Berger, Daniel
2009-Mar-04 18:57 UTC
[Win32utils-devel] Checking privileges for adding, configuring or deleting users
Hi all, Windows XP Pro Ruby 1.8.6-p114 How would I go about checking to see if I have privileges to add, configure or delete users? Or is it just a matter of checking for admin privileges? I ask because I have some tests for the sys-admin library I''d like to skip if the current process doesn''t have the proper privileges. Regards, Dan
Heesob Park
2009-Mar-05 04:54 UTC
[Win32utils-devel] Checking privileges for adding, configuring or deleting users
Hi, 2009/3/5 Berger, Daniel <Daniel.Berger at qwest.com>:> Hi all, > > Windows XP Pro > Ruby 1.8.6-p114 > > How would I go about checking to see if I have privileges to add, configure or delete users? Or is it just a matter of checking for admin privileges? > > I ask because I have some tests for the sys-admin library I''d like to skip if the current process doesn''t have the proper privileges. >Something like this would be possible: require ''windows/api'' include Windows POLICY_CREATE_ACCOUNT = 0x00000010 POLICY_LOOKUP_NAMES = 0x00000800 ERROR_ACCESS_DENIED = 5 LsaOpenPolicy = API.new(''LsaOpenPolicy'', ''PPLP'', ''L'', ''advapi32'') LsaClose = API.new(''LsaClose'', ''L'', ''L'', ''advapi32'') LsaNtStatusToWinError = API.new(''LsaNtStatusToWinError'', ''L'', ''L'', ''advapi32'') attr = 0.chr * 24 handle = 0.chr * 4 status = LsaOpenPolicy.call(nil,attr,POLICY_CREATE_ACCOUNT|POLICY_LOOKUP_NAMES,handle) if status != 0 && LsaNtStatusToWinError.call(status)==ERROR_ACCESS_DENIED puts "insufficient privilege" else LsaClose.call(handle.unpack(''L'').first) end Regards, Park Heesob
Daniel Berger
2009-Mar-06 01:00 UTC
[Win32utils-devel] Checking privileges for adding, configuring or deleting users
Heesob Park wrote:> Hi, > > 2009/3/5 Berger, Daniel <Daniel.Berger at qwest.com>: >> Hi all, >> >> Windows XP Pro >> Ruby 1.8.6-p114 >> >> How would I go about checking to see if I have privileges to add, configure or delete users? Or is it just a matter of checking for admin privileges? >> >> I ask because I have some tests for the sys-admin library I''d like to skip if the current process doesn''t have the proper privileges. >> > Something like this would be possible: > > require ''windows/api'' > include Windows > > POLICY_CREATE_ACCOUNT = 0x00000010 > POLICY_LOOKUP_NAMES = 0x00000800 > ERROR_ACCESS_DENIED = 5 > > LsaOpenPolicy = API.new(''LsaOpenPolicy'', ''PPLP'', ''L'', ''advapi32'') > LsaClose = API.new(''LsaClose'', ''L'', ''L'', ''advapi32'') > LsaNtStatusToWinError = API.new(''LsaNtStatusToWinError'', ''L'', ''L'', ''advapi32'') > > attr = 0.chr * 24 > handle = 0.chr * 4 > status = LsaOpenPolicy.call(nil,attr,POLICY_CREATE_ACCOUNT|POLICY_LOOKUP_NAMES,handle) > if status != 0 && LsaNtStatusToWinError.call(status)==ERROR_ACCESS_DENIED > puts "insufficient privilege" > else > LsaClose.call(handle.unpack(''L'').first) > endNice, thanks! Dan