No navigation frame on the left?  Click here.

Admin status

Determining whether the current process has administrator rights is a bit difficult, especially as the definition of "administrative rights" is unclear. Here, I assume that admin rights is equal to membership in the local Administrators group.

The function look_at_token_method() in is_admin.cpp just prepares a SID for the Administrators group (this group always has the same SID no matter what it has been renamed to, or what the name in the local language may be) and then compares the list of groups from the process token to this SID, one at a time. Simple, huh?

Even simpler is the methjod which Jerry Coffin <jcoffin@taeus.org> pointed out to me three weeks ago: calling NetUserGetInfo() at level 1 reports on the admin status of a given username. The only snag with this method is this: Assume you are sitting at machine FOO, which is a member of domain BAR, and you are logged on as the domain user BAR\felixk. If there also is a local account named felixk on machine FOO, then Jerry's method, demonstrated in jerry_coffin_method(), will return the admin status of that local user, FOO\felixk, instead of the domain user, BAR\felixk.