IsElevatedProcess

Determines if the current process executes with elevated access rights.

Declaration 

BOOL IsElevatedProcess (VOID);

Return Value

The function returns TRUE or FALSE according to whether the current process is or is not elevated.

Behaviour

If the function already has determined from an earlier execution that the current process is elevanted, it returns TRUE. Otherwise, the function opens the process token (with MAXIMUM_ALLOWED access rights) and queries for the TokenElevationType information class. If this succeeds, then there are two ways that the process may be determined as elevated. One is simply that the elevation type is TokenElevationTypeFull. The other is that the elevation type is TokenElevationDefault and then a query for the TokenElevation information class succeeds and reports that the token is elevated. In all other cases, the function returns FALSE.

Availability

The IsElevatedProcess function is exported from IERTUTIL as ordinal 44 in version 7.0 and higher.

This page was created on 4th April 2010 and was last modified on 7th April 2010.

Copyright © 2010. Geoff Chappell. All rights reserved. Conditions apply.