WindowsBuiltInRole Enumeración

Definición

Especifica roles comunes que se van a utilizar con IsInRole(String).Specifies common roles to be used with IsInRole(String).

public enum class WindowsBuiltInRole
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public enum WindowsBuiltInRole
type WindowsBuiltInRole = 
Public Enum WindowsBuiltInRole
Herencia
WindowsBuiltInRole
Atributos

Campos

AccountOperator 548

Los operadores de cuentas administran las cuentas de los usuarios de un equipo o dominio.Account operators manage the user accounts on a computer or domain.

Administrator 544

Los administradores tienen acceso completo y sin restricciones al equipo o dominio.Administrators have complete and unrestricted access to the computer or domain.

BackupOperator 551

Los operadores de copia de seguridad pueden reemplazar las restricciones de seguridad con el único propósito de hacer copias de seguridad de los archivos o de restaurarlas.Backup operators can override security restrictions for the sole purpose of backing up or restoring files.

Guest 546

Los invitados tienen más restricciones que los usuarios.Guests are more restricted than users.

PowerUser 547

Los usuarios avanzados poseen la mayoría de los permisos administrativos, con algunas restricciones.Power users possess most administrative permissions with some restrictions. De este modo, los usuarios avanzados pueden ejecutar aplicaciones heredadas, además de aplicaciones certificadas.Thus, power users can run legacy applications, in addition to certified applications.

PrintOperator 550

Los operadores de impresión pueden tomar el control de una impresora.Print operators can take control of a printer.

Replicator 552

Los replicadores permiten la duplicación de archivos en un dominio.Replicators support file replication in a domain.

SystemOperator 549

Los operadores del sistema administran un equipo en particular.System operators manage a particular computer.

User 545

Los usuarios no pueden realizar cambios accidentales o intencionados en todo el sistema.Users are prevented from making accidental or intentional system-wide changes. En consecuencia, pueden ejecutar aplicaciones certificadas, pero no la mayoría de las aplicaciones heredadas.Thus, users can run certified applications, but not most legacy applications.

Ejemplos

En el ejemplo siguiente se muestra el uso WindowsBuiltInRole de la enumeración.The following example shows the use of the WindowsBuiltInRole enumeration.

public:
   static void DemonstrateWindowsBuiltInRoleEnum()
   {
      AppDomain^ myDomain = Thread::GetDomain();

      myDomain->SetPrincipalPolicy( PrincipalPolicy::WindowsPrincipal );
      WindowsPrincipal^ myPrincipal = dynamic_cast<WindowsPrincipal^>(Thread::CurrentPrincipal);

      Console::WriteLine( "{0} belongs to: ", myPrincipal->Identity->Name );

      Array^ wbirFields = Enum::GetValues( WindowsBuiltInRole::typeid );

      for each ( Object^ roleName in wbirFields )
      {
         try
         {
            Console::WriteLine( "{0}? {1}.", roleName,
               myPrincipal->IsInRole(  *dynamic_cast<WindowsBuiltInRole^>(roleName) ) );
         }
         catch ( Exception^ ) 
         {
            Console::WriteLine( "{0}: Could not obtain role for this RID.",
               roleName );
         }
      }
   }
using System;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;

class SecurityPrincipalDemo
{
    public static void DemonstrateWindowsBuiltInRoleEnum()
    {
        AppDomain myDomain = Thread.GetDomain();

        myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
        Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString());
        Array wbirFields = Enum.GetValues(typeof(WindowsBuiltInRole));
        foreach (object roleName in wbirFields)
        {
            try
            {
                // Cast the role name to a RID represented by the WindowsBuildInRole value.
                Console.WriteLine("{0}? {1}.", roleName,
                    myPrincipal.IsInRole((WindowsBuiltInRole)roleName));
                Console.WriteLine("The RID for this role is: " + ((int)roleName).ToString());

