Search code examples
c++winapiactive-directorysid

Get username of logged in user while using Domain Admin privileges

We need to run a program that requires the username of the logged in user. The program runs with Admin rights because it is being pushed by WinRM. As a regular user, the program returns the user, but when run as Administrator, I'm getting OpenProcessToken error 6. If there is another way to get the username of the logged in user, I'd like to know.

#include <windows.h>
#include <stdio.h>
#include <tlhelp32.h>
#pragma comment(lib, "advapi32.lib")
#define MAX_NAME 256

BOOL SearchTokenGroupsForSID (VOID) 
{
    DWORD i, dwSize = 0, dwResult = 0;
    HANDLE hToken;
    PTOKEN_USER pUserInfo;
    SID_NAME_USE SidType;
    char lpName[MAX_NAME];
    char lpDomain[MAX_NAME];
    PSID pSID = NULL;
    char *procname = "explorer.exe";
    int pid = 0;

    PROCESSENTRY32 entry;
    entry.dwSize = sizeof(PROCESSENTRY32);

    HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if (Process32First(snapshot, &entry) == TRUE)
    {
        while (Process32Next(snapshot, &entry) == TRUE)
        {
            if (stricmp(entry.szExeFile, procname) == 0)
            {  
                HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, entry.th32ProcessID);
                pid = entry.th32ProcessID;
                if (!OpenProcessToken( hProcess, TOKEN_QUERY, &hToken )) 
                {
                    printf( "OpenProcessToken Error %u\n", GetLastError() );
                    return FALSE;
                }
                
                CloseHandle(hProcess);
            }
        }
    }            
    printf("pid of %s: %d\n", procname, pid);

    if(!GetTokenInformation(hToken, TokenUser, NULL, dwSize, &dwSize)) 
    {
        dwResult = GetLastError();
        if( dwResult != ERROR_INSUFFICIENT_BUFFER ) {
            printf( "GetTokenInformation Error %u\n", dwResult );
            return FALSE;
        }
    }


    pUserInfo = (PTOKEN_USER) GlobalAlloc( GPTR, dwSize );


    if(! GetTokenInformation(hToken, TokenUser, pUserInfo, 
                            dwSize, &dwSize ) ) 
    {
        printf( "GetTokenInformation Error %u\n", GetLastError() );
        return FALSE;
    }

            dwSize = MAX_NAME;
            if( !LookupAccountSid( NULL, pUserInfo->User.Sid,
                                  lpName, &dwSize, lpDomain, 
                                  &dwSize, &SidType ) ) 
            {
                dwResult = GetLastError();
                if( dwResult == ERROR_NONE_MAPPED )
                   strcpy_s (lpName, dwSize, "NONE_MAPPED" );
                else 
                {
                    printf("LookupAccountSid Error %u\n", GetLastError());
                    return FALSE;
                }
            }
            printf( "Current user is a member of the %s\\%s group\n", 
                    lpDomain, lpName );


    if (pSID)
        FreeSid(pSID);
    if ( pUserInfo )
        GlobalFree( pUserInfo );
    return TRUE;
}

int main(void)
{
    SearchTokenGroupsForSID();
    return 0;
}
Solution

  • I was able to solve this quickly. Instead of deleting the thread, I figured other users may want to find out how to do so. The first argument to OpenProcess() should be PROCESS_QUERY_LIMITED_INFORMATION instead of PROCESS_ALL_ACCESS