使用Python检查任意用户是否在管理员组中 [英] Check if an arbitrary user is in Administrator Group with Python
问题描述
是否可以检查管理员组中是否有任何给定用户?
Is there a way to check if any given user is in the Administrator's Group?
我知道如何检查当前用户是使用以下命令的管理员:
I know how to check if the current user is an admin using:
import ctypes
print ctypes.windll.shell32.IsUserAnAdmin()
但是,如果我以userA身份登录,我想知道userZed是否具有管理员权限。
However if I'm logged in as userA, I want to know if userZed has admin privileges.
任何指针或建议都会有所帮助,看来我无法找到ctypes.windll.shell32上的任何文档。
Any pointers or suggestions would help, it seems I can't track down any documentation on ctypes.windll.shell32.
推荐答案
这是一个提供此代码的网站:
Here is a website with code to do this:
http://skippylovesmalorie.wordpress.com/tag/python-windows/
我对其进行了测试,有用。可以如下使用,请注意字符串必须为Unicode或登录将失败:
I tested it and it works. Can be used as follows, note that the strings HAVE to be unicode or the login will fail:
Python 2.7:
Python 2.7:
print(user_is_admin(u"johndoe", u"password123", u"MYDOMAIN"))
Python 3.x:
Python 3.x:
print(user_is_admin("johndoe", "password123", "MYDOMAIN"))
下面是代码,以供将来参考:
Here's the code, for future reference:
import ctypes
import ctypes.wintypes
def current_user_is_admin():
return user_token_is_admin(0)
def user_is_admin(username, password, domain=None):
"""note that username, password, and domain should all be unicode"""
LOGON32_LOGON_NETWORK = 3
LOGON32_PROVIDER_DEFAULT = 0
token = ctypes.wintypes.HANDLE()
if ctypes.windll.advapi32.LogonUserW(username, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ctypes.byref(token)) == 0:
raise Exception("user logon failed")
try:
return user_token_is_admin(token)
finally:
ctypes.windll.kernel32.CloseHandle(token)
def user_token_is_admin(user_token):
"""
using the win32 api, determine if the user with token user_token has administrator rights
"""
class SID_IDENTIFIER_AUTHORITY(ctypes.Structure):
_fields_ = [
("byte0", ctypes.c_byte),
("byte1", ctypes.c_byte),
("byte2", ctypes.c_byte),
("byte3", ctypes.c_byte),
("byte4", ctypes.c_byte),
("byte5", ctypes.c_byte),
]
nt_authority = SID_IDENTIFIER_AUTHORITY()
nt_authority.byte5 = 5
SECURITY_BUILTIN_DOMAIN_RID = 0x20
DOMAIN_ALIAS_RID_ADMINS = 0x220
administrators_group = ctypes.c_void_p()
if ctypes.windll.advapi32.AllocateAndInitializeSid(ctypes.byref(nt_authority), 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, ctypes.byref(administrators_group)) == 0:
raise Exception("AllocateAndInitializeSid failed")
try:
is_admin = ctypes.wintypes.BOOL()
if ctypes.windll.advapi32.CheckTokenMembership(
user_token, administrators_group, ctypes.byref(is_admin)) == 0:
raise Exception("CheckTokenMembership failed")
return is_admin.value != 0
finally:
ctypes.windll.advapi32.FreeSid(administrators_group)
这篇关于使用Python检查任意用户是否在管理员组中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!