On a Windows 8.1 system where UAC is turned off and the current user is a member of the local administrators (not the local "administrator" account) calling "IsUserAnAdmin" returns "false". In Windows 7, with the same settings, calling "IsUserAnAdmin" returns "true". The MSDN article states that support for this function ended with Windows Vista / Server 2008, so does it not work any longer in Windows 8 / 8.1?
As it turns out on a Windows 8.1 PC just setting UAC to "Never notify" is not enough to give full unrestricted administrative rights to a user account when it logs on. If one just sets UAC to "Never notify", to execute a program with full administrative rights it is still necessary to use the "Run as administrator" menu entry to start the program. "Never notify", as the wording suggest, in this situation just does not display the UAC confirmation dialog.
On Windows 8 / Server 2012, to give full administrative rights to an account right after it logs on, UAC has to be turned off and the following local policy needs to be disabled in the "Local Group Policy Editor" (gpedit.msc) or via Group Policy on the domain level: Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options / User Account Control: Run all administrators in Admin Approval Mode. Once this change has happened calling "IsUserAnAdmin" returns "true".
This is a change compared to Windows 7. In Windows 7, when one sets the UAC level to "Never notify", the above mentioned policy automatically gets set to "Disabled".
Credit goes to Michi Dönselmann of "NWC Services" for pointing me in the right direction with this article: "UAC auf Windows Server 2012 deaktivieren".
© 2022 - 2024 — McMap. All rights reserved.