我正在寻找正在工作(明显地)Delphi 7代码,所以我可以检查我的程序是否以管理员权限启动。
提前感谢
[---重要更新---]
到目前为止,已经阅读了答案中的代码,我意识到我的问题可能不太清楚,或者至少是不完整的:
我想知道我的Delphi 7程序是否以“以管理员身份运行”复选框设置启动。
换句话说:我想知道我的Delphi 7程序是否可以在c:\ Program Files ...文件夹中创建/更新文件。
仅检查您是否具有管理员权限还不够。
Windows API(用于)具有帮助功能(IsUserAnAdmin),以告诉您是否正在使用管理权限运行。
OS Account Type UAC IsUserAdmin
============== ============= ============ ===========
Windows XP Standard n/a False
Windows XP Administrator n/a True
Windows Vista Standard Disabled False
Windows Vista Administrator Disabled True
Windows Vista Standard Not Elevated False
Windows Vista Administrator Not Elevated False
Windows Vista Standard Elevated True
Windows Vista Administrator Elevated True
不推荐使用Shell32包装函数;很好,因为它只是您自己a wrapper around other code, which you can still call:
function IsUserAdmin: Boolean;
var
b: BOOL;
AdministratorsGroup: PSID;
begin
{
This function returns true if you are currently running with admin privileges.
In Vista and later, if you are non-elevated, this function will return false
(you are not running with administrative privileges).
If you *are* running elevated, then IsUserAdmin will return true, as you are
running with admin privileges.
Windows provides this similar function in Shell32.IsUserAnAdmin.
But the function is deprecated, and this code is lifted
from the docs for CheckTokenMembership:
http://msdn.microsoft.com/en-us/library/aa376389.aspx
}
{
Routine Description: This routine returns TRUE if the callers
process is a member of the Administrators local group. Caller is NOT
expected to be impersonating anyone and is expected to be able to
open its own process and process token.
Arguments: None.
Return Value:
TRUE - Caller has Administrators local group.
FALSE - Caller does not have Administrators local group.
}
b := AllocateAndInitializeSid(
SECURITY_NT_AUTHORITY,
2, //2 sub-authorities
SECURITY_BUILTIN_DOMAIN_RID, //sub-authority 0
DOMAIN_ALIAS_RID_ADMINS, //sub-authority 1
0, 0, 0, 0, 0, 0, //sub-authorities 2-7 not passed
AdministratorsGroup);
if (b) then
begin
if not CheckTokenMembership(0, AdministratorsGroup, b) then
b := False;
FreeSid(AdministratorsGroup);
end;
Result := b;
end;
换句话说:此功能为您提供所需的答案:用户可以更新程序文件。
您需要对检查您是否是管理员组成员的代码感到厌倦。您可以是管理员组的成员,但没有任何管理权限。您还可以具有管理特权,但不能成为管理员组的成员。
program Project1;
{$APPTYPE CONSOLE}
uses
Windows,
ShellAPI;
// high-level wrapper, see Ian Boyd's answer for details on this function
function IsUserAnAdmin(): BOOL; external shell32;
begin
if IsUserAnAdmin() then
Writeln('TEH R00T OMG')
else
Writeln('rtfmnoobkthx');
Readln;
end.
JEDI项目的JEDI Code Library在JclSecurity单元中具有IsAdministrator函数,它将告诉您。它仍然可以在Delphi 7中使用。
Microsoft建议的解决此问题的方法:将应用程序拆分为两个。
http://msdn.microsoft.com/en-us/library/aa511445.aspx
第一个应用程序检查是否有必要运行第二个应用程序。
第二个应用程序包含一个“ require admin”清单(如David所写,您可以使用ShellExecuteEx'runas'动词打开它。
如果使用网络更新程序,则工作流程可能是这样的:
Updater1.exe
Updater2.exe
这具有几个优点:
它也适用于Windows XP,如果您不是管理员,则会显示一个登录对话框。
Jwscl(Jedi Windows安全性库)具有此功能:JwCheckAdministratorAccess。
我在Windows XP,7和8(管理员帐户和受限帐户)上使用Delphi 7测试了此代码:
此代码在D7..XE inc。下有效。>>
function IsWindowsAdministrator: Boolean;
// Returns TRUE if the user has administrator priveleges
// Returns a boolean indicating whether or not user has admin
// privileges. Call only when running under NT. Win9.x will return false!
var
hAccessToken : tHandle;
ptgGroups : pTokenGroups;
dwInfoBufferSize : DWORD;
psidAdministrators : PSID;
int : integer; // counter
blnResult : boolean; // return flag
const
SECURITY_NT_AUTHORITY: SID_IDENTIFIER_AUTHORITY =
(Value: (0,0,0,0,0,5)); // ntifs
SECURITY_BUILTIN_DOMAIN_RID: DWORD = $00000020;
DOMAIN_ALIAS_RID_ADMINS: DWORD = $00000220;
DOMAIN_ALIAS_RID_USERS : DWORD = $00000221;
DOMAIN_ALIAS_RID_GUESTS: DWORD = $00000222;
DOMAIN_ALIAS_RID_POWER_: DWORD = $00000223;
begin
Result := False;
blnResult := OpenThreadToken( GetCurrentThread, TOKEN_QUERY,
True, hAccessToken );
if ( not blnResult ) then
begin
if GetLastError = ERROR_NO_TOKEN then
blnResult := OpenProcessToken( GetCurrentProcess,
TOKEN_QUERY, hAccessToken );
end;
ptgGroups := nil;
if ( blnResult ) then
try
GetMem(ptgGroups, 1024);
blnResult := GetTokenInformation( hAccessToken, TokenGroups,
ptgGroups, 1024,
dwInfoBufferSize );
CloseHandle( hAccessToken );
if ( blnResult ) then
begin
AllocateAndInitializeSid( SECURITY_NT_AUTHORITY, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
psidAdministrators );
{$IFOPT R+}
{$DEFINE RMINUS}
{$R-}
{$ENDIF}
for int := 0 to ptgGroups.GroupCount - 1 do
if EqualSid( psidAdministrators,
ptgGroups.Groups[ int ].Sid ) then
begin
Result := True;
Break;
end;
{$IFDEF IMINUS}
{$R-}
{$UNDEF IMINUS}
{$ENDIF}
FreeSid( psidAdministrators );
end;
finally
If ptgGroups <> nil then
FreeMem( ptgGroups );
end;
end;