/// <summary>
 /// Impersonate a windows logon user only for the duration of the specified action.
 /// </summary>
 /// <param name="userName">windows account with optional domain</param>
 /// <param name="password"></param>
 /// <param name="runAs"></param>
 public static void Run(string userName, string password, Action runAs)
 {
     using (var iu = new ImpersonateUser(userName, password))
     {
         runAs();
     }
 }
        /// <summary>
        /// Verify Windows username logon exists, password works,
        /// AND belongs to the local Administrators group.
        /// </summary>
        /// <param name="username">Username may be in either UPN or SAM formats.</param>
        /// <param name="password"></param>
        /// <returns>True if successful</returns>
        public static bool ValidateAdminCredentials(string username, string password)
        {
            bool ok = false;

            try
            {
                using (var iu = new ImpersonateUser(username, password))
                {
                    ok = UserAccount.IsAdministrator();
                }
            }
            catch (Win32Exception ex) //ImpersonateUser uses LogonUser() Win32 API.
            {
                LOG.Error(ex, "");
                //Not fatal. Login failed -> Validation failed, thus returns false.
            }
            catch (Exception ex)
            {
                LOG.Error(ex, "");
                throw ex.PrefixMessage(string.Format("UserAccount.ValidateAdminCredentials(\"{0}\", \"*****\")", username));
            }
            return(ok);
        }