Determine rights and privileges on Windows.

Roger Upole rupole at hotmail.com
Thu May 27 20:48:15 EDT 2004 

The first parm to LsaEnumerateAccountRights is a policy handle returned
from LsaOpenPolicy.  I'll try to update the documentation.
To list the privileges for the current process, you can use something like
this:

import win32process, win32security
ph=win32process.GetCurrentProcess()
th = win32security.OpenProcessToken(ph,win32security.TOKEN_READ)
privs=win32security.GetTokenInformation(th,win32security.TokenPrivileges)
for priv in privs:
    priv_state=''
    if priv[1]==0:
        priv_state='Disabled'
    if priv[1]&win32security.SE_PRIVILEGE_ENABLED:
        priv_state+=' SE_PRIVILEGE_ENABLED'
    if priv[1]&win32security.SE_PRIVILEGE_ENABLED_BY_DEFAULT:
        priv_state+=' SE_PRIVILEGE_ENABLED_BY_DEFAULT'
    print win32security.LookupPrivilegeName(None,priv[0]),priv[1],priv_state
Note that the None parm to LookupPrivilegeName means to use the local
machine, substitute your DC if you're in a domain.
   hth
      Roger


"Peter Schmiedeskamp" <pschmied at yahoo.com> wrote in message
news:mailman.369.1085675362.6949.python-list at python.org...
> Hello, I'm writing a python program (in Windows) from
> which I would like to determine whether or not either:
> 1. The user has administrative access on the current
> PC.
> or (better)
> 2. The currently running process has administrative
> access.
>
> For the first scenario, the
> win32security.LsaEnumerateAccountRight() seems to to
> be the ticket.  The documentation doesn't describe
> what this function requires as parameters.  It appears
> to require a PySID object and some sort of PyHANDLE
> object.  I've figured out how to get the PySID object,
> but I'm not sure what type of PyHANDLE is required (or
> how to create such a thing)
>
> My other alternative is to check the running process
> for its authority.  There appear to a number of
> functions that sound potentially logical to use,
> however I'm unable to determine which I should use.
>
> Has anyone done such a thing?  Many thanks to anyone
> who can give me a shove down the right path.
>
> -Peter
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Friends.  Fun.  Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/
>

More information about the Python-list mailing list