如何检查用户名和密码中的帐户是否具有管理员权限/权限?

时间:2017-03-31 15:56:32

标签: python windows python-2.7

我想知道在python中是否有可能,给定字符串usernamepassword,找出该帐户是否具有管理员权限?

例如,如果我有两个input s:

u = input("Username: ")
p = input("Password: ")

# hasAdminRights is a placeholder to checking if the account first of all exists, and then if it has admin.

if hasAdminRights(u,p):
    print "This account has admin privileges!"
else:
    print """This account either
    1) does not have admin
    2) is not a real account
    3) entered the wrong password"""

即使登录用户不是管理员,我也需要能够检查这一点。

我已经看到很多关于检查当前用户是否有管理员的stackoverflow问题,但我想检查一下PC上的其他用户是否有管理员。

提前致谢,

David Callanan

1 个答案:

答案 0 :(得分:1)

要获取用户的访问令牌,请致电LogonUser,自Windows XP / 2003起,该SeTcbPrivilege不需要GetTokenInformation。接下来调用from win32security import ( LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, SE_GROUP_ENABLED, TokenElevationType, TokenLinkedToken, TokenGroups, TokenElevationTypeLimited, WinBuiltinAdministratorsSid, LogonUser, GetTokenInformation, CreateWellKnownSid) def is_user_an_admin(username, password, allow_elevation=True): token = LogonUser(username, None, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT) elevation_type = GetTokenInformation(token, TokenElevationType) admin_group = CreateWellKnownSid(WinBuiltinAdministratorsSid) if elevation_type == TokenElevationTypeLimited and allow_elevation: linked_token = GetTokenInformation(token, TokenLinkedToken) token_list = [token, linked_token] else: token_list = [token] for token in token_list: for group, attrs in GetTokenInformation(token, TokenGroups): enabled = attrs & SE_GROUP_ENABLED if enabled and group == admin_group: return True return False 以获取标记中的标高类型,链接标记和组列表。例如:

while True:
  NSRunLoop.currentRunLoop().runUntilDate_(NSDate.dateWithTimeIntervalSinceNow_(0.1))

此示例不会屏蔽异常,例如密码错误。