Check if another process has admin privileges in .NET

Question

I\'m looking for a way to check that a remote process has administrator privileges from my (fully managed) code. It\'s safe to assume that my code will run be run with admin

Answer 1

OpenProcess(PROCESS_QUERY_[LIMITED_]INFORMATION)+OpenProcessToken(TOKEN_DUPLICATE) to get the token, then DuplicateTokenEx(TOKEN_QUERY,SecurityImpersonation,TokenImpersonation) to get the impersonation token, then pass that token and the SID from CreateWellKnownSid(WinBuiltinAdministratorsSid) to CheckTokenMembership.

To be able to open (almost) every process for PROCESS_QUERY_INFORMATION access you need to be running as administrator and with debug privileges. On Vista and later you can use PROCESS_QUERY_LIMITED_INFORMATION.

Example code available in this answer.