Determine rights and privileges on Windows.

  • Thread starter Peter Schmiedeskamp
  • Start date
P

Peter Schmiedeskamp

Hello, I'm writing a python program (in Windows) from
which I would like to determine whether or not either:
1. The user has administrative access on the current
PC.
or (better)
2. The currently running process has administrative
access.

For the first scenario, the
win32security.LsaEnumerateAccountRight() seems to to
be the ticket. The documentation doesn't describe
what this function requires as parameters. It appears
to require a PySID object and some sort of PyHANDLE
object. I've figured out how to get the PySID object,
but I'm not sure what type of PyHANDLE is required (or
how to create such a thing)

My other alternative is to check the running process
for its authority. There appear to a number of
functions that sound potentially logical to use,
however I'm unable to determine which I should use.

Has anyone done such a thing? Many thanks to anyone
who can give me a shove down the right path.

-Peter




__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
 
R

Roger Upole

The first parm to LsaEnumerateAccountRights is a policy handle returned
from LsaOpenPolicy. I'll try to update the documentation.
To list the privileges for the current process, you can use something like
this:

import win32process, win32security
ph=win32process.GetCurrentProcess()
th = win32security.OpenProcessToken(ph,win32security.TOKEN_READ)
privs=win32security.GetTokenInformation(th,win32security.TokenPrivileges)
for priv in privs:
priv_state=''
if priv[1]==0:
priv_state='Disabled'
if priv[1]&win32security.SE_PRIVILEGE_ENABLED:
priv_state+=' SE_PRIVILEGE_ENABLED'
if priv[1]&win32security.SE_PRIVILEGE_ENABLED_BY_DEFAULT:
priv_state+=' SE_PRIVILEGE_ENABLED_BY_DEFAULT'
print win32security.LookupPrivilegeName(None,priv[0]),priv[1],priv_state
Note that the None parm to LookupPrivilegeName means to use the local
machine, substitute your DC if you're in a domain.
hth
Roger
 
C

Colin Brown

Peter Schmiedeskamp said:
Hello, I'm writing a python program (in Windows) from
which I would like to determine whether or not either:
1. The user has administrative access on the current
PC.
or (better)
2. The currently running process has administrative
access.
Click to expand...

Hi Peter

It may be worth having a look at WMI (Google "python wmi").

Cheers
Colin Brown
PyNZ
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Windows7 run python script / sub process with elevated privileges 2
cx Oracle privileges 0
Socket programming in C on Windows 0
ASP.NET application having sysadmin privileges 0
How to determine if a Python script is being run right after startupon Windows 3
Question about admin rights and IDLE 0
Problem building 3.5 on Windows 0

Members online

Total: 28 (members: 1, guests: 27)
Robots: 330

Forum statistics

Threads
473,755
Messages
2,569,535
Members
45,007
Latest member
obedient dusk

Latest Threads

Top