' First step is to validate the credentials
If Not LogonUser(strUser, strDomain, strPassword, LogonType, LogonProvider, Token) Then
MsgBox("Couldn't validate user with provided credentials")
' Next we create an impersonation token
If Not DuplicateToken(Token, SECURITY_IMPERSONATION, ImpersonatedToken) Then
MsgBox("Yikes, couldn't impersonate the user")
' Next we build the SID for the local Administrators group
If Not AllocateAndInitializeSid(NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, AdminGroup) Then
MsgBox("Yikes, couldn't create the Local Admininstrator Group's SID")
' Lastly, we check to see if the impersonated token is in the Admin Group
If Not CheckTokenMembership(ImpersonatedToken, AdminGroup, IsAdmin) Then
MsgBox("Yikes, couldn't check membership")
MsgBox("IsAdmin=" & IsAdmin)
Alternative Managed API:
Do you know one? Please contribute it!
Please edit this page!
Do you have...
helpful tips or sample code to share for using this API in managed code?
corrections to the existing content?
variations of the signature you want to share?
additional languages you want to include?
Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).