WindowsBuiltInRole 枚举

定义

指定要与 IsInRole(String) 一起使用的公共角色。Specifies common roles to be used with IsInRole(String).

public enum class WindowsBuiltInRole
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public enum WindowsBuiltInRole
type WindowsBuiltInRole = 
Public Enum WindowsBuiltInRole
继承
WindowsBuiltInRole
属性

字段

AccountOperator 548

帐户操作员管理计算机或域中的用户帐户。Account operators manage the user accounts on a computer or domain.

Administrator 544

管理员具有对计算机或域的完全的无限制的访问权限。Administrators have complete and unrestricted access to the computer or domain.

BackupOperator 551

备份操作员仅在出于备份或还原文件目的时才可以重写安全限制。Backup operators can override security restrictions for the sole purpose of backing up or restoring files.

Guest 546

来宾受到比用户更多的限制。Guests are more restricted than users.

PowerUser 547

超级用户具有大部分管理员权限(但也受到某些限制)。Power users possess most administrative permissions with some restrictions. 因此,高级用户除了可以运行已验证过的应用程序外,还可以运行旧式应用程序。Thus, power users can run legacy applications, in addition to certified applications.

PrintOperator 550

打印操作员可以获得打印机的控制权。Print operators can take control of a printer.

Replicator 552

复制程序支持域中的文件复制。Replicators support file replication in a domain.

SystemOperator 549

系统操作员管理特定的计算机。System operators manage a particular computer.

User 545

用户被阻止进行意外的或有意的系统级更改。Users are prevented from making accidental or intentional system-wide changes. 因此,用户可以运行已验证过的应用程序,但不能运行大部分旧式应用程序。Thus, users can run certified applications, but not most legacy applications.

示例

下面的示例演示如何使用WindowsBuiltInRole枚举。The following example shows the use of the WindowsBuiltInRole enumeration.

public:
   static void DemonstrateWindowsBuiltInRoleEnum()
   {
      AppDomain^ myDomain = Thread::GetDomain();

      myDomain->SetPrincipalPolicy( PrincipalPolicy::WindowsPrincipal );
      WindowsPrincipal^ myPrincipal = dynamic_cast<WindowsPrincipal^>(Thread::CurrentPrincipal);

      Console::WriteLine( "{0} belongs to: ", myPrincipal->Identity->Name );

      Array^ wbirFields = Enum::GetValues( WindowsBuiltInRole::typeid );

      for each ( Object^ roleName in wbirFields )
      {
         try
         {
            Console::WriteLine( "{0}? {1}.", roleName,
               myPrincipal->IsInRole(  *dynamic_cast<WindowsBuiltInRole^>(roleName) ) );
         }
         catch ( Exception^ ) 
         {
            Console::WriteLine( "{0}: Could not obtain role for this RID.",
               roleName );
         }
      }
   }
using System;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;

class SecurityPrincipalDemo
{
    public static void DemonstrateWindowsBuiltInRoleEnum()
    {
        AppDomain myDomain = Thread.GetDomain();

        myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
        Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString());
        Array wbirFields = Enum.GetValues(typeof(WindowsBuiltInRole));
        foreach (object roleName in wbirFields)
        {
            try
            {
                // Cast the role name to a RID represented by the WindowsBuildInRole value.
                Console.WriteLine("{0}? {1}.", roleName,
                    myPrincipal.IsInRole((WindowsBuiltInRole)roleName));
                Console.WriteLine("The RID for this role is: " + ((int)roleName).ToString());

            }
            catch (Exception)
            {
                Console.WriteLine("{0}: Could not obtain role for this RID.",
                    roleName);
            }
        }
        // Get the role using the string value of the role.
        Console.WriteLine("{0}? {1}.", "Administrators",
            myPrincipal.IsInRole("BUILTIN\\" + "Administrators"));
        Console.WriteLine("{0}? {1}.", "Users",
            myPrincipal.IsInRole("BUILTIN\\" + "Users"));
        // Get the role using the WindowsBuiltInRole enumeration value.
        Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator,
           myPrincipal.IsInRole(WindowsBuiltInRole.Administrator));
        // Get the role using the WellKnownSidType.
        SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
        Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid));
    }

    public static void Main()
    {
        DemonstrateWindowsBuiltInRoleEnum();
    }
}
Imports System.Threading
Imports System.Security.Permissions
Imports System.Security.Principal

Class SecurityPrincipalDemo

    Public Shared Sub DemonstrateWindowsBuiltInRoleEnum()
        Dim myDomain As AppDomain = Thread.GetDomain()

        myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
        Dim myPrincipal As WindowsPrincipal = CType(Thread.CurrentPrincipal, WindowsPrincipal)
        Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString())
        Dim wbirFields As Array = [Enum].GetValues(GetType(WindowsBuiltInRole))
        Dim roleName As Object
        For Each roleName In wbirFields
            Try
                ' Cast the role name to a RID represented by the WindowsBuildInRole value.
                Console.WriteLine("{0}? {1}.", roleName, myPrincipal.IsInRole(CType(roleName, WindowsBuiltInRole)))
                Console.WriteLine("The RID for this role is: " + Fix(roleName).ToString())

            Catch
                Console.WriteLine("{0}: Could not obtain role for this RID.", roleName)
            End Try
        Next roleName
        ' Get the role using the string value of the role.
        Console.WriteLine("{0}? {1}.", "Administrators", myPrincipal.IsInRole("BUILTIN\" + "Administrators"))
        Console.WriteLine("{0}? {1}.", "Users", myPrincipal.IsInRole("BUILTIN\" + "Users"))
        ' Get the role using the WindowsBuiltInRole enumeration value.
        Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator, myPrincipal.IsInRole(WindowsBuiltInRole.Administrator))
        ' Get the role using the WellKnownSidType.
        Dim sid As New SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, Nothing)
        Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid))

    End Sub

    Public Shared Sub Main()
        DemonstrateWindowsBuiltInRoleEnum()

    End Sub
End Class

注解

这些角色表示 Windows NT、Windows 2000 和 Windows XP 的大多数安装所共有的本地 Windows 组。These roles represent the local Windows groups common to most installations of Windows NT, Windows 2000 and Windows XP.

备注

在 Windows Vista 中,用户帐户控制 (UAC) 决定用户的特权。In Windows Vista, User Account Control (UAC) determines the privileges of a user. 如果您是内置的 Administrators 组的成员,将为您分配两个运行时访问令牌:一个标准用户访问令牌和一个管理员访问令牌。If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. 默认情况下,您拥有标准用户角色。By default, you are in the standard user role. 当您尝试执行需要管理特权的任务时, 您可以使用同意对话框动态提升您的角色。When you attempt to perform a task that requires administrative privileges, you can dynamically elevate your role by using the Consent dialog box. 执行IsInRole方法的代码不显示 "同意" 对话框。The code that executes the IsInRole method does not display the Consent dialog box. 如果你是标准用户角色, 则该代码将返回 false, 即使你处于内置 Administrators 组中也是如此。The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group. 通过右键单击应用程序图标并指示你希望以管理员身份运行, 可以在执行代码之前提升权限。You can elevate your privileges before you execute the code by right-clicking the application icon and indicating that you want to run as an administrator.

适用于