Thanks for link,
I have implemented C++ dll which modifies my property with MsiSetProperty winapi funcition. It works.
this may be useful to someone:
IsAdmin is set when user is in administrator group or MSI launched with eleveated rights, or launched at XP.
Code: Select all
#include <shlobj.h>
#include <VersionHelpers.h>
#include <windows.h>
#include <Msiquery.h>
namespace
{
const wchar_t *g_isadmin_property = L"IsAdmin";
const wchar_t *g_true_val = L"1";
const wchar_t *g_false_val = L"0";
} // namespace
UINT SetIsAdminProperty(bool is_admin, MSIHANDLE hInstall)
{
const wchar_t *ret_value = is_admin ? g_true_val : g_false_val;
return MsiSetProperty(hInstall, g_isadmin_property, ret_value);
}
UINT __stdcall IsUserAdmin(MSIHANDLE hInstall)
{
bool is_admin = false;
if (IsWindowsVistaOrGreater())
{
HANDLE process_id = GetCurrentProcess();
if (process_id == NULL)
{
SetIsAdminProperty(false, hInstall);
return 1;
}
HANDLE token_handle = NULL;
if (!OpenProcessToken(process_id, TOKEN_READ, &token_handle))
{
SetIsAdminProperty(false, hInstall);
return 1;
}
TOKEN_ELEVATION_TYPE tokenElevationType;
DWORD bytesUsed = 0;
if (!GetTokenInformation(token_handle, TokenElevationType, &tokenElevationType, sizeof(tokenElevationType), &bytesUsed))
{
SetIsAdminProperty(false, hInstall);
return 1;
}
if (tokenElevationType != TokenElevationTypeLimited)
{
is_admin = TRUE == ::IsUserAnAdmin();
return SetIsAdminProperty(is_admin, hInstall);;
}
TOKEN_LINKED_TOKEN linkedToken;
if (!GetTokenInformation(token_handle, TokenLinkedToken, &linkedToken, sizeof(HANDLE), &bytesUsed))
{
SetIsAdminProperty(false, hInstall);
return 1;
}
BYTE adminSID[SECURITY_MAX_SID_SIZE];
DWORD sidSize = sizeof(adminSID);
if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, 0, &adminSID, &sidSize))
{
SetIsAdminProperty(false, hInstall);
return 1;
}
BOOL isMember = FALSE;
if (!CheckTokenMembership(linkedToken.LinkedToken, &adminSID, &isMember))
{
SetIsAdminProperty(false, hInstall);
return 1;
}
is_admin = (isMember != FALSE);
}
else
{
is_admin = TRUE == ::IsUserAnAdmin();
}
return SetIsAdminProperty(is_admin, hInstall);
}
__
Best regards,
Andrey