Re: how to set admin privilege

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Sorry for late reply.
Yes below code tells about status. Can you please give me any link which
contains the code to change provolege at run time.
"Pete Delgado" <Peter.Delgado@xxxxxxxxxx> wrote in message
news:Ofoey4ofKHA.5500@xxxxxxxxxxxxxxxxxxxxxxx

"Tom Serface" <tom@xxxxxxxxxxxxx> wrote in message
news:uLIWkxnfKHA.6096@xxxxxxxxxxxxxxxxxxxxxxx
Just to add to David's reply, here is a function I wrote that will tell
you the current privileges so you could make the decision
programmatically. You'l have to fill in the way you check the version (I
use the XTreme Toolkit function.

This also works on Win7 (for me so far anyway).

You may also find this link informational:

http://en.wikipedia.org/wiki/User_Account_Control

Tom

bool IsRunningVistaElevated()
{
bool bRet = false;
TOKEN_ELEVATION_TYPE ptet;
if (/* Check OS version here XTOSVersionInfo()->IsWinVistaOrGreater() */)
{
HANDLE hToken = NULL;
if (::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
DWORD dwReturnLength = 0;
if (::GetTokenInformation(hToken, TokenElevationType, &ptet, sizeof ptet,
&dwReturnLength))
bRet = ptet == TokenElevationTypeFull;
::CloseHandle( hToken );
}
}
return bRet;
}

Tom,
Elevation is not the same as having administrative privileges. The OP
asked for administrative privileges and your code simply tells the
elevation status of the process token which is not the same thing.For
example, if i were to create an account that has the
SeImpersonatePrivilege privilege, then I can launch the process with this
elevated token. Your code will correctly see that this is an elevated
token, but yet this is not a user that is a member of the Administrators
group.

With that being said, for most applications like the OP has created, it is
far better for security to only require those permissions that the process
actually needs. Requiring Administrator rights is heavy handed and was
done in the XP days. I suggest that the OP have his code use the
PrivilegeCheck function in conjuction with obtaining the elevation status
of the token rather than using membership to a specific group in order to
determine whether the process has the necessary rights to do something.

-Pete





.

Relevant Pages

  • Re: how to set admin privilege
    ... TOKEN_ELEVATION_TYPE ptet; ... Elevation is not the same as having administrative privileges. ... The OP asked for administrative privileges and your code simply tells the elevation status of the process token which is not the same thing.For example, if i were to create an account that has the SeImpersonatePrivilege privilege, then I can launch the process with this elevated token. ...
    (microsoft.public.vc.mfc)
  • Re: how to set admin privilege
    ... TOKEN_ELEVATION_TYPE ptet; ... Elevation is not the same as having administrative privileges. ... Requiring Administrator rights is heavy handed ...
    (microsoft.public.vc.mfc)
  • Re: how to set admin privilege
    ... TOKEN_ELEVATION_TYPE ptet; ... Elevation is not the same as having administrative privileges. ...
    (microsoft.public.vc.mfc)
  • Re: how to set admin privilege
    ... We do anything we need to have administrator privileges for in the setup/install and anything else that needs admin as a service. ... TOKEN_ELEVATION_TYPE ptet; ... The OP asked for administrative privileges and your code simply tells the elevation status of the process token which is not the same thing.For example, if i were to create an account that has the SeImpersonatePrivilege privilege, then I can launch the process with this elevated token. ...
    (microsoft.public.vc.mfc)
  • REPOST INFO ONLY: Running a VBS elevated under Vista with UAC enabled
    ... asked to confirm elevation of privileges). ... I was able to run VBS in elevated privilege mode ... If you right click an EXE file, you see "Run as Administrator", if you ...
    (microsoft.public.scripting.vbscript)