            }
            catch (Exception)
            {
                Console.WriteLine("{0}: Could not obtain role for this RID.",
                    roleName);
            }
        }
        // Get the role using the string value of the role.
        Console.WriteLine("{0}? {1}.", "Administrators",
            myPrincipal.IsInRole("BUILTIN\\" + "Administrators"));
        Console.WriteLine("{0}? {1}.", "Users",
            myPrincipal.IsInRole("BUILTIN\\" + "Users"));
        // Get the role using the WindowsBuiltInRole enumeration value.
        Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator,
           myPrincipal.IsInRole(WindowsBuiltInRole.Administrator));
        // Get the role using the WellKnownSidType.
        SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
        Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid));
    }

    public static void Main()
    {
        DemonstrateWindowsBuiltInRoleEnum();
    }
}
Imports System.Threading
Imports System.Security.Permissions
Imports System.Security.Principal

Class SecurityPrincipalDemo

    Public Shared Sub DemonstrateWindowsBuiltInRoleEnum()
        Dim myDomain As AppDomain = Thread.GetDomain()

        myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
        Dim myPrincipal As WindowsPrincipal = CType(Thread.CurrentPrincipal, WindowsPrincipal)
        Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString())
        Dim wbirFields As Array = [Enum].GetValues(GetType(WindowsBuiltInRole))
        Dim roleName As Object
        For Each roleName In wbirFields
            Try
                ' Cast the role name to a RID represented by the WindowsBuildInRole value.
                Console.WriteLine("{0}? {1}.", roleName, myPrincipal.IsInRole(CType(roleName, WindowsBuiltInRole)))
                Console.WriteLine("The RID for this role is: " + Fix(roleName).ToString())

            Catch
                Console.WriteLine("{0}: Could not obtain role for this RID.", roleName)
            End Try
        Next roleName
        ' Get the role using the string value of the role.
        Console.WriteLine("{0}? {1}.", "Administrators", myPrincipal.IsInRole("BUILTIN\" + "Administrators"))
        Console.WriteLine("{0}? {1}.", "Users", myPrincipal.IsInRole("BUILTIN\" + "Users"))
        ' Get the role using the WindowsBuiltInRole enumeration value.
        Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator, myPrincipal.IsInRole(WindowsBuiltInRole.Administrator))
        ' Get the role using the WellKnownSidType.
        Dim sid As New SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, Nothing)
        Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid))

    End Sub

    Public Shared Sub Main()
        DemonstrateWindowsBuiltInRoleEnum()

    End Sub
End Class

Comentarios

Estos roles representan los grupos locales de Windows comunes a la mayoría de las instalaciones de Windows NT, Windows 2000 y Windows XP.These roles represent the local Windows groups common to most installations of Windows NT, Windows 2000 and Windows XP.

Nota

En Windows Vista, el control de cuentas de usuario (UAC) determina los privilegios de un usuario.In Windows Vista, User Account Control (UAC) determines the privileges of a user. Si es miembro del grupo Administradores integrados, se le asignarán dos símbolos (tokens) de acceso en tiempo de ejecución: un símbolo (token) de acceso de usuario estándar y un símbolo (token) de acceso de administrador.If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. De forma predeterminada, se le asignará el rol de usuario estándar.By default, you are in the standard user role. Al intentar realizar una tarea que requiere privilegios administrativos, puede elevar dinámicamente el rol mediante el cuadro de diálogo de consentimiento.When you attempt to perform a task that requires administrative privileges, you can dynamically elevate your role by using the Consent dialog box. El código que ejecuta el IsInRole método no muestra el cuadro de diálogo de consentimiento.The code that executes the IsInRole method does not display the Consent dialog box. El código devuelve false si está en el rol de usuario estándar, aunque esté en el grupo de administradores integrado.The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group. Puede elevar sus privilegios antes de ejecutar el código haciendo clic con el botón secundario en el icono de la aplicación e indicando que desea ejecutar como administrador.You can elevate your privileges before you execute the code by right-clicking the application icon and indicating that you want to run as an administrator.

Se aplica a