In .Net/C# Test If Process Has Administrative Privileges

In .NET/C# test if process has administrative privileges

This will check if user is in the local Administrators group (assuming you're not checking for domain admin permissions)

using System.Security.Principal;

public bool IsUserAdministrator()
{
    //bool value to hold our return value
    bool isAdmin;
    WindowsIdentity user = null;
    try
    {
        //get the currently logged in user
        user = WindowsIdentity.GetCurrent();
        WindowsPrincipal principal = new WindowsPrincipal(user);
        isAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator);
    }
    catch (UnauthorizedAccessException ex)
    {
        isAdmin = false;
    }
    catch (Exception ex)
    {
        isAdmin = false;
    }
    finally
    {
        if (user != null)
            user.Dispose();
    }
    return isAdmin;
}

Check for administrator privileges in C#

This will return a bool valid

using System.Security.Principal;

bool isElevated;
using (WindowsIdentity identity = WindowsIdentity.GetCurrent())
{
    WindowsPrincipal principal = new WindowsPrincipal(identity);
    isElevated = principal.IsInRole(WindowsBuiltInRole.Administrator);
}

Check if another process has admin privileges in .NET

OpenProcess(PROCESS_QUERY_[LIMITED_]INFORMATION)+OpenProcessToken(TOKEN_DUPLICATE) to get the token, then DuplicateTokenEx(TOKEN_QUERY,SecurityImpersonation,TokenImpersonation) to get the impersonation token, then pass that token and the SID from CreateWellKnownSid(WinBuiltinAdministratorsSid) to CheckTokenMembership.

To be able to open (almost) every process for PROCESS_QUERY_INFORMATION access you need to be running as administrator and with debug privileges. On Vista and later you can use PROCESS_QUERY_LIMITED_INFORMATION.

Example code available in this answer.

How can I tell if my process is running as Administrator?

Technically, if you want to see if the member is the local administrator account, then you can get the security identifier (SID) of the current user through the User property on the WindowsIdentity class, like so (the static GetCurrent method gets the current Windows user):

WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent();

string sid = windowsIdentity.User.ToString();

The User property returns the SID of the user which has a number of predefined values for various groups and users.

Then you would check to see if the SID has the following pattern, indicating it is the local administrator account (which is a well-known SID):

S-1-5-{other SID parts}-500

Or, if you don't want to parse strings, you can use the SecurityIdentifier class:

// Get the built-in administrator account.
var sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, 
    null);

// Compare to the current user.
bool isBuiltInAdmin = (windowsIdentity.User == sid);

However, I suspect that what you really want to know is if the current user is a member of the administrators group for the local machine. You can get this SID using the WellKnownSidType of BuiltinAdministratorsSid:

// Get the SID of the admin group on the local machine.
var localAdminGroupSid = new SecurityIdentifier(
    WellKnownSidType.BuiltinAdministratorsSid, null);

Then you can check the Groups property on the WindowsIdentity of the user to see if that user is a member of the local admin group, like so:

bool isLocalAdmin = windowsIdentity.Groups.
    Select(g => (SecurityIdentifier) g.Translate(typeof(SecurityIdentifier))).
    Any(s => s == localAdminGroupSid);

C# Check if run as administrator

Try this

public static bool IsAdministrator()
{
    var identity = WindowsIdentity.GetCurrent();
    var principal = new WindowsPrincipal(identity);
    return principal.IsInRole(WindowsBuiltInRole.Administrator);
}

This looks functionally the same as your code, but the above is working for me...

doing it functionally, (without unnecessary temp variables) ...

public static bool IsAdministrator()
{
   return (new WindowsPrincipal(WindowsIdentity.GetCurrent()))
             .IsInRole(WindowsBuiltInRole.Administrator);
}  

or, using expression-bodied property:

public static bool IsAdministrator =>
   new WindowsPrincipal(WindowsIdentity.GetCurrent())
       .IsInRole(WindowsBuiltInRole.Administrator);

Detect if running with elevated privileges? (domain administrator accounts included)

You need to pass the domain values to IsInRole:

// DOMAINNAME\Domain Admins RID: 0x200
bool isElevated = principal.IsInRole(WindowsBuiltInRole.Administrator)
               || principal.IsInRole(0x200);

How to check admin rights C#

That's the correct approach to performing the check, I use it myself in my PowerShell profile to distinguish elevated sessions.

I suspect you're not taking into account the effect of User Access Control (UAC). When a user logs in they get a security token object allocated. This contains both their own security id (SID), the SIDs of groups they belong to and a list of privileges they have (and whether those privileges are enabled).

With UAC enabled, when you do an interactive login if you have certain privileges or are a member of the local administrators you get two tokens: one with everything and a second with administrative access SIDs and privileges removed. The latter token is used with each launched process, unless launched elevated when the former token is used.

Thus an administrator cannot exercise their full power without an extra step – this helps prevent malware from being started with full control of the system.

The best tool for seeing this in action is Process Explorer. The Security tab of the process properties dialogue shows the contents of the process's security token (and adding the "Integrity Level" column to the main display will show what processes are elevated) – run Process Explorer elevated to see the full information.

So your code will only return true for a process run by an administrator that is also elevated (run as administrator).

---

Related Topics