From: Phil on
I use the following code for checking if a user has administrator rights:

Public Function IsUserAdministrator() As Boolean
Return
My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator)
End Function

This doesn't work on Windows 7 with UAC enabled. There are lots of articles
explaining how to mark your manifest to request elevated privileges, but I
only have one or two functions within my application that require this. How
can I request the elevated privilege from within my code at runtime?

TIA
Phil.


From: Gregory A. Beamer on
"Phil" <p> wrote in message
news:_qCdnT_SAfxVbBHWnZ2dnUVZ7oednZ2d(a)brightview.co.uk...
> I use the following code for checking if a user has administrator rights:
>
> Public Function IsUserAdministrator() As Boolean
> Return
> My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator)
> End Function
>
> This doesn't work on Windows 7 with UAC enabled. There are lots of
> articles
> explaining how to mark your manifest to request elevated privileges, but I
> only have one or two functions within my application that require this.
> How
> can I request the elevated privilege from within my code at runtime?

What do you need elevated privilege for? Is this something you can separate
out from the main process or do you truly need to get elevated privileges in
the main app? Serious questions, as the answers can strongly impact the
solution.

--
Peace and Grace,
Greg

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

************************************************
| Think outside the box! |
************************************************



From: Phil on
> What do you need elevated privilege for? Is this something you can
> separate out from the main process or do you truly need to get elevated
> privileges in the main app? Serious questions, as the answers can strongly
> impact the solution.

There are 2 main things. Firstly there are some files that need to be shared
amongst all users, and I need to store the location of the folder containing
these files in the registry (HKLM). Secondly there are some configuration
and administration type functions that shouldn't be available generally to
users, so it would be useful, to be able to check if the user is an
administrator before offering these options.
My best solution at the moment seems to be to try to group all these
functions into a separate application. This app can require administratopr
privilege, and the main app, can just launch this as required. It seems way
over the top though to have to launch a separate application just to check
whether a user has the admin rights or not. Unfortunately with UAC there
doesn't appear to be any way of determining this without actually elevating
the user to administrator.

Thanks for you help.
Phil.


From: Alex Clark on
"Phil" <p> wrote in message
news:_qCdnT_SAfxVbBHWnZ2dnUVZ7oednZ2d(a)brightview.co.uk...
>I use the following code for checking if a user has administrator rights:
>
> Public Function IsUserAdministrator() As Boolean
> Return
> My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator)
> End Function
>
> This doesn't work on Windows 7 with UAC enabled.

It's not that it doesn't work, you're misinterpreting the result. If you're
logged in under an Admin account and you test this without elevation, it is
(correctly) informing you that the account under which your process is
running do NOT have admin rights. This is because processes are spawned
under default (user) privs and not admin privs. If your app had requested
and received elevation, this function would return true.

>>
I only have one or two functions within my application that require this.
How
can I request the elevated privilege from within my code at runtime?
>>

Not easily, is the answer. Also, once you've obtained elevation it's even
harder to revoke it - i.e. your app remains in an elevated state, which is a
worst practice for security. Given that fact, you should look into
extracting those functions out of your app and into some kind of secondary
maintenance app perhaps, whose manifest demands elevation at runtime.

HTH,
Alex