cancel
Showing results for 
Search instead for 
Did you mean: 

F5 APM client-side checks.

Alexander_Slink
Altostratus
Altostratus

Hello everyone,

 

Please help to find answer on the question below:

 

Can F5 APM determine the PC user privileges (administrator/user/etc.)?

 

Thanks!

7 REPLIES 7

akhmarov
Altostratus
Altostratus

Hello Alexander

 

If we are talking about Windows (you wrote PC) maybe you can try this. There is a process "wininit.exe" which is visible under user with Administrator rights only but is present on all Windows sessions.

 

I think you can try to detect whether this process is present on system. For user with standard privileges return value will be false. For user with administrative privileges return value will be true. I think so

 

References:

https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-endpoint-security-client-side-items/about-windows-process.html

 

https://support.f5.com/csp/article/K15302653

 

Hi Vladimir,

 

Thanks for the reply.

 

The wininit.exe process is visible for both roles (admin and standard).

So this is not an option.

 

But thank you!

boneyard
MVP
MVP

isn't a simple memberOf enough for this? if you control the AD you know which groups contain admins.

Hi Boneyard,

 

Thanks, but unfortunately no.

This is a different case.

can you explain the case clearer then?

akhmarov
Altostratus
Altostratus

Hi Alexander

 

According to https://support.f5.com/csp/article/K15302653 article "Starting with BIG-IP 13.1.0, you can use the inspector service in lieu of administrative privileges" but I think you can try to open registry key HKEY_LOCAL_MACHINE\SAM\SAM. Windows user without admin permissions receives error opening this key

Hi Vladimir,

 

No, this is not an option too.

I have admin privileges, but I can't open the key.