#include "StdAfx.h"
#include "CheckMembership.h"

Functions
CA_API UINT __stdcall	CheckMembership (MSIHANDLE hInstall)
	Custom action to determine whether a specified security identifier (SID) is enabled in the impersonation token of the calling thread. More...

Function Documentation

CA_API UINT __stdcall CheckMembership ( MSIHANDLE hInstall )

Custom action to determine whether a specified security identifier (SID) is enabled in the impersonation token of the calling thread.

Parameters

SID	Sid to check. The function checks for the presence of this SID in the user and group SIDs of the impersonation token of the calling thread.

Returns: LOGON_IS_MEMBER 1 if the SID is present and has the SE_GROUP_ENABLED attribute, 0 otherwise.; CA_ERROR system error when available.

For a list of well known SIDs on Windows, refer to http://support.microsoft.com/kb/243330

Example:

The following code includes the UserPrivileges custom action binary and declares the CheckMembership custom action.

The following code checks whether a user is a member of the Administrators local group.

<Control Id="Test" Type="PushButton" X="40" Y="200" Width="100" Height="17" Text="&amp;Test Membership">
 <!-- check whether this user is an administrator -->
 <Publish Property="IMPERSONATE_USERNAME" Value="[SCANENGINE_SERVICE_USERNAME]">1</Publish>
 <Publish Property="IMPERSONATE_PASSWORD" Value="[SCANENGINE_SERVICE_PASSWORD]">1</Publish>
 <Publish Property="SID" Value="S-1-5-32-544">1</Publish>
 <Publish Event="DoAction" Value="Service_CheckMembership">1</Publish>
 <Publish Property="LOGON_ERROR" Value="The specified account is not a member of the Administrators group."><![CDATA[LOGON_IS_MEMBER = "0"]]></Publish>
</Control>

This custom action supports impersonation, see Impersonation in Immediate Custom Actions.

Functions

Function Documentation