Get Logged In User while Impersonate or Run as Admin

1 Reply

Sometimes when a program is run as Administrator, using the System.Security.Principal.WindowsIdentity.GetCurrent().Name will return always System or NT Authority\System. This happens while running the exe under windows service or by Installer class in the windows application.

The below code will solve this issue.

Code Snippet
  1. public static string GetParentUser(int pid)
  2.         {
  3.             string parentUserAccount = null;
  4.             string queryString = String.Format("select ParentProcessId from win32_process where ProcessId={0}", pid);
  5.             using (ManagementObjectSearcher query = new ManagementObjectSearcher(new
  6.             SelectQuery(queryString)))
  7.             {
  8.                 foreach (ManagementObject mo in query.Get())
  9.                 {
  10.                     uint parentPid = (uint)mo.Properties["ParentProcessId"].Value;
  11.                     queryString = String.Format("select Handle from win32_process where ParentProcessId = {0}", parentPid);
  12.                     using (ManagementObjectSearcher subQuery = new ManagementObjectSearcher(new
  13.                     SelectQuery(queryString)))
  14.                     {
  15.                         foreach (ManagementObject mo1 in subQuery.Get())
  16.                         {
  17.                             string handle = (string)mo1.Properties["Handle"].Value;
  18.                             RelatedObjectQuery relatedQuery =
  19.                             new RelatedObjectQuery("associators of {Win32_Process.Handle=\"" + handle + "\"}");
  20.                             relatedQuery.RelatedClass = "Win32_LogonSession";
  21.                             using (ManagementObjectSearcher relQuery = new ManagementObjectSearcher(relatedQuery))
  22.                             {
  23.                                 foreach (ManagementObject mo2 in relQuery.Get())
  24.                                 {
  25.                                     RelatedObjectQuery relQuery2 =
  26.                                     new RelatedObjectQuery("associators of {Win32_LogonSession.LogonId='" +
  27.                                     mo2["LogonId"] + "'}");
  28.                                     relQuery2.RelationshipClass = "win32_LoggedonUser";
  29.                                     using (ManagementObjectSearcher searcher2 = new ManagementObjectSearcher(relQuery2))
  30.                                     {
  31.                                         foreach (ManagementObject mo3 in searcher2.Get())
  32.                                         {
  33.                                             parentUserAccount = String.Format(@"{0}\{1}", mo3["Domain"], mo3["Name"]);
  34.                                         }
  35.                                     }
  36.                                 }
  37.                             }
  38.                         }
  39.                     }
  40.                 }
  41.             }
  42.             return parentUserAccount;
  43.         }

 

You can download the code here

 

Hope the above code works. It works for me.

Thanks to the original post

http://bytes.com/topic/c-sharp/answers/631036-getting-currently-logged-user

1 thought on “Get Logged In User while Impersonate or Run as Admin

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s