Reputation: 24192
win32 api - how to check for user privileges on a remote machine
given user credentials to either a local account on a remote machine or a domain account, how can i check the user privileges these credentials grant on a remote host ?
i can lookup the SID for the account, but how do i know if, for instance, this account is a members of the administrators group on the remote host ?
i can find plenty of example for checking against the local administrators group (fo example How do I check if a user has local admin privileges in win32), but it looks like CreateWellKnownSid only works on the localhost.
any clues/pointers/code samples would be very welcome.
edit: more background on my problem in the comments below.
Upvotes: 3
Views: 2205
Answers (1)
Reputation: 35613
it is not necessary to perform this step to do the task you are describing, and for various reasons performing this step will not ensure that the task succeeds. For example, the credentials may have permissions on the remote machine, but there may be security software in place which prevents it from succeeding.
The way to solve your problem is to simply do the task using the credentials given, and check all return values. If you get STATUS_ACCESS_DENIED it means what it says. If you don't get any errors, well your job is done.
Checking the credentials will only be useful to assist a user in selecting appropriate credentials. You may just as well check for access to the \\machine\admin$ share as any other more complicated check.
That said, here is how to do what you asked
If the credentials are domain credentials, you will need to look them up in Active Directory. ADSI is good for this from script. Other APIs exist. Get a list of the user's groups.
Then you need to connect to the remote machine using either the NetXXX apis or ADSI WinNT provider. Get a list of members of the Administrators group. If the any of the user's domain accounts are members of the Administrators group, the user is a member.
This can all be done from script using ADSI LDAP and WinNT providers.
Alternatives
Everyone who wants to run remote code seems to think that you have to write a service executable, install a service, then start it.
The alternative, which is very easy if you have Admin credentials, is to use the Task Scheduler service. It is easy to use SCHTASKS.EXE to create a scheduled task which runs as SYSTEM, LOCAL SERVICE, NETWORK SERVICE or any account whose credentials you have. It can be created without a schedule, then explicitly started, or created with a "once" schedule to run at any time you like, for example in the next few minutes.
If you need to run code on a remote machine, I strongly recommend SCHTASKS.EXE not the service method.
Upvotes: 1
Related Questions
- How to check if a process has the administrative rights
- Determine if User can elevate a process with c++
- Check if another process has admin privileges in .NET
- C# Check if Current Logged on user is Admin (Remote Machine)
- Check a user is an admin on local machine in C++ in Windows
- How do I check if a user has local admin privileges in win32
- How to check access rights on remote hosts and local and UNC paths?
- Discover if user has Admin rights
- How to check whether the current user has administrative privileges
- How do you check if a user has access rights for a file with the windows api