This documentation is archived and is not being maintained.

WindowsBuiltInRole Enumeration

Specifies common roles to be used with IsInRole.

Namespace: System.Security.Principal
Assembly: mscorlib (in mscorlib.dll)

[SerializableAttribute] 
[ComVisibleAttribute(true)] 
public enum WindowsBuiltInRole
/** @attribute SerializableAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public enum WindowsBuiltInRole
SerializableAttribute 
ComVisibleAttribute(true) 
public enum WindowsBuiltInRole

 Member nameDescription
AccountOperatorAccount operators manage the user accounts on a computer or domain. 
AdministratorAdministrators have complete and unrestricted access to the computer or domain. 
BackupOperatorBackup operators can override security restrictions for the sole purpose of backing up or restoring files. 
GuestGuests are more restricted than users. 
PowerUserPower users possess most administrative permissions with some restrictions. Thus, power users can run legacy applications, in addition to certified applications. 
PrintOperatorPrint operators can take control of a printer. 
ReplicatorReplicators support file replication in a domain. 
SystemOperatorSystem operators manage a particular computer. 
UserUsers are prevented from making accidental or intentional system-wide changes. Thus, users can run certified applications, but not most legacy applications. 

These roles represent the local Windows groups common to most installations of Windows NT, Windows 2000 and Windows XP.

NoteNote:

In Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. When you attempt to perform a task that requires administrative privileges, you can dynamically elevate your role by using the Consent dialog box. The code that executes the IsInRole method does not display the Consent dialog box. The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group. You can elevate your privileges before you execute the code by right-clicking the application icon and indicating that you want to run as an administrator.

The following example shows the use of the WindowsBuiltInRole enumeration.

using System;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;

class SecurityPrincipalDemo
{
    public static void DemonstrateWindowsBuiltInRoleEnum()
    {
        AppDomain myDomain = Thread.GetDomain();

        myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
        Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString());
        Array wbirFields = Enum.GetValues(typeof(WindowsBuiltInRole));
        foreach (object roleName in wbirFields)
        {
            try
            {
                // Cast the role name to a RID represented by the WindowsBuildInRole value.
                Console.WriteLine("{0}? {1}.", roleName,
                    myPrincipal.IsInRole((WindowsBuiltInRole)roleName));
                Console.WriteLine("The RID for this role is: " + ((int)roleName).ToString());

            }
            catch (Exception)
            {
                Console.WriteLine("{0}: Could not obtain role for this RID.",
                    roleName);
            }
        }
        // Get the role using the string value of the role.
        Console.WriteLine("{0}? {1}.", "Administrators",
            myPrincipal.IsInRole("BUILTIN\\" + "Administrators"));
        Console.WriteLine("{0}? {1}.", "Users",
            myPrincipal.IsInRole("BUILTIN\\" + "Users"));
        // Get the role using the WindowsBuiltInRole enumeration value.
        Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator,
           myPrincipal.IsInRole(WindowsBuiltInRole.Administrator));
        // Get the role using the WellKnownSidType.
        SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
        Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid));
    }

    public static void Main()
    {
        DemonstrateWindowsBuiltInRoleEnum();
    }
}

public static void DemonstrateWindowsBuiltInRoleEnum()
{
    AppDomain myDomain = Thread.GetDomain();

    myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

    WindowsPrincipal myPrincipal = ((WindowsPrincipal)
        (Thread.get_CurrentPrincipal()));

    Console.WriteLine("{0} belongs to: ",
        myPrincipal.get_Identity().get_Name().ToString());

    Array wbirFields = Enum.GetValues(WindowsBuiltInRole.class.ToType());

    for (int iCtr = 0; iCtr < wbirFields.get_Count(); iCtr++) {
        Object roleName = wbirFields.get_Item(iCtr);
        try {
            Console.WriteLine("{0}? {1}.", roleName, 
            System.Convert.ToString(myPrincipal.
            IsInRole(((WindowsBuiltInRole)(roleName)))));
        }
        catch (System.Exception exp) {
            Console.WriteLine(
                "{0}: Could not obtain role for this RID.", roleName);
        }
    }
} //DemonstrateWindowsBuiltInRoleEnum

Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0, 1.1, 1.0
Show: