An application may sometimes need to know whether or not the current user has administrative rights. This is complicated in Windows Vista by User Account Control (UAC) – the user may be in the Adminstrators group on the local machine, but nevertheless running with limited rights. When I came across this blog entry on COM elevation by Christoph Wille(thanks to Daniel Moth) I was interested to see the function he mentions called IsUACEnabledOS. I downloaded his code, but was disappointed to see this:

// a really simple check that does not account for possible UAC-disabledness via group policy
public static bool IsUACEnabledOS()
{
int majorVersion = Environment.OSVersion.Version.Major;
int minorVersion = Environment.OSVersion.Version.Minor;

return (majorVersion >= 6);
}

This just detects Vista or higher; in fact, it won’t always return the correct result, since Vista will lie about the version number if an application is running under compatibility settings. How then do we discover if UAC is enabled? The best I’ve come across so far is to query this registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

If the entry does not exist or is 0, UAC is not enabled. Of course there is no guarantee that this always work, but it’s unlikely to change. I also haven’t checked that it is there in the base versions of Vista; again, it is probably the same.

Update: See the comments to this post for a better solution from Andrei Belogortseff, using the GetTokenInformation API call.  

I’ve now posted a C# implementation of Andrei’s code.