Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

F5 APM client-side checks.

Alexander_Slink
Altostratus
Altostratus

‎20-Apr-2020 01:41

Hello everyone,

 

Please help to find answer on the question below:

 

Can F5 APM determine the PC user privileges (administrator/user/etc.)?

 

Thanks!

Labels:
0 Kudos
7 REPLIES 7

Vladimir_Akhmarov
Cirrus
Cirrus

‎25-Apr-2020 03:10

Hello Alexander

 

If we are talking about Windows (you wrote PC) maybe you can try this. There is a process "wininit.exe" which is visible under user with Administrator rights only but is present on all Windows sessions.

 

I think you can try to detect whether this process is present on system. For user with standard privileges return value will be false. For user with administrative privileges return value will be true. I think so

 

References:

https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-endpoint-security-client-side-items/about-windows-process.html

 

https://support.f5.com/csp/article/K15302653

 

0 Kudos

Alexander_Slink
Altostratus
Altostratus
In response to Vladimir_Akhmarov

‎27-Apr-2020 00:37

Hi Vladimir,

 

Thanks for the reply.

 

The wininit.exe process is visible for both roles (admin and standard).

So this is not an option.

 

But thank you!

0 Kudos

boneyard
MVP
MVP

‎29-Apr-2020 10:40

isn't a simple memberOf enough for this? if you control the AD you know which groups contain admins.

0 Kudos

Alexander_Slink
Altostratus
Altostratus
In response to boneyard

‎08-May-2020 07:02

Hi Boneyard,

 

Thanks, but unfortunately no.

This is a different case.

0 Kudos

boneyard
MVP
MVP
In response to Alexander_Slink

‎08-May-2020 11:28

can you explain the case clearer then?

0 Kudos

Vladimir_Akhmarov
Cirrus
Cirrus

‎30-Apr-2020 13:46

Hi Alexander

 

According to https://support.f5.com/csp/article/K15302653 article "Starting with BIG-IP 13.1.0, you can use the inspector service in lieu of administrative privileges" but I think you can try to open registry key HKEY_LOCAL_MACHINE\SAM\SAM. Windows user without admin permissions receives error opening this key

0 Kudos

Alexander_Slink
Altostratus
Altostratus
In response to Vladimir_Akhmarov

‎08-May-2020 07:00

Hi Vladimir,

 

No, this is not an option too.

I have admin privileges, but I can't open the key.

0 Kudos
Copyright © 2023 Khoros, LLC