Check if user is a local admin on external machine

2019-07-29 15:12发布

站内问答 / 后端开发
376 1 4

I'm writing an app that aggregates all the event log entries on each of several different servers. I can get the event logs by passing in the MachineName to EventLog.GetEventLogs. This will typically fail at some stage is the user is not a local administrator on that machine, so I'd like to check for it ahead of time and skip to the next set of servers if that is the case

For Each svr As String In Servers

    'TODO: check to see if they are a local administrator, else continue for

    Dim logs As List(Of EventLog) = EventLog.GetEventLogs(svr).ToList
    For Each log As EventLog In logs
        LoadEachOSLogEntry(log)
    Next
Next

Most solutions, like the one here, only check if the user is an admin on the currently executing machine.

Dim user As WindowsIdentity = WindowsIdentity.GetCurrent()
Dim principal As New WindowsPrincipal(user)
Dim isAdmin As Boolean = principal.IsInRole(WindowsBuiltInRole.Administrator)

1条回答
别忘想泡老子
2楼-- · 2019-07-29 16:05

I'll share a partial solution, but I'm not entirely happy with it so if anyone has anything better, I'd happily accept their answer.

The following function will return wether or not a user belongs to a particular user group (in my case "Administrators") on any machine. 

Imports System.DirectoryServices.AccountManagement

Public Shared Function IsMemberOfGroup(userName As String, machineName As String, memberGroup as String) As Boolean
    Dim isMember As Boolean = False
    Using rootContext As New PrincipalContext(ContextType.Machine, machineName), _
          grp As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, memberGroup), _
          usr As UserPrincipal = UserPrincipal.FindByIdentity(rootContext, IdentityType.SamAccountName, userName)
        If grp IsNot Nothing AndAlso usr IsNot Nothing Then
            ' Check if the user is a member of the group.
            isMember = grp.GetMembers(True).Contains(usr)
        Else
            isMember = False
        End If
    End Using
    Return isMember
End Function

The caviat is that the user running the method has to be an admin in order to have rights to this information set in PrincipalContext. I was hoping that the application would be able to determine if the user running the application is an admin.

The only way to make this super helpful is to call it and see if it came up with "Access Denied", similar to hometoast already suggested, but this still doesn't feel super "clean"

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)