archive/2006/...dows-Vista.aspx Maybe these guys can be more help. "Al" <Al@discussions.microsoft.com> wrote in message news:6EB33FAB-D276-4B5B-9DAE-9DF1AD25ECEA@microsoft.com...<span style="color:blue"> > You obviously are clueless about what I asked. If you don't know, that is > fine but please don't waste everyone's time by responding with useless > messages. > > "Sam Hobbs" wrote: ><span style="color:green"> >> First, when posting questions about a function that returns potential >> errors, include the error code. This function returns an error code that >> is >> obtained by GetLastError. If you have not used GetLastError for this then >> if >> you do use it for this you might have an answer. If the error code does >> not >> immediately tell you what the problem is then search for >> GetTokenInformation >> with the error code. You might need to convert the error code to a >> symbolic >> name; look in winerror.h to do that. Or you might need to search the >> error >> code with a "0x" prefix. Search the MSDN, and if that does not help, >> search >> the Windows programming security group (Google groups might help) and if >> that does not help search the internet. >> >> Second, any time a question says something such as "doesn't work" or >> "fails", it is usually necessary to be more specific about the symptoms, >> as >> I describe above. >> >> Finally, this is not a programming group. You should ask in the Windows >> programming security group. >> >> >> >> "Al" <Al@discussions.microsoft.com> wrote in message >> news:DC7AACBF-4361-4353-B1D9-B45489949218@microsoft.com...<span style="color:darkred"> >> >I am using the techinque to get the TokenElevationType using the API >> > GetTokenInformation on Vista to determine if a user is an admin. It >> > seems >> > to >> > work fine on Vista Business/Ultimate etc. However, it fails on Vista >> > Home. >> > Does anyone have any clues? >> > >> > The code is along the following lines: >> > >> > TOKEN_ELEVATION_TYPE elevationType; >> > DWORD dwSize; >> > >> > GetTokenInformation(hUserToken, TokenElevationType, &elevationType, >> > sizeof(elevationType), &dwSize); >> > >> > switch (elevationType) >> > { >> > case TokenElevationTypeDefault: >> > TRACE(_T("TokenElevationTypeDefault - User is not using a split >> > tokenn")); >> > m_bAdmin = FALSE; >> > break; >> > >> > case TokenElevationTypeFull: >> > TRACE(_T("TokenElevationTypeFull - User has a split token, and the >> > process is running elevatedn")); >> > m_bAdmin = TRUE; >> > break; >> > >> > case TokenElevationTypeLimited: >> > TRACE(_T("TokenElevationTypeLimited - User has a split token, but the >> > process is not running elevatedn")); >> > m_bAdmin = TRUE; >> > break; >> > >> > } >> > >> > Thanks.</span> >> </span></span> Quote
Guest Sam Hobbs Posted February 5, 2009 Posted February 5, 2009 So do you think this is a programmer's group? The answer I gave is typical of answers given in the MSDN forums. It is very normal for people in a programmer's forum to ask for details of "fails"; in particular what does GetLastError return when it is relevant. If this question were responded to by a Microsoft person, they would certainly ask for that. What in particular do you consider incorrect? "Al" <Al@discussions.microsoft.com> wrote in message news:6EB33FAB-D276-4B5B-9DAE-9DF1AD25ECEA@microsoft.com...<span style="color:blue"> > You obviously are clueless about what I asked. If you don't know, that is > fine but please don't waste everyone's time by responding with useless > messages. > > "Sam Hobbs" wrote: ><span style="color:green"> >> First, when posting questions about a function that returns potential >> errors, include the error code. This function returns an error code that >> is >> obtained by GetLastError. If you have not used GetLastError for this then >> if >> you do use it for this you might have an answer. If the error code does >> not >> immediately tell you what the problem is then search for >> GetTokenInformation >> with the error code. You might need to convert the error code to a >> symbolic >> name; look in winerror.h to do that. Or you might need to search the >> error >> code with a "0x" prefix. Search the MSDN, and if that does not help, >> search >> the Windows programming security group (Google groups might help) and if >> that does not help search the internet. >> >> Second, any time a question says something such as "doesn't work" or >> "fails", it is usually necessary to be more specific about the symptoms, >> as >> I describe above. >> >> Finally, this is not a programming group. You should ask in the Windows >> programming security group. >> >> >> >> "Al" <Al@discussions.microsoft.com> wrote in message >> news:DC7AACBF-4361-4353-B1D9-B45489949218@microsoft.com...<span style="color:darkred"> >> >I am using the techinque to get the TokenElevationType using the API >> > GetTokenInformation on Vista to determine if a user is an admin. It >> > seems >> > to >> > work fine on Vista Business/Ultimate etc. However, it fails on Vista >> > Home. >> > Does anyone have any clues? >> > >> > The code is along the following lines: >> > >> > TOKEN_ELEVATION_TYPE elevationType; >> > DWORD dwSize; >> > >> > GetTokenInformation(hUserToken, TokenElevationType, &elevationType, >> > sizeof(elevationType), &dwSize); >> > >> > switch (elevationType) >> > { >> > case TokenElevationTypeDefault: >> > TRACE(_T("TokenElevationTypeDefault - User is not using a split >> > tokenn")); >> > m_bAdmin = FALSE; >> > break; >> > >> > case TokenElevationTypeFull: >> > TRACE(_T("TokenElevationTypeFull - User has a split token, and the >> > process is running elevatedn")); >> > m_bAdmin = TRUE; >> > break; >> > >> > case TokenElevationTypeLimited: >> > TRACE(_T("TokenElevationTypeLimited - User has a split token, but the >> > process is not running elevatedn")); >> > m_bAdmin = TRUE; >> > break; >> > >> > } >> > >> > Thanks.</span> >> </span></span> Quote
Guest Sam Hobbs Posted February 5, 2009 Posted February 5, 2009 Al (the person asking the question) needs to do it in a program. If I am incorrect about that then the source code is misleading. In programming forums, when someone provides source code, they cannot use a "manual" (non-automated) solution. "SuperXero" <guest@unknown-email.com> wrote in message news:fe98e168f1e9742b425772919bea40d0@nntp-gateway.com...<span style="color:blue"> > > How about this instead. Right Click on my computer, click manage, local > users and groups, users, right click, properties, member of. If they are > in the administrators group they are an admin. > > SuperXero > 'HackingManual.Net' (http://hackingmanual.net) > > > -- > SuperXero </span> Quote
Guest SuperXero Posted February 5, 2009 Posted February 5, 2009 I get it sam, like if a program needs to validate someone as admin or not admin. Yep I'm not a programmer just a network admin. -- SuperXero Quote
Guest Sam Hobbs Posted February 5, 2009 Posted February 5, 2009 Yes, there you go; there are many reasons that might be done. Generally it would be useful for issuing a message informing someone they need to have Administrator privileges when they don't, instead of letting them proceed and then get a more obscure crash message. "SuperXero" <guest@unknown-email.com> wrote in message news:d6b96f0bac0c419cce51220fb62c841e@nntp-gateway.com...<span style="color:blue"> > > I get it sam, like if a program needs to validate someone as admin or > not admin. Yep I'm not a programmer just a network admin. > > > -- > SuperXero </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.