LsaEnumerateAccountRights (advapi32)
Enumerates the privileges assigned to a Windows account

C# Signature:

[DllImport("advapi32.dll", SetLastError=true)]
static extern IntPtr LsaEnumerateAccountRights(
    IntPtr PolicyHandle,
    IntPtr AccountSid, // TODO
    out LSA_UNICODE_STRING[] UserRights,
    out ulong CountOfRights


// NTSTATUS LsaEnumerateAccountRights(

// in LSA_HANDLE PolicyHandle,

// in PSID AccountSid,

// out PLSA_UNICODE_STRING* UserRights,

// out PULONG CountOfRights


VB Signature:

Declare Function LsaEnumerateAccountRights Lib "advapi32.dll" (TODO) As TODO

User-Defined Types:



Just making a start. I'll be back soon when I've researched how to deal with NTSTATUS codes. Got to go dig in some header files.

Right - got it - NTSTATUS is a long, so I guess an IntPtr - I guess the place to document this is LsaNtStatusToWinError

...or - do you only use an IntPtr for an opaque handle? Probably, I should think, so the return value should be an int I suppose

Meanwhile - LSA_HANDLE is a PVOID - that makes sense for an opaque handle, so I guess I'll use an IntPtr again. Not completely confident about this though.

UserRights should be a pointer to an array of LSA_UNICODE_STRING structs. Still have to figure out exactly how this goes.

Now I see everyone else is using byte[] for SIDs. Must be a reason. Another todo.

Still a work in progress!!

