I have code that finds out if the current user is a local administrator.
Apparently, if the user is a member of a domain group that has
administrative privileges, that code doesn't work. Does anyone know how to
determine if a user is an administrator OF ANY KIND?
Here is the code I am using currently.
function IsAdmin: Boolean;
var
hAccessToken: THandle;
ptgGroups: PTokenGroups;
dwInfoBufferSize: DWORD;
psidAdministrators: PSID;
x: Integer;
bSuccess: BOOL;
procedure CantGetAdmin;
begin
raise Exception.Create( 'Unable to determine if you have
Administrator authority.' );
end;
begin
// result := True;
// exit;
if Win32Platform <> VER_PLATFORM_WIN32_NT then begin
result := False;
exit;
end;
Result := False;
bSuccess := OpenThreadToken( GetCurrentThread, TOKEN_QUERY, True,
hAccessToken );
if not bSuccess then begin
if GetLastError = ERROR_NO_TOKEN then begin
bSuccess := OpenProcessToken( GetCurrentProcess, TOKEN_QUERY,
hAccessToken );
if not bSuccess then CantGetAdmin;
end
else CantGetAdmin;
end;
GetMem( ptgGroups, 1024 );
try
bSuccess := GetTokenInformation( hAccessToken, TokenGroups,
ptgGroups, 1024, dwInfoBufferSize );
CloseHandle( hAccessToken );
if bSuccess then begin
AllocateAndInitializeSid( SECURITY_NT_AUTHORITY,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0,
0,
0,
0,
0,
0,
psidAdministrators );
try
{$R-}
for x := 0 to ptgGroups.GroupCount - 1 do begin
if ( SE_GROUP_ENABLED = (ptgGroups.Groups[x].Attributes
and SE_GROUP_ENABLED ) ) and
EqualSid( psidAdministrators, ptgGroups.Groups[x].Sid )
then begin
Result := True;
Break;
end;
end;
{$R+}
finally
FreeSid( psidAdministrators );
end;
end;
finally
FreeMem(ptgGroups);
end;
end;
