Lm th? no ? xc ?nh li?u m?t ch? ? ch?y trong b?i c?nh ng?i dng ti kho?n qu?n tr? ?a phng

D?ch tiu ? D?ch tiu ?
ID c?a bi: 118626 - Xem s?n ph?m m bi ny p d?ng vo.
Bung t?t c? | Thu g?n t?t c?

? Trang ny


? xc ?nh li?u m?t ch? ? ch?y theo m?t ?a phng ti kho?n qu?n tr?, b?n ph?i ki?m tra m? thng bo truy c?p ?c lin k?t v?i ch? ?. Bi vi?t ny m t? lm th? no ? lm i?u ny.

V?i Windows Phin b?n 2000 v sau ny, b?n c th? s? d?ng cc CheckTokenMembership() API thay v? c?a cc b?c ?c m t? trong bi vi?t ny. Cho thng tin thm, xem ti li?u Microsoft n?n t?ng SDK.


Theo m?c ?nh, m? thng bo l lin k?t v?i m?t ch? ? l m c?a qu tr?nh ch?a c?a n. B?i c?nh ng?i dng"ny" superceded b?i b?t k? m? thng bo m ?c g?n tr?c ti?p vo cc ch? ?. V? v?y, ? xc ?nh m?t thread b?i c?nh ng?i dng, ?u tin b?n nn c? g?ng ? c ?c m?t m? thng bo cho ch? ? v?i cc OpenThreadToken ch?c nng. N?u phng php ny khng thnh cng v cc GetLastError ch?c nng bo co ERROR_NO_TOKEN, sau b?n c th? c ?c m? thng bo cho qu tr?nh v?i cc OpenProcessToken ch?c nng.

Sau khi b?n c ?c m? thng bo c?a hi?n t?i ng?i s? d?ng, b?n c th? s? d?ng cc AccessCheck ch?c nng pht hi?n cho d ng?i dng l m?t qu?n tr? vin. ? lm i?u ny, h?y lm theo cc b?c sau:
  1. T?o ra m?t ?nh danh b?o m?t (SID) cho cc ?a phng nhm ng?i qu?n tr? b?ng cch s? d?ng cc AllocateAndInitializeSid ch?c nng.
  2. Xy d?ng m?t m t? b?o m?t m?i (SD) v?i m?t Ty Access Control List (DACL) c ch?a m?t m?c i?u khi?n truy c?p (ACE) cho nhm ng?i qu?n tr? SID.
  3. Cu?c g?i AccessCheck v?i m? thng bo c?a ng?i dng hi?n t?i v v?a ?c xy d?ng SD ? pht hi?n cho d ng?i dng l m?t qu?n tr? vin.
M?u m? sau y s? d?ng cc ch?c nng ?c ? c?p tr?c trong bi vi?t ny ? th? nghi?m cho d cc ch? ? hi?n t?i ang ch?y nh m?t ng?i s? d?ng Ai l ng?i qu?n tr? trn my tnh ?a phng.

Ma mu

#include <windows.h>
#include <stdio.h>
#include <lmcons.h>

BOOL IsCurrentUserLocalAdministrator(void);

void main(int argc, char **argv)
   if (IsCurrentUserLocalAdministrator())
      printf("You are an administrator\n");
      printf("You are not an administrator\n");


IsCurrentUserLocalAdministrator ()

This function checks the token of the calling thread to see if the caller
belongs to the Administrators group.

Return Value:
   TRUE if the caller is an administrator on the local machine.
   Otherwise, FALSE.

BOOL IsCurrentUserLocalAdministrator(void)
   BOOL   fReturn         = FALSE;
   DWORD  dwStatus;
   DWORD  dwAccessMask;
   DWORD  dwAccessDesired;
   DWORD  dwACLSize;
   DWORD  dwStructureSize = sizeof(PRIVILEGE_SET);
   PACL   pACL            = NULL;
   PSID   psidAdmin       = NULL;

   HANDLE hToken              = NULL;
   HANDLE hImpersonationToken = NULL;

   GENERIC_MAPPING GenericMapping;

   PSECURITY_DESCRIPTOR     psdAdmin           = NULL;

