Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: Domain User Local Administrator
How about just using wntMemberGet() to see if they are a member of the Local Administrators group?
You could use the network extender to determine what groups (global and local) that your user belongs to. You could then check to see if your user belongs to the local administrators group or if any of the global groups that the user belongs to are members of the local administrators group.
This could be implemented as a fairly simple list processing loop. Once the processing is done you have a yes/no answer as to whether or not there is a direct/indirect association between the user and the local administrators group.
If FileExist( "\\%ComputerName%\ADMIN$\System32\Services.EXE" ) Then Message( "xx", "They are an Admin" )It's fairly reliable but does have problems.
Of course, some times it is easier to determine your level of rights by attempting to perform some administrative action and being prepared to trap any errors that occur due to lack of privileges. This works sort of like saying, "If I can do this one task then I know that I am privileged for all other admin tasks." This is not the best way but some times it is the only sure way to know.
We created a specific user account which is a local admin on all workstations. Our deployment procedure includes insuring that this user is added to the local admin group.
We then autolog this user in conjunction with the runonce command for Software Delivery purposes.
I would like to contribute my technique for simply determining if the current NT user has admin rights:
Admin = 0 ; Initialize Flag to false AddExtender('WWWNT34I.DLL') ; WinNT Network Functions username = StrTrim(wntGetUser(@default)) ; Current user logged on network ;************************** AdminTest BoxCaption(1,'Checking Admin Privileges for %username%') RegKey = 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce[AdminTest]' ErrorMode(@OFF) ; Suppress error if attempt fails RegSetValue(@REGMachine, RegKey, 'cmd.exe') ; Key can only be written by an Administrator ErrorMode(@NOTIFY) if RegExistValue(@REGMachine, RegKey) Admin = 1 RegDelValue(@REGMachine, RegKey) endifOne of our developers commented on the above suggestion as follows:
I use this method also. It works on default windows installations, but it can easily be broken by modifying the security entries on the registry keys.
Being an admin does not mean oyu have security access to everything, but it does generally mean that you can alter the security access so that you can.
However the breaking is theoretical, I've never seen a machine where someone had managed to break the above trick, so I think it is pretty safe.
Article ID: W14266
Filename: Is Domain User a Local Admin.txt
File Created: 2001:11:21:11:44:28
Last Updated: 2001:11:21:11:44:28