Check if a different process is running with elevated privileges
Thanks to RbMm (and Hantalyte indirectly) I've been made aware that the Microsoft documentation for OpenProcessToken is incorrect in its assertion that the provided handle must have the PROCESS_QUERY_INFORMATION access permission, as it actually only requires that the handle have PROCESS_QUERY_LIMITED_INFORMATION (I have confirmed this with my own testing).
It is possible to get a handle to an elevated process from within a non-elevated process with the permission PROCESS_QUERY_LIMITED_INFORMATION, as long as both were started from the same account, meaning that one can check other processes for elevation using the procedure in my question that I original though didn't work due to the errant documentation.
As Hantalyte/RbMm point out, if the process being checked is owned by a different account the checking process needs the SE_DEBUG_NAME privilege to be enabled.
Hopefully the MS docs should be corrected soon.
UPDATE:
The correction PR has been merged.
UPDATE 2:
The correction is now live: https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocesstoken
How to detect if a batch script is running with administrative rights?
Ok. Thanks for your comments. Today I figure out what happens.
Our admin has change the configuration of the cmd.exe application so that the cmd.exe starts in every case with administration rights. So theres no different between a double click on "cmd.exe" and starting it with "Run as Adminstrator". And so my script returns the same result in both cases!
How to detect if CMD is running as Administrator/has elevated privileges?
ADDENDUM: For Windows 8 this will not work; see this excellent answer instead.
Found this solution here: http://www.robvanderwoude.com/clevertricks.php
AT > NUL
IF %ERRORLEVEL% EQU 0 (
ECHO you are Administrator
) ELSE (
ECHO you are NOT Administrator. Exiting...
PING 127.0.0.1 > NUL 2>&1
EXIT /B 1
)
Assuming that doesn't work and since we're talking Win7 you could use the following in Powershell if that's suitable:
$principal = new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())
$principal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
If not (and probably not, since you explicitly proposed batch files) then you could write the above in .NET and return an exit code from an exe based on the result for your batch file to use.
How do I check if my program is running under admin privileges via C++?
You can use the OpenProcessToken / GetTokenInformation pair: https://stackoverflow.com/a/8196291/3235496
An alternative is the AccessCheck function.
Last the IsUserAnAdmin function: it's simple but deprecated (available from Windows XP/Windows Server 2003).
Anyway why are you checking? Trying could be a good strategy: if it works, you have sufficient rights (possibly a subset of Admin rights).
PS
Just out of curiosity... the C++ translation of your batch file should be based on the CreateDirectory function. If it fails check the extended error information via GetLastError (return code ERROR_ACCESS_DENIED). But, as David Heffernan says, spraying folders into the system directories isn't a great idea.
Related Topics
Operator Overloading in C++ as Int + Obj
How to Check If a Type Is an Instantiation of a Given Class Template
Unordered_Map Hash Function C++
Blending Does Not Remove Seams in Opencv
Is Floating Point Addition Commutative in C++
Std::Optional Specialization for Reference Types
Why Does VS Not Define the Alternative Tokens for Logical Operators
In Either C or C++, Should I Check Pointer Parameters Against Null/Nullptr
Can a Bool Read/Write Operation Be Not Atomic on X86
How to Get the Digits of a Number Without Converting It to a String/ Char Array
What Is Half Open Range and Off the End Value
Standard Library Containers with Additional Optional Template Parameters