1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
| function IsAdminLoggedOn: Boolean;
implementation
function IsMemberOfGroup(const DomainAliasRid: DWORD): Boolean;
{ Returns True if the logged-on user is a member of the specified local
group. Always returns True on Windows 9x/Me. }
{$DEFINE Delphi3orHigher}
const
SECURITY_NT_AUTHORITY: TSIDIdentifierAuthority =
(Value: (0, 0, 0, 0, 0, 5));
SECURITY_BUILTIN_DOMAIN_RID = $00000020;
SE_GROUP_ENABLED = $00000004;
SE_GROUP_USE_FOR_DENY_ONLY = $00000010;
var
Sid: PSID;
CheckTokenMembership: function(TokenHandle: THandle; SidToCheck: PSID;
var IsMember: BOOL): BOOL; stdcall;
IsMember: BOOL;
Token: THandle;
GroupInfoSize: DWORD;
GroupInfo: PTokenGroups;
I: Integer;
begin
if Win32Platform <> VER_PLATFORM_WIN32_NT then begin
Result := True;
Exit;
end;
Result := False;
if not AllocateAndInitializeSid(SECURITY_NT_AUTHORITY, 2,
SECURITY_BUILTIN_DOMAIN_RID, DomainAliasRid,
0, 0, 0, 0, 0, 0, Sid) then
Exit;
try
{ Use CheckTokenMembership if available. MSDN states:
"The CheckTokenMembership function should be used with Windows 2000 and
later to determine whether a specified SID is present and enabled in an
access token. This function eliminates potential misinterpretations of
the active group membership if changes to access tokens are made in
future releases." }
CheckTokenMembership := nil;
if Lo(GetVersion) >= 5 then
CheckTokenMembership := GetProcAddress(GetModuleHandle(advapi32),
'CheckTokenMembership');
if Assigned(CheckTokenMembership) then begin
if CheckTokenMembership(0, Sid, IsMember) then
Result := IsMember;
end
else begin
GroupInfo := nil;
if not OpenThreadToken(GetCurrentThread, TOKEN_QUERY, True,
{$IFDEF Delphi3orHigher}Token{$ELSE}@Token{$ENDIF}) then
begin
if GetLastError <> ERROR_NO_TOKEN then
Exit;
if not OpenProcessToken(GetCurrentProcess, TOKEN_QUERY,
{$IFDEF Delphi3orHigher} Token {$ELSE} @Token {$ENDIF}) then
Exit;
end;
try
GroupInfoSize := 0;
if not GetTokenInformation(Token, TokenGroups, nil, 0, GroupInfoSize) and
(GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
Exit;
GetMem(GroupInfo, GroupInfoSize);
if not GetTokenInformation(Token, TokenGroups, GroupInfo,
GroupInfoSize, GroupInfoSize) then
Exit;
for I := 0 to GroupInfo.GroupCount-1 do begin
if EqualSid(Sid, GroupInfo.Groups[I].Sid) and
(GroupInfo.Groups[I].Attributes and (SE_GROUP_ENABLED or
SE_GROUP_USE_FOR_DENY_ONLY) = SE_GROUP_ENABLED) then begin
Result := True;
Break;
end;
end;
finally
FreeMem(GroupInfo);
CloseHandle(Token);
end;
end;
finally
FreeSid(Sid);
end;
end;
function IsAdminLoggedOn: Boolean;
{ Returns True if the logged-on user is a member of the Administrators local
group. Always returns True on Windows 9x/Me. }
const
DOMAIN_ALIAS_RID_ADMINS = $00000220;
begin
Result := IsMemberOfGroup(DOMAIN_ALIAS_RID_ADMINS);
end; |
Détecter un compte admin (différence W7 et W10)
Répondre avec citation
Partager