检查用户是在外部计算机的本地管理员 [英] Check if user is a local admin on external machine
问题描述
我正在写一个应用程序,所有聚集在每个几个不同服务器的事件日志条目。我可以通过传递计算机名到 EventLog.GetEventLogs 获得事件日志。这通常不能在某一阶段是用户是不是该计算机上的本地管理员,所以我想提前检查时间,并跳到下一组服务器,如果是这样的话
对于每个SVR作为字符串中的服务器
TODO:检查,看看他们是本地管理员,否则继续进行
昏暗的日志方式列表(一个EventLog)= EventLog.GetEventLogs(SVR).ToList
对于每个日志作为事件日志中记录
LoadEachOSLogEntry(日志)
下一个
下一个
大多数解决方案,像一个<一个href="http://stackoverflow.com/questions/1089046/in-net-c-test-if-user-is-an-administrative-user">here,仅检查用户是否是当前正在执行的机器上的管理员。
昏暗的用户作为的WindowsIdentity = WindowsIdentity.GetCurrent()
昏暗的校长作为新的WindowsPrincipal(用户)
昏暗isAdmin由于布尔= principal.IsInRole(WindowsBuiltInRole.Administrator)
我将分享部分解决,但我不完全喜欢它,如果任何人有什么好,我会高兴地接受他们的答案。
用户属于一个特定的用户组(在我的情况管理员)的任何计算机上下面的函数将返回阉与否。
进口System.DirectoryServices.AccountManagement
公共共享功能IsMemberOfGroup(用户名作为字符串,机器名作为字符串,memberGroup作为字符串)作为布尔
昏暗isMember由于布尔= FALSE
使用rootContext作为新PrincipalContext(ContextType.Machine,机器名),_
玻璃钢作为GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext,memberGroup),_
USR作为UserPrincipal = UserPrincipal.FindByIdentity(rootContext,IdentityType.SamAccountName,用户名)
如果GRP状态并没有任何AndAlso USR IsNot运算没有那么
'检查用户是否是该组的成员。
isMember = grp.GetMembers(真)。载(USR)
其他
isMember = FALSE
结束如果
结束使用
返回isMember
端功能
该caviat是运行方式的用户必须以有权将此信息 PrincipalContext 设置管理员。我希望该应用程序将能够确定正在运行的应用程序的用户是管理员。
为使这种超级有帮助的唯一方法是调用它,看看它是否想出了拒绝访问,类似于 hometoast 已经建议,但是这仍然没有手感超干净
I'm writing an app that aggregates all the event log entries on each of several different servers. I can get the event logs by passing in the MachineName to EventLog.GetEventLogs. This will typically fail at some stage is the user is not a local administrator on that machine, so I'd like to check for it ahead of time and skip to the next set of servers if that is the case
For Each svr As String In Servers
'TODO: check to see if they are a local administrator, else continue for
Dim logs As List(Of EventLog) = EventLog.GetEventLogs(svr).ToList
For Each log As EventLog In logs
LoadEachOSLogEntry(log)
Next
Next
Most solutions, like the one here, only check if the user is an admin on the currently executing machine.
Dim user As WindowsIdentity = WindowsIdentity.GetCurrent()
Dim principal As New WindowsPrincipal(user)
Dim isAdmin As Boolean = principal.IsInRole(WindowsBuiltInRole.Administrator)
I'll share a partial solution, but I'm not entirely happy with it so if anyone has anything better, I'd happily accept their answer.
The following function will return wether or not a user belongs to a particular user group (in my case "Administrators") on any machine.
Imports System.DirectoryServices.AccountManagement
Public Shared Function IsMemberOfGroup(userName As String, machineName As String, memberGroup as String) As Boolean
Dim isMember As Boolean = False
Using rootContext As New PrincipalContext(ContextType.Machine, machineName), _
grp As GroupPrincipal = GroupPrincipal.FindByIdentity(rootContext, memberGroup), _
usr As UserPrincipal = UserPrincipal.FindByIdentity(rootContext, IdentityType.SamAccountName, userName)
If grp IsNot Nothing AndAlso usr IsNot Nothing Then
' Check if the user is a member of the group.
isMember = grp.GetMembers(True).Contains(usr)
Else
isMember = False
End If
End Using
Return isMember
End Function
The caviat is that the user running the method has to be an admin in order to have rights to this information set in PrincipalContext. I was hoping that the application would be able to determine if the user running the application is an admin.
The only way to make this super helpful is to call it and see if it came up with "Access Denied", similar to hometoast already suggested, but this still doesn't feel super "clean"
这篇关于检查用户是在外部计算机的本地管理员的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
