F5 APM client-side checks.

Alexander_Slink · ‎20-Apr-2020

Hello everyone,

Please help to find answer on the question below:

Can F5 APM determine the PC user privileges (administrator/user/etc.)?

Thanks!

Vladimir_Akhmarov · ‎25-Apr-2020

Hello Alexander

If we are talking about Windows (you wrote PC) maybe you can try this. There is a process "wininit.exe" which is visible under user with Administrator rights only but is present on all Windows sessions.

I think you can try to detect whether this process is present on system. For user with standard privileges return value will be false. For user with administrative privileges return value will be true. I think so

References:

https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-visual-policy-editor/access-policy-item-reference/about-endpoint-security-client-side-items/about-windows-process.html

https://support.f5.com/csp/article/K15302653

Alexander_Slink · ‎27-Apr-2020

Hi Vladimir,

Thanks for the reply.

The wininit.exe process is visible for both roles (admin and standard).

So this is not an option.

But thank you!

boneyard · ‎29-Apr-2020

isn't a simple memberOf enough for this? if you control the AD you know which groups contain admins.

Alexander_Slink · ‎08-May-2020

Hi Boneyard,

Thanks, but unfortunately no.

This is a different case.

boneyard · ‎08-May-2020

can you explain the case clearer then?

Vladimir_Akhmarov · ‎30-Apr-2020

Hi Alexander

According to https://support.f5.com/csp/article/K15302653 article "Starting with BIG-IP 13.1.0, you can use the inspector service in lieu of administrative privileges" but I think you can try to open registry key HKEY_LOCAL_MACHINE\SAM\SAM. Windows user without admin permissions receives error opening this key

Alexander_Slink · ‎08-May-2020

Hi Vladimir,

No, this is not an option too.

I have admin privileges, but I can't open the key.

DevCentral

F5 APM client-side checks.

Khoros Kudos Award 2022