This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: how to determine if a shell is running as Administrator?
- From: Andrew Schulman <schulman dot andrew at epa dot gov>
- To: cygwin at cygwin dot com
- Date: Thu, 05 Feb 2015 09:38:33 -0500
- Subject: Re: how to determine if a shell is running as Administrator?
- Authentication-results: sourceware.org; auth=none
- References: <slc6da9aq8g9e7h0aegafhfa86eahfd53p at 4ax dot com> <20150205100349 dot GS2635 at calimero dot vinschen dot de> <87siekhaz6 dot fsf at Rainer dot invalid> <20150205113926 dot GT2635 at calimero dot vinschen dot de>
> On Feb 5 12:08, Achim Gratz wrote:
> > Corinna Vinschen writes:
> > >> 2. Parse the output of groups or id -G. I can't find any reliable way to do
> > >> this. For example on my host, when I start a shell with "Run as administrator",
> > >> the new group I get isn't 544 (Administrators). It's 114 (Local account and
> > >> member of Administrators group). Is that at all portable or reliable?
> > >
> > > Huh? There is no such group in Windows. Where does it come from?
> >
> > Yes there is, at least on Windows 8.1N Core and Server 2012R2. In fact
> > there are two new SID:
> >
> > 113 (Local account)
> > 114 (Local account and member in Administrators group)
> >
> > http://blogs.technet.com/b/secguide/archive/2014/09/02/blocking-remote-use-of-local-accounts.aspx
> > https://msdn.microsoft.com/en-us/library/cc980032.aspx
>
> Thanks for the info. Now I remember that I saw them already at one
> point, but I never had a deeper look what they actually are good for.
Yes, thanks. And BTW I'm using Windows 7. The first URL above says that the
new groups are also used there after KB2871997.
> However, the user token of such a user still contains the Administrators
> group (I just tested it) and thus the `id -G' test for 544 (or 0 with
> the old "root" entry in /etc/group) is still valid.
OK, I see. Yes, when I Run as administrator I have
$ id -G
513 114 1007 1001 0 545 4 66049 11 15 113 4095 66048 262154 405504
which includes 0.
So it seems that the test for group 544 or 0 is the way to tell if the user has
admin rights. If you want to know (I don't) specifically if they got those
rights from Run as administrator, the presence of group 114 will tell you that,
but only in newer OSes.
Thanks everyone! Cygwin rocks
Andrew
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple