Cannot determine whether UAC is active in Windows Server 2008 64 bit

Question

I've got some code that works fine on all Windows OS except Windows Server 2008 64bits. This code determines whether UAC is turned on.

int TokenInfLength = 0;
bool Result;
// first call gets length of TokenInformation
Result = GetTokenInformation(WindowsIdentity.GetCurrent().Token, TOKEN_INFORMATION_CLASS.TokenElevationType, IntPtr.Zero, TokenInfLength, out TokenInfLength);
IntPtr TokenInformation = Marshal.AllocHGlobal(TokenInfLength);

Result = GetTokenInformation(WindowsIdentity.GetCurrent().Token, TOKEN_INFORMATION_CLASS.TokenElevationType, TokenInformation, TokenInfLength, out TokenInfLength);

if (Result)
{
    TOKEN_ELEVATION_TYPE elevationType = (TOKEN_ELEVATION_TYPE)Marshal.ReadInt32(TokenInformation);
    Marshal.FreeHGlobal(TokenInformation);

    switch (elevationType)
    {
        case TOKEN_ELEVATION_TYPE.TokenElevationTypeDefault:
            Console.WriteLine("UAC (User Account Control) is turned off in your operating system. Please turn on UAC and restart your computer.");            break;
        case TOKEN_ELEVATION_TYPE.TokenElevationTypeFull:
            Console.WriteLine("User has a split token, and the process is running elevated");
            break;
        case TOKEN_ELEVATION_TYPE.TokenElevationTypeLimited:
            Console.WriteLine("User has a split token, but the process is not running elevated");
            break;
    }
}

...

enum TOKEN_ELEVATION_TYPE : int
{
    TokenElevationTypeDefault = 1,
    TokenElevationTypeFull,
    TokenElevationTypeLimited
}
enum TOKEN_INFORMATION_CLASS
{
    TokenUser = 1,
    TokenGroups,
    TokenPrivileges,
    TokenOwner,
    TokenPrimaryGroup,
    TokenDefaultDacl,
    TokenSource,
    TokenType,
    TokenImpersonationLevel,
    TokenStatistics,
    TokenRestrictedSids,
    TokenSessionId,
    TokenGroupsAndPrivileges,
    TokenSessionReference,
    TokenSandBoxInert,
    TokenAuditPolicy,
    TokenOrigin,
    TokenElevationType,
    TokenLinkedToken,
    TokenElevation,
    TokenHasRestrictions,
    TokenAccessInformation,
    TokenVirtualizationAllowed,
    TokenVirtualizationEnabled,
    TokenIntegrityLevel,
    TokenUIAccess,
    TokenMandatoryPolicy,
    TokenLogonSid,
    MaxTokenInfoClass
}

TOKEN_INFORMATION_CLASS.TokenElevationType is an enum const, which ordinal value is 18.

So, with my UAC enabled on WS 2008 64 bits I've got message that "UAC (User Account Control) is turned off in your operating system. Please turn on UAC and restart your computer". Does anyone know what's the matter?

Answer 1

Be very afraid of this approach. It will correctly tell you if you have a split token, but that doesn't necessarily mean anything useful.

For example:

• What happens if you disable UAC? You won’t have a split token. You’d get TokenElevationTypeDefault.
• What happens if you are logged in as the .\Administrator account? Same thing, you'll get TokenElevationTypeDefault

Neither one means you're a standard user, which is a common mistake by misapplying the above logic for the "typical" case.

• What about if you happen to have one, and only one, super privilege, and you elevated to get that into your token? Then you’d have TokenElevationTypeFull – which is frequently interpreted as meaning you’re an admin.

Lifted shamelessly from Chris Jackson's: How to Determine if a User is a Member of the Administrators Group with UAC Enabled on Windows Vista