Find out current username when executed as admin

[Leo1906]

I'm having a problem here ..

I need to find out the real username of the account executing the script. The problem is that I run my script on a User-Account with reduced privileges. But my script needs admin rigths and when they are granted the value @username changes to the admin account.
Look for yourself:

MsgBox(0, 0, @UserName)

executed on an account without admin privileges return the real username.

#RequireAdmin
MsgBox(0, 0, @UserName)

This returns the username of the admin.

I can understand that this happens, but I need to get the username of the currently logged in account.
And I want to achieve this without the execution of another script and without elevating my exe afterwards to admin rights ..

 

I hope you understand what I want to achieve ..

 

Thanks or your help

[iamtheky]

Provided that all logons are local (type 2) this will work, if you have network logons you need to add type 3 as well

#requireadmin
#include <AutoItConstants.au3>

$sCommand = "powershell Get-EventLog -logname 'Security'"
$sMessage = '-InstanceID "4624"'
$iPID = run($sCommand & " " & $sMessage & "| Format-List", "" , @SW_HIDE , $stdout_child)

$sOutput = ""

while 1
   $sOutput &= StdoutRead($iPID)
   If @error Then ExitLoop
WEnd

ProcessClose($iPID)

$aOut = stringsplit($sOutput , @LF , 2)

$flag = 0

For $i = 0 to ubound($aOut) - 1
   If stringinstr(stringstripws($aOut[$i] , 8) , "LogonType:2") Then $flag = 1
   If stringinstr($aOut[$i] , "Account Name:") And $flag = 1 Then
      msgbox(0, 'Last Logged On' , $aOut[$i])
      ExitLoop
   EndIf
Next

 

[PACaleala]

My best guess is that you need something like this:

Local $l
Local $sComputer = objcreate("wscript.network").computername
Local $oWMIService = ObjGet("winmgmts:" & "{impersonationLevel=impersonate}!\\" & $sComputer & "\root\cimv2")
Local $colItems = $oWMIService.ExecQuery("Select * from Win32_NetworkLoginProfile")
For $oItem in $colItems
    If Not $oItem.FullName="" Then
    $l = $l & "Caption: " & $oItem.Caption & @CrLf
    $l = $l & "User full name: " & $oItem.FullName & @CrLf
    $l = $l & "User name: " & $oItem.Name & @CrLf
    $l = $l & @CrLf
    EndIf
Next
MsgBox(0,$sComputer,$l)
;

[Leo1906]

Thank you both for your help, but this doesn't work either ..
Any other ideas? :/

[iamtheky]

Please elaborate on the behavior with mine, as returning the last local logon from the event log is pretty straightforward.

[Leo1906]

5 hours ago, iamtheky said:

Please elaborate on the behavior with mine, as returning the last local logon from the event log is pretty straightforward.

There is no output for me. I'm pretty sure this is because my OS language is not english .. And the keywords you're looking for are translatet to my OS language. I tried to fix them but had no luck. Unfortunately this is a big problem, because I can't implement every language possible into the script ..

€: and there is another problem. In windows 10 the username differs from account name. Account name can be an email adress. If so, the username is something different ..

 

I found another way to get the current user.
You can try to execute the query.exe located in Windows dir with the param user. It gives the current active users. On a non-Server edition there can only be one currently active user, so this should work for me I guess ..

But till now I didn't managed to get the stream read out .. :/

Edited July 25, 2016 by Leo1906

[Terenz]

Try this, work for me

#RequireAdmin

MsgBox(0, 0, @UserName)
MsgBox(0, 0, _GetUsername())

Func _GetUsername()
    Local $aResult = DllCall("Wtsapi32.dll", "int", "WTSQuerySessionInformationW", "int", 0, "dword", -1, "int", 5, "dword*", 0, "dword*", 0)
    If @error Or $aResult[0] = 0 Then Return SetError(1, 0, 0)
    Local $sUsername = BinaryToString(DllStructGetData(DllStructCreate("byte[" & $aResult[5] & "]", $aResult[4]), 1), 2)
    DllCall("Wtsapi32.dll", "int", "WTSFreeMemory", "ptr", $aResult[4])
    Return $sUsername
EndFunc   ;==>_GetUsername

If someone is expert of DllCall check please if all parameter are correct

[Leo1906]

1 minute ago, Terenz said:

Try this, work for me

#RequireAdmin

MsgBox(0, 0, @UserName)
MsgBox(0, 0, _GetUsername())

Func _GetUsername()
    Local $aResult = DllCall("Wtsapi32.dll", "int", "WTSQuerySessionInformationW", "int", 0, "dword", -1, "int", 5, "dword*", 0, "dword*", 0)
    If @error Or $aResult[0] = 0 Then Return SetError(1, 0, 0)
    Local $sUsername = BinaryToString(DllStructGetData(DllStructCreate("byte[" & $aResult[5] & "]", $aResult[4]), 1), 2)
    DllCall("Wtsapi32.dll", "int", "WTSFreeMemory", "ptr", $aResult[4])
    Return $sUsername
EndFunc   ;==>_GetUsername

If someone is expert of DllCall check please if all parameter are correct

This works perfectly

And it's much faster then the poweshell attemps