PDA

View Full Version : HOWTO: Detect Administrator Privileges



Support
09-26-2002, 11:31 AM
<HTML><HEAD><TITLE>HOWTO: Detect Administrator Privileges</TITLE></HEAD><BODY><h3>HOWTO: Detect Administrator Privileges</h3><b>Document ID: IR02010</b><hr>The information in this article applies to:<ul><li>Setup Factory 6.0</li><li>Setup Factory 5.0</li></ul><hr><h3>SUMMARY</h3><p>The article explains how to determine if the end user has administrative privileges.</p><h3>DISCUSSION</h3><p>In general there are two main types of users on Windows NT-based operating systems (Windows NT 4.0, Windows 2000, and Windows XP), these are:<ul><li>Administrators</li><li>Users</li></ul>Each type of user, or "User Group" has different privileges and access to different portions of the system. As a result it is often important to know which User Group your end user falls into, and the properties of each group.<br><br>The first, and most powerful group is the "Administrators". This group has access to the entire operating system, they are not limited to which registry keys they can edit, files the can modify, or what types of programs they can run. In general, users with Administrative privileges will be the users installing programs.<br><br>The most common, and restricted, group is the "Users" group. This group is made up of the people who work with the computer on a day-to-day basis. They only need access to certain programs and data files found on their local system or network. These users have restricted access to the operating system and the registry. The basic Users group grants people access the computer without giving them the ability to do damage to: the operating system, installed programs, important documents, or other security measures that may be place.<br><br>Members of the "Users" group <b>cannot</b>:<ul><li>Modify system wide registry settings</li><li>Modify Operating System files</li><li>Install programs accessible to other users</li></ul>Members of the "Users" group <b>can</b>:<br><ul><li>Run programs installed by administrators</li><li>Access the files within their user profile</li><li>Modify their HKEY_CURRENT_USER registry settings</li></ul>So if your installation needs to modify a registry value found outside HKEY_CURRENT_USER, or if you want the program being installed to be accessible to all users on the computer you <b>must</b> make sure that your installation is run by a user with administrative privileges.<br><br>To make this check easy, Setup Factory has a built-in variable:<br><br><b>%IsUserNTAdmin%</b> - This variable is set to "TRUE" if the user running the setup is currently logged into Windows NT/2000/XP with Administrator privileges. It's set to "FALSE" otherwise. On systems that aren't running some version of Windows NT, this variable is always set to "FALSE".<br><br>So when checking to make sure that your user is <b>NOT</b> an Administrator two checks have to be made:<br><ul><li>They are not running Windows 95 or Windows 98</li><li>%IsUserNTAdmin% = FALSE</li></ul>Conversely the following checks need to be made to determine that the user <b>IS</b> an Administrator:<br><ul><li>They are running Windows NT, 2000, or XP</li><li>%IsUserNTAdmin% = TRUE</li></ul>In general it is easier to determine that the user is <b>NOT</b> an Administrator, simply because this makes it easy to include Windows 95 and 98 users, who will generally have "Administrator" privileges on their systems.<br><br><b>Example:</b><br><br>Here is some Setup Factory 6.0 pseudo-code that will determine if the end user is an Administrator or not. If the user is an Administrator the installation will continue, if they are not a Message box will appear informing them of this and then the installation will abort.<br><PRE><code><b>If</b> ((!%IsWindows95%) AND (!%IsWindows98%)AND(!%IsUserNTAdmin%))<br> <b>Show Message Box</b> (You do not have administrative privileges. The setup will now Abort.)<br> <b>Abort Setup</b><br><b>END IF</b></PRE></code>A good place to put these actions is on the "After" event of your first visible screen. That way the user will at least see the first screen of the installation before being forced to abort. Keep in mind that if you do not want to put the actions on the "After" event of your first visible screen you could place them anywhere, but make sure to do so before you attempt any actions that may not be possible for someone with User privileges.<br></p><h3>MORE INFORMATION</h3><p>For more information please see the following topics in the Setup Factory 6.0 Help:<br><br><li><b>Command Reference | Variables | Built-in Variables</b></li><li><b>Command Reference | Actions | Individual Actions | Abort</b></li><li><b>Command Reference | Actions | Individual Actions | END IF</b></li><li><b>Command Reference | Actions | Individual Actions | IF</b></li><li><b>Command Reference | Actions | Individual Actions | Show Message Box</b></li></p><p>KEYWORDS: Setup Factory, %IsUserNTAdmin%, User, Administrator, Windows NT, Windows 2000, Windows XP, Privileges</p><hr><FONT SIZE=1>Last reviewed: October 8, 2002<br>Copyright 2002 <A HREF="http://www.indigorose.com" target="blank">Indigo Rose Corporation</a>. All rights reserved.<br></FONT></BODY></HTML>