PureBasic Adventures - IsUserAnAdministrator()

[Teddy Rogers]

This is a repost from the "PureBasic Adventures" blog...

I needed some code in PureBasic to check if the logged in user and/or running process is a member of the Administrator group. There is IsUserAnAdmin function, it works and is easy to include in your code...

If IsUserAnAdmin_()
  Debug "Running as an Adminstrator"
Else
  Debug "Running as a Limited User"
EndIf

Unfortunately as Microsoft states on MSDN it's a wrapper on a short lifespan, support for it ended with Windows Vista but the function still works in Windows 8.1. Microsoft suggests using the CheckTokenMembership function with the SID identifier NtAthority which, requires a little bit more code to be backward and future proof. Fortunately Microsoft provides example C++ code on MSDN, porting it to PureBasic requires a bit more work, the code below is a translation of this code...

; ------------------------------------------------------------------
;
;   PureBasic IsUserAnAdministrator() function to check if the callers process 
;   is a member of the Administrators group. Code taken from Microsofts
;   example shown at CheckTokenMembership function.
;   
;   Return Value:
;
;   TRUE - Caller has Administrators local group. 
;   FALSE - Caller does not have Administrators local group.
;
;   http://msdn.microsoft.com/en-us/library/windows/desktop/aa376389%28v=vs.85%29.aspx
;   
;   See SID structures:
;
;   http://msdn.microsoft.com/en-us/library/cc980032.aspx
;   http://technet.microsoft.com/en-us/library/cc778824%28v=WS.10%29.aspx
;
;   By Teddy Rogers / PureBasic 5.24 LTS
;
; ------------------------------------------------------------------

Prototype.i CheckTokenMembership(TokenHandle, SidToCheck, IsMember)
Global CheckTokenMembership.CheckTokenMembership

Prototype.i AllocateAndInitializeSid(pIdentifierAuthority, nSubAuthorityCount, dwSubAuthority0, dwSubAuthority1, dwSubAuthority2, dwSubAuthority3, dwSubAuthority4, dwSubAuthority5, dwSubAuthority6, dwSubAuthority7, pSid)
Global AllocateAndInitializeSid.AllocateAndInitializeSid

Prototype.i FreeSid(pSid)
Global FreeSid.FreeSid

Procedure IsUserAnAdministrator()
  Protected IsMember, *AdministratorsGroup
  
  Structure NtAuthority
    NtAuthority.b[6]
  EndStructure
  
  Define SECURITY_NT_AUTHORITY.NtAuthority
  
  If OpenLibrary(advapi32, "advapi32.dll")
    CheckTokenMembership = GetFunction(advapi32, "CheckTokenMembership")
    
    If CheckTokenMembership
      AllocateAndInitializeSid = GetFunction(advapi32, "AllocateAndInitializeSid")
      
      If AllocateAndInitializeSid
        FreeSid = GetFunction(advapi32, "FreeSid")
        
        If FreeSid
          SECURITY_NT_AUTHORITY\NtAuthority[5]=5
          
          ; The AllocateAndInitializeSid function allocates and initializes a security identifier (SID) with up to eight subauthorities.
          
          If AllocateAndInitializeSid(SECURITY_NT_AUTHORITY, 2, #SECURITY_BUILTIN_DOMAIN_RID, #DOMAIN_ALIAS_RID_ADMINS, #Null, #Null, #Null, #Null, #Null, #Null, @*AdministratorsGroup)
            CheckTokenMembership(#Null, *AdministratorsGroup, @IsMember)
          EndIf
          
          FreeSid(*AdministratorsGroup)
        EndIf
      EndIf
    EndIf
    CloseLibrary(advapi32)
  EndIf
  
  ProcedureReturn IsMember
EndProcedure

Debug IsUserAnAdministrator()

Ted.