      Determine if the current thread is running as a user that is a member 

      the local admins group.  To do this, create a security descriptor 

      has a DACL which has an ACE that allows only local aministrators 

      Then, call AccessCheck with the current thread's token and the 

      descriptor.  It will say whether the user could access an object if 

      had that security descriptor.  Note: you do not need to actually 

      the object.  Just checking access against the security descriptor 

      will be sufficient.
   const DWORD ACCESS_READ  = 1;
   const DWORD ACCESS_WRITE = 2;


         AccessCheck() requires an impersonation token.  We first get a 

         token and then create a duplicate impersonation token.  The
         impersonation token is not actually assigned to the thread, but is
         used in the call to AccessCheck.  Thus, this function itself never
         impersonates, but does use the identity of the thread.  If the 

         was impersonating already, this function uses that impersonation 

      if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY, 

TRUE, &hToken))
         if (GetLastError() != ERROR_NO_TOKEN)

         if (!OpenProcessToken(GetCurrentProcess(), 


      if (!DuplicateToken (hToken, SecurityImpersonation, 


        Create the binary representation of the well-known SID that
        represents the local administrators group.  Then create the 

        descriptor and DACL with an ACE that allows only local admins 

        After that, perform the access check.  This will determine whether
        the current user is a local admin.
      if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
                                    0, 0, 0, 0, 0, 0, &psidAdmin))

      if (psdAdmin == NULL)

      if (!InitializeSecurityDescriptor(psdAdmin, 


      // Compute size needed for the ACL.
      dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) +
                  GetLengthSid(psidAdmin) - sizeof(DWORD);

      pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
      if (pACL == NULL)

      if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))

      dwAccessMask= ACCESS_READ | ACCESS_WRITE;

      if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, 


      if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))

         AccessCheck validates a security descriptor somewhat; set the 

         and owner so that enough of the security descriptor is filled out 

         make AccessCheck happy.
      SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
      SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);

      if (!IsValidSecurityDescriptor(psdAdmin))

      dwAccessDesired = ACCESS_READ;

         Initialize GenericMapping structure even though you
         do not use generic rights.
      GenericMapping.GenericRead    = ACCESS_READ;
      GenericMapping.GenericWrite   = ACCESS_WRITE;
      GenericMapping.GenericExecute = 0;
      GenericMapping.GenericAll     = ACCESS_READ | ACCESS_WRITE;

      if (!AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired,
                       &GenericMapping, &ps, &dwStructureSize, &dwStatus,
         fReturn = FALSE;
      // Clean up.
      if (pACL) LocalFree(pACL);
      if (psdAdmin) LocalFree(psdAdmin);
      if (psidAdmin) FreeSid(psidAdmin);
      if (hImpersonationToken) CloseHandle (hImpersonationToken);
      if (hToken) CloseHandle (hToken);

   return fReturn;

Thu?c tnh

ID c?a bi: 118626 - L?n xem xt sau cng: 17 Thang Tam 2011 - Xem xt l?i: 2.0
p d?ng
  • Microsoft Win32 Application Programming Interface
T? kha:
kbapi kbhowto kbkernbase kbsecurity kbmt KB118626 KbMtvi
My d?ch
QUAN TRONG: Bi vi?t ny ?c d?ch b?ng ph?n m?m d?ch my c?a Microsoft ch? khng ph?i do con ng?i d?ch. Microsoft cung c?p cc bi vi?t do con ng?i d?ch v c? cc bi vi?t do my d?ch ? b?n c th? truy c?p vo t?t c? cc bi vi?t trong C s? Ki?n th?c c?a chng ti b?ng ngn ng? c?a b?n. Tuy nhin, bi vi?t do my d?ch khng ph?i lc no c?ng hon h?o. Lo?i bi vi?t ny c th? ch?a cc sai st v? t? v?ng, c php ho?c ng? php, gi?ng nh m?t ng?i n?c ngoi c th? m?c sai st khi ni ngn ng? c?a b?n. Microsoft khng ch?u trch nhi?m v? b?t k? s? thi?u chnh xc, sai st ho?c thi?t h?i no do vi?c d?ch sai n?i dung ho?c do ho?t ?ng s? d?ng c?a khch hng gy ra. Microsoft c?ng th?ng xuyn c?p nh?t ph?n m?m d?ch my ny.
Nh?p chu?t vo y ? xem b?n ti?ng Anh c?a bi vi?t ny:118626

Cung cp Phan hi


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com