Why is WindowsPrincipal.IsInRole always returning false for the "Administrators" group?

Candide picture Candide · Feb 16, 2012 · Viewed 7.6k times · Source

My local user account is in the Administrators group, and I wanted to simply figure out how a windows forms project would determine if I'm in the administrators group. So, I started a windows forms project and tried the following:

[STAThread]
static void Main()
{
    string adminGroup1 = @"BUILTIN\Administrators";
    string adminGroup2 = Environment.MachineName + @"\Administrators";
    string adminGroup3 = Environment.MachineName.ToLower() + @"\Administrators";
    string adminGroup4 = "Administrators";
    string adminGroup5 = "administrators";

    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
    WindowsPrincipal currentUser1 = (WindowsPrincipal)Thread.CurrentPrincipal;
    bool IsAdmin1_1 = currentUser1.IsInRole(adminGroup1); // false
    bool IsAdmin1_2 = currentUser1.IsInRole(adminGroup2); // false
    bool IsAdmin1_3 = currentUser1.IsInRole(adminGroup3); // false
    bool IsAdmin1_4 = currentUser1.IsInRole(adminGroup4); // false
    bool IsAdmin1_5 = currentUser1.IsInRole(adminGroup5); // false

    WindowsPrincipal currentUser2 = new WindowsPrincipal(WindowsIdentity.GetCurrent());
    bool IsAdmin2_1 = currentUser2.IsInRole(adminGroup1); // false
    bool IsAdmin2_2 = currentUser2.IsInRole(adminGroup2); // false
    bool IsAdmin2_3 = currentUser2.IsInRole(adminGroup3); // false
    bool IsAdmin2_4 = currentUser1.IsInRole(adminGroup4); // false
    bool IsAdmin2_5 = currentUser2.IsInRole(adminGroup5); // false

    Application.EnableVisualStyles();
    Application.SetCompatibleTextRenderingDefault(false);
    Application.Run(new Form1());
}

Why are all the above checks failing?

Answer

Yahia picture Yahia · Feb 16, 2012

try

currentUser1.IsInRole(WindowsBuiltInRole.Administrator)

See MSDN.

"In Windows Vista and later versions of the Windows operating system, User Account Control (UAC) determines the privileges of a user. [..] The code that executes the IsInRole method does not display the Consent dialog box. The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group"