x0tester0x

DllCall CheckTokenMembership to Check if Current User is in the Administratorgroup

23 posts in this topic

#1 ·  Posted

Sorry for my English...

I want to check if the current User(SID) is in the Administratorgroup(SID), like in the C++ example: https://msdn.microsoft.com/en-us/library/aa376389.aspx. How can I get the SID and how to use the DllCall function correctly?

Thank you in advance

Share this post


Link to post
Share on other sites



#2 ·  Posted

You could just use WMI for example:

 

Share this post


Link to post
Share on other sites

#3 ·  Posted

Yes, but this doesn't work for me, because the Administratorgroup has a different name in another language. 

Share this post


Link to post
Share on other sites

#4 ·  Posted

maybe this?

Func _GetUserGroup($User, $host = @ComputerName)
   Dim $filter[1] = ["group"]
   $colGroups = ObjGet("WinNT://" & $host & "")
   If Not IsObj($colGroups) Then Return SetError(1, '', '')
   $colGroups.Filter = $filter
   For $objGroup In $colGroups
      For $objUser In $objGroup.Members
         If $objUser.name = $User Then Return $objGroup.name
      Next
   Next
   Return SetError(2, '', '')
EndFunc

 

Share this post


Link to post
Share on other sites

#5 ·  Posted

Yes this works fine:lmao:

Can this also checked with the SID of the User and the SID of the Administratorgroup? 

Share this post


Link to post
Share on other sites

#6 ·  Posted

57 minutes ago, x0tester0x said:

Yes this works fine:lmao:

Can this also checked with the SID of the User and the SID of the Administratorgroup? 

But the function returns only the group in which the user is... How can I return true if the user is in the Administratorgroup?

Share this post


Link to post
Share on other sites

#7 ·  Posted

Func _IsUserAdmin($User, $host = @ComputerName)
   Dim $filter[1] = ["group"]
   $colGroups = ObjGet("WinNT://" & $host & "")
   If Not IsObj($colGroups) Then Return SetError(1, '', '')
   $colGroups.Filter = $filter
   For $objGroup In $colGroups
      For $objUser In $objGroup.Members
        If $objUser.name = $User Then
            If $objGroup.name = "Administrators" Then 
                Return True
            Else
                Return False
            EndIf
        EndIf
      Next
   Next
   Return SetError(2, '', '')
EndFunc

I modified the above posted script a bit, see if this works.


UHJvZmVzc2lvbmFsIENvbXB1dGVyZXI=

Share this post


Link to post
Share on other sites

#8 ·  Posted

Nope doesn't work, because of the language Problem:

On 18.6.2017 at 1:35 PM, x0tester0x said:

Yes, but this doesn't work for me, because the Administratorgroup has a different name in another language. 

 

Share this post


Link to post
Share on other sites

#9 ·  Posted

I mean, then couldn't you just change whatever is in the if statement to the word "Administrator" in that language?


UHJvZmVzc2lvbmFsIENvbXB1dGVyZXI=

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

Yes, but I need it in many languages not only one... Because of that I wanted to do it with the SID...

On 17.6.2017 at 10:30 PM, x0tester0x said:

Sorry for my English...

I want to check if the current User(SID) is in the Administratorgroup(SID), like in the C++ example: https://msdn.microsoft.com/en-us/library/aa376389.aspx. How can I get the SID and how to use the DllCall function correctly?

Thank you in advance

Edited by x0tester0x

Share this post


Link to post
Share on other sites

#11 ·  Posted

Oh alright, give me a few minutes and I will see if I can come up with something.


UHJvZmVzc2lvbmFsIENvbXB1dGVyZXI=

Share this post


Link to post
Share on other sites

#12 ·  Posted

OK thx

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

As I am not very experienced with Active Directory, I also encourage other people to try to offer a solution since I don't exactly know if mine will work.

EDIT: Wait, are you trying to do this over a domain? Or just checking for local administrator?

Edited by anthonyjr2

UHJvZmVzc2lvbmFsIENvbXB1dGVyZXI=

Share this post


Link to post
Share on other sites

#14 ·  Posted

Primary for Local Administrator, but also over a domain.

Share this post


Link to post
Share on other sites

#15 ·  Posted

Has someone a solution?

Share this post


Link to post
Share on other sites

#16 ·  Posted

This little script will loop through the Local Administrators group of the computer:

$objWmi = ObjGet("winmgmts:\\" & @ComputerName & "\root\cimv2")
$colGroups = $objWmi.ExecQuery ("Select * From Win32_Group Where Domain = '" & @ComputerName & "' AND SID = 'S-1-5-32-544'")
For $objGroup in $colGroups
    ConsoleWrite($objGroup.Name & @CRLF)
Next

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#17 ·  Posted

Yes, but I need something like this: 

whoami /groups /fo csv | convertfrom-csv | where-object { $_.SID -eq "S-1-5-32-544" }
You can also use isadmin.exe (http://www.westmesatech.com/wast.html) and check for an exit code of 2 (member of administrators, but not enabled, hence not elevated)

Source: https://stackoverflow.com/questions/29129787/powershell-check-if-logged-on-user-is-an-administrator-when-non-elevated

 

Share this post


Link to post
Share on other sites

#18 ·  Posted (edited)

can you try this one ?

#include <WinAPI.au3>

If _IsLocalAdmin() Then
    MsgBox(0, "", "User """ & @Username & """ is a local administrator")
Else
    MsgBox(48, "", "User " & @Username & " is not a local administrator")
EndIf

Func _IsLocalAdmin()
    Local $hToken = _Security__OpenProcessToken(_WinAPI_GetCurrentProcess(), $TOKEN_READ)
    If @error Then Return SetError(1, 0, 0)
    Local $tInfo = _Security__GetTokenInformation ( $hToken, $TOKENELEVATIONTYPE )
    If @error Then Return SetError(2, 0, 0)
    Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
    Return  $iTokenType = 1 ? IsAdmin() : 1
EndFunc

This function returns 1 when the user is a local administrator

edit : CheckTokenMembership will do the same than IsAdmin. You should use CheckTokenMembershipEx instead, but it's not supported on Windows 7 :

#include <Security.au3>

; ...

Func _isAdmin()
    Local $pSID = _Security__StringSidToSid($SID_ADMINISTRATORS)
    If @error Then Return SetError(1, 0, 0)
    Local $aRet = DllCall("Advapi32.dll", "bool", "CheckTokenMembership", "handle", "", "struct*", $pSID, "bool*", "")
    If @error Then Return SetError(2, 0, 0)
    Return $aRet[3]
EndFunc

 

Edited by jguinch

Share this post


Link to post
Share on other sites

#19 ·  Posted

Yes the first Example works in Win7 an Win10, but the second doesn't work in both(always returns 0).

Thanks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now