Reputation: 5800
How to check if an account from username and password has admin rights/privileges?
I am wondering if in python is it possible, given the strings username and password, find out if that account has admin rights?
For example, if I have two inputs:
u = input("Username: ")
p = input("Password: ")
# hasAdminRights is a placeholder to checking if the account first of all exists, and then if it has admin.
if hasAdminRights(u,p):
print "This account has admin privileges!"
else:
print """This account either
1) does not have admin
2) is not a real account
3) entered the wrong password"""
I need to be able to check this even if the logged in user is not an admin.
I have seen many stackoverflow questions on checking if the current user has admin, but I would like to check if a different user on the pc has admin.
Thanks in advance,
David Callanan
Upvotes: 1
Views: 694
Answers (1)
Reputation: 34280
To get an access token for the user, call LogonUser, which hasn't required SeTcbPrivilege since Windows XP/2003. Next call GetTokenInformation to get the elevation type, linked token, and the list of groups in the token. For example:
from win32security import (
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, SE_GROUP_ENABLED,
TokenElevationType, TokenLinkedToken, TokenGroups,
TokenElevationTypeLimited, WinBuiltinAdministratorsSid,
LogonUser, GetTokenInformation, CreateWellKnownSid)
def is_user_an_admin(username, password, allow_elevation=True):
token = LogonUser(username, None, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT)
elevation_type = GetTokenInformation(token, TokenElevationType)
admin_group = CreateWellKnownSid(WinBuiltinAdministratorsSid)
if elevation_type == TokenElevationTypeLimited and allow_elevation:
linked_token = GetTokenInformation(token, TokenLinkedToken)
token_list = [token, linked_token]
else:
token_list = [token]
for token in token_list:
for group, attrs in GetTokenInformation(token, TokenGroups):
enabled = attrs & SE_GROUP_ENABLED
if enabled and group == admin_group:
return True
return False
This example doesn't mask exceptions, such as for an incorrect password.
Upvotes: 1
Related Questions
- Cross-platform way to check admin rights in a Python script under Windows?
- Check if an arbitrary user is in Administrator Group with Python
- Use Python to check if some process is running as administrator
- Determine if current user is in Administrators group (Windows/Python)
- Check multiple users for being admin in windows
- How to check if a specified user is admin on a local computer or not?
- web2py How to know a user is logged in as admin
- Discover if user has Admin rights
- How to check whether the current user has administrative privileges
- How to find out if user has administrator privileges or not?