WindowsBuiltInRole Enumeration
Specifies common roles to be used with IsInRole.
Namespace: System.Security.Principal
Assembly: mscorlib (in mscorlib.dll)
| Member name | Description | |
|---|---|---|
| Administrator | Administrators have complete and unrestricted access to the computer or domain. | |
| User | Users are prevented from making accidental or intentional system-wide changes. Thus, users can run certified applications, but not most legacy applications. | |
| Guest | Guests are more restricted than users. | |
| PowerUser | Power users possess most administrative permissions with some restrictions. Thus, power users can run legacy applications, in addition to certified applications. | |
| AccountOperator | Account operators manage the user accounts on a computer or domain. | |
| SystemOperator | System operators manage a particular computer. | |
| PrintOperator | Print operators can take control of a printer. | |
| BackupOperator | Backup operators can override security restrictions for the sole purpose of backing up or restoring files. | |
| Replicator | Replicators support file replication in a domain. |
These roles represent the local Windows groups common to most installations of Windows NT, Windows 2000 and Windows XP.
.gif?cs-save-lang=1&cs-lang=cpp "Note") Note |
|---|
In Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. When you attempt to perform a task that requires administrative privileges, you can dynamically elevate your role by using the Consent dialog box. The code that executes the IsInRole method does not display the Consent dialog box. The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group. You can elevate your privileges before you execute the code by right-clicking the application icon and indicating that you want to run as an administrator. |
The following example shows the use of the WindowsBuiltInRole enumeration.
public: static void DemonstrateWindowsBuiltInRoleEnum() { AppDomain^ myDomain = Thread::GetDomain(); myDomain->SetPrincipalPolicy( PrincipalPolicy::WindowsPrincipal ); WindowsPrincipal^ myPrincipal = dynamic_cast<WindowsPrincipal^>(Thread::CurrentPrincipal); Console::WriteLine( "{0} belongs to: ", myPrincipal->Identity->Name ); Array^ wbirFields = Enum::GetValues( WindowsBuiltInRole::typeid ); for each ( Object^ roleName in wbirFields ) { try { Console::WriteLine( "{0}? {1}.", roleName, myPrincipal->IsInRole( *dynamic_cast<WindowsBuiltInRole^>(roleName) ) ); } catch ( Exception^ ) { Console::WriteLine( "{0}: Could not obtain role for this RID.", roleName ); } } }
Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
