Check whether the current user is an administrator

Check whether the current user is an administrator

This function will determine whether or not a thread is running in the user context of the local Administrator account. You need to examine the access token associated with that thread using the GetTokenInformation() API, since this access token represents the user under which the thread is running. By default the token associated with a thread is that of its containing process, but this user context will be superceded by any token attached directly to the thread. So to determine a thread’s user context, first attempt to obtain any token attached directly to the thread with OpenThreadToken(). If this fails, and it reports an ERROR_NO_TOKEN, then obtain the token of the thread’s containing process with OpenProcessToken().

Option ExplicitOption Base 0     ' Important assumption for this code 'Fixed at this size for comfort. Could be bigger or made dynamic.Private Const ANYSIZE_ARRAY As Long = 100 ' Security APIsPrivate Const TokenUser = 1Private Const TokenGroups = 2Private Const TokenPrivileges = 3Private Const TokenOwner = 4Private Const TokenPrimaryGroup = 5Private Const TokenDefaultDacl = 6Private Const TokenSource = 7Private Const TokenType = 8Private Const TokenImpersonationLevel = 9Private Const TokenStatistics = 10 ' Token Specific Access RightsPrivate Const TOKEN_ASSIGN_PRIMARY = &H1Private Const TOKEN_DUPLICATE = &H2Private Const TOKEN_IMPERSONATE = &H4Private Const TOKEN_QUERY = &H8Private Const TOKEN_QUERY_SOURCE = &H10Private Const TOKEN_ADJUST_PRIVILEGES = &H20Private Const TOKEN_ADJUST_GROUPS = &H40Private Const TOKEN_ADJUST_DEFAULT = &H80 ' NT well-known SIDsPrivate Const SECURITY_DIALUP_RID = &H1Private Const SECURITY_NETWORK_RID = &H2Private Const SECURITY_BATCH_RID = &H3Private Const SECURITY_INTERACTIVE_RID = &H4Private Const SECURITY_SERVICE_RID = &H6Private Const SECURITY_ANONYMOUS_LOGON_RID = &H7Private Const SECURITY_LOGON_IDS_RID = &H5Private Const SECURITY_LOCAL_SYSTEM_RID = &H12Private Const SECURITY_NT_NON_UNIQUE = &H15Private Const SECURITY_BUILTIN_DOMAIN_RID = &H20 ' Well-known domain relative sub-authority values (RIDs)Private Const DOMAIN_ALIAS_RID_ADMINS = &H220Private Const DOMAIN_ALIAS_RID_USERS = &H221Private Const DOMAIN_ALIAS_RID_GUESTS = &H222Private Const DOMAIN_ALIAS_RID_POWER_USERS = &H223Private Const DOMAIN_ALIAS_RID_ACCOUNT_OPS = &H224Private Const DOMAIN_ALIAS_RID_SYSTEM_OPS = &H225Private Const DOMAIN_ALIAS_RID_PRINT_OPS = &H226Private Const DOMAIN_ALIAS_RID_BACKUP_OPS = &H227Private Const DOMAIN_ALIAS_RID_REPLICATOR = &H228Private Const SECURITY_NT_AUTHORITY = &H5Private Type SID_AND_ATTRIBUTES    Sid As Long    Attributes As LongEnd TypePrivate Type TOKEN_GROUPS    GroupCount As Long    Groups(ANYSIZE_ARRAY) As SID_AND_ATTRIBUTESEnd TypePrivate Type SID_IDENTIFIER_AUTHORITY    Value(0 To 5) As ByteEnd TypePrivate Declare Function GetCurrentProcess Lib "Kernel32" () As LongPrivate Declare Function GetCurrentThread Lib "Kernel32" () As LongPrivate Declare Function OpenProcessToken Lib "Advapi32" (ByVal ProcessHandle _    As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As LongPrivate Declare Function OpenThreadToken Lib "Advapi32" (ByVal ThreadHandle As _    Long, ByVal DesiredAccess As Long, ByVal OpenAsSelf As Long, _    TokenHandle As Long) As LongPrivate Declare Function GetTokenInformation Lib "Advapi32" (ByVal TokenHandle _    As Long, TokenInformationClass As Integer, TokenInformation As Any, _    ByVal TokenInformationLength As Long, ReturnLength As Long) As LongPrivate Declare Function AllocateAndInitializeSid Lib "Advapi32" _    (pIdentifierAuthority As SID_IDENTIFIER_AUTHORITY, ByVal nSubAuthorityCount _    As Byte, ByVal nSubAuthority0 As Long, ByVal nSubAuthority1 As Long, _    ByVal nSubAuthority2 As Long, ByVal nSubAuthority3 As Long, _    ByVal nSubAuthority4 As Long, ByVal nSubAuthority5 As Long, _    ByVal nSubAuthority6 As Long, ByVal nSubAuthority7 As Long, _    lpPSid As Long) As LongPrivate Declare Function RtlMoveMemory Lib "Kernel32" (Dest As Any, _    Source As Any, ByVal lSize As Long) As LongPrivate Declare Function IsValidSid Lib "Advapi32" (ByVal pSid As Long) As LongPrivate Declare Function EqualSid Lib "Advapi32" (pSid1 As Any, _    pSid2 As Any) As LongPrivate Declare Sub FreeSid Lib "Advapi32" (pSid As Any)Private Declare Function CloseHandle Lib "Kernel32" (ByVal hObject As Long) As _    Long' Returns True if the thread is running in the' user context of the local Administrator account' Example:'   MsgBox "Current user is the Administrator: " & IsAdminPublic Function IsAdmin() As Boolean    Dim hProcessToken       As Long    Dim BufferSize          As Long    Dim psidAdmin           As Long    Dim lResult             As Long    Dim X                   As Integer    Dim tpTokens            As TOKEN_GROUPS    Dim tpSidAuth           As SID_IDENTIFIER_AUTHORITY    Dim llRetVal            As Long    Dim InfoBuffer()        As Long    Dim sids()              As SID_AND_ATTRIBUTES    Dim llCount             As Long    Dim llIdx               As Long    Dim llMax               As Long    IsAdmin = False    tpSidAuth.Value(5) = SECURITY_NT_AUTHORITY     ' Obtain current process token    If Not OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, True, _        hProcessToken) Then        Call OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, hProcessToken)    End If    If hProcessToken Then         ' Deternine the buffer size required        llRetVal = GetTokenInformation(hProcessToken, ByVal TokenGroups, 0, 0, _            BufferSize) ' Determine required buffer size        If BufferSize Then            ReDim InfoBuffer((BufferSize  4) - 1) As Long            ReDim sids(0 To tpTokens.GroupCount) As SID_AND_ATTRIBUTES             ' Retrieve your token information            lResult = GetTokenInformation(hProcessToken, ByVal TokenGroups, _                InfoBuffer(0), BufferSize, BufferSize)            If lResult <> 1 Then Exit Function             ' Move it from memory into the token structure            Call RtlMoveMemory(tpTokens, InfoBuffer(0), LenB(tpTokens))             ' Retreive the admins sid pointer            lResult = AllocateAndInitializeSid(tpSidAuth, 2, _                SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, _                0, 0, 0, psidAdmin)            If lResult <> 1 Then Exit Function            If IsValidSid(psidAdmin) Then                For X = 0 To tpTokens.GroupCount                     ' Run through your token sid pointers                    If IsValidSid(tpTokens.Groups(X).Sid) Then                         ' Test for a match between the admin sid equalling                          ' your Sid 's                        If EqualSid(ByVal tpTokens.Groups(X).Sid, _                            ByVal psidAdmin) Then                            IsAdmin = True                            Exit For                        End If                    End If                Next            End If            If psidAdmin Then Call FreeSid(psidAdmin)        End If        Call CloseHandle(hProcessToken)    End IfEnd Function

Developed for you by Elvio Serrao ([email protected])

Share the Post:
Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing