INF: Checking for Administrators Group
PSS ID Number: Q111542
Article last modified on 04-23-1994

3.10

WINDOWS NT


----------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Win32 Software Development Kit (SDK) for Windows NT
   version 3.1
----------------------------------------------------------------------

SUMMARY
=======

It is often useful to know if the account under which your application is
running is a member of the "Administrators" group. The sample code below
demonstrates a method of making this determination:

Sample Code
-----------

BOOL IsAdmin(void)
{
   HANDLE hProcess, hAccessToken;
   UCHAR InfoBuffer[1024];
   PTOKEN_GROUPS ptgGroups = (PTOKEN_GROUPS)InfoBuffer;
   DWORD dwInfoBufferSize;
   SID_NAME_USE snuInfo;
   UCHAR szAccountName[256], szDomainName[256];
   DWORD dwAccountNameSize, dwDomainNameSize;
   UINT x;

   hProcess = GetCurrentProcess();

   if(!OpenProcessToken(hProcess,TOKEN_READ,&hAccessToken))
      return(FALSE);

   if(!GetTokenInformation(hAccessToken,TokenGroups,InfoBuffer,
     1024, &dwInfoBufferSize)) return(FALSE);

   for(x=0;x<ptgGroups->GroupCount;x++)
   {
      dwAccountNameSize = 256;
      dwDomainNameSize = 256;

      LookupAccountSid(NULL, ptgGroups->Groups[x].Sid,
      szAccountName, &dwAccountNameSize,
      szDomainName, &dwDomainNameSize, &snuInfo);

      if(!strcmp(szAccountName,"Administrators") &&
      !strcmp(szDomainName,"BUILTIN"))
      return(TRUE);
  }
  return(FALSE);
}

MORE INFORMATION
================

The sample code above begins by obtaining a handle to the access token via
the OpenProcessToken() API (application programming interface). The
GetTokenInformation() API is then called to obtain the TOKEN_GROUPS
structure for the access token. The sample then looks up the name of each
group via the LookupAccountSid() API and compares it to Administrators. If
a group with an account name Administrators and domain name "BUILTIN" is
found, then the sample returns TRUE indicating the user is a member of the
Administrators group.

Additional reference words: 3.10
KBCategory: Prg
KBSubcategory: BseSecurity

=============================================================================

Copyright Microsoft Corporation 1994.
