Forum Discussion
Alexander_Slink
Altostratus
AltostratusF5 APM client-side checks.
Hello everyone,
Please help to find answer on the question below:
Can F5 APM determine the PC user privileges (administrator/user/etc.)?
Thanks!
- Vladimir_Akhmarov
Cirrus
Hello Alexander
If we are talking about Windows (you wrote PC) maybe you can try this. There is a process "wininit.exe" which is visible under user with Administrator rights only but is present on all Windows sessions.
I think you can try to detect whether this process is present on system. For user with standard privileges return value will be false. For user with administrative privileges return value will be true. I think so
References:
https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-endpoint-security-client-side-items/about-windows-process.html
https://support.f5.com/csp/article/K15302653
Alexander_SlinkHi Vladimir,
Thanks for the reply.
The wininit.exe process is visible for both roles (admin and standard).
So this is not an option.
But thank you!
boneyardMVP
isn't a simple memberOf enough for this? if you control the AD you know which groups contain admins.
- Alexander_Slink
Hi Boneyard,
Thanks, but unfortunately no.
This is a different case.
- boneyard
can you explain the case clearer then?
- Vladimir_Akhmarov
Hi Alexander
According to https://support.f5.com/csp/article/K15302653 article "Starting with BIG-IP 13.1.0, you can use the inspector service in lieu of administrative privileges" but I think you can try to open registry key HKEY_LOCAL_MACHINE\SAM\SAM. Windows user without admin permissions receives error opening this key
- Alexander_Slink
Hi Vladimir,
No, this is not an option too.
I have admin privileges, but I can't open the key.
