Determining the type of account on NT

[Brad Younie]

I'm writing a program that is only meant to be run by a domain administrator on NT. I need my program to be able to find out if the current user is logged in as a domain admin, but can't make it work.

Can anyone help?

I've been using AllocateAndInitializeSid then comparing the SID with all group SIDs but it doesn't work. I think I'm close, but maybe using the wrong RID.

Hi,
Windows provide you with a set of API's called LAN Manager API's to achieve this task. You can try using NetGroupGetUsers() call (This call works for Global groups ... ofcourse... DomainAdmin is a global group).... Some of the LAN Manager API calls works only for Domain Admins...

Feel free to contact me.... my mail id is [email protected]

--pugal

[Vasko]

here is the working function from Microfroft:

BOOL IsAdmin()
{
HANDLE hAccessToken;
UCHAR InfoBuffer[1024];
PTOKEN_GROUPS ptgGroups = (PTOKEN_GROUPS)InfoBuffer;
DWORD dwInfoBufferSize;
PSID psidAdministrators;
SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
UINT x;
BOOL bSuccess;

if(!OpenProcessToken(GetCurrentProcess(),TOKEN_READ,&hAccessToken))
return(FALSE);

bSuccess = GetTokenInformation(hAccessToken,TokenGroups,InfoBuffer,
1024, &dwInfoBufferSize);

CloseHandle(hAccessToken);

if(!bSuccess )
return FALSE;

if(!AllocateAndInitializeSid(&siaNtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&psidAdministrators))
return FALSE;

// assume that we don't find the admin SID.
bSuccess = FALSE;

for(x=0;x<ptgGroups->GroupCount;x++)
{
if( EqualSid(psidAdministrators, ptgGroups->Groups[x].Sid) )
{
bSuccess = TRUE;
break;
}

}
FreeSid(psidAdministrators);
return bSuccess;

}