[Win32utils-devel] Checking privileges for adding, configuring or deleting users

Daniel Berger djberg96 at gmail.com
Thu Mar 5 20:00:01 EST 2009


Heesob Park wrote:
> Hi,
> 
> 2009/3/5 Berger, Daniel <Daniel.Berger at qwest.com>:
>> Hi all,
>>
>> Windows XP Pro
>> Ruby 1.8.6-p114
>>
>> How would I go about checking to see if I have privileges to add, configure or delete users? Or is it just a matter of checking for admin privileges?
>>
>> I ask because I have some tests for the sys-admin library I'd like to skip if the current process doesn't have the proper privileges.
>>
> Something like this would be possible:
> 
> require 'windows/api'
> include Windows
> 
> POLICY_CREATE_ACCOUNT  = 0x00000010
> POLICY_LOOKUP_NAMES    = 0x00000800
> ERROR_ACCESS_DENIED = 5
> 
> LsaOpenPolicy = API.new('LsaOpenPolicy', 'PPLP', 'L', 'advapi32')
> LsaClose = API.new('LsaClose', 'L', 'L', 'advapi32')
> LsaNtStatusToWinError = API.new('LsaNtStatusToWinError', 'L', 'L', 'advapi32')
> 
> attr = 0.chr * 24
> handle = 0.chr * 4
> status = LsaOpenPolicy.call(nil,attr,POLICY_CREATE_ACCOUNT|POLICY_LOOKUP_NAMES,handle)
> if status != 0 && LsaNtStatusToWinError.call(status)==ERROR_ACCESS_DENIED
>    puts "insufficient privilege"
> else
>    LsaClose.call(handle.unpack('L').first)
> end

Nice, thanks!

Dan


More information about the win32utils-devel mailing list