@msdn=http://search.microsoft.com/search/results.aspx?qu=$$$ @pinvoke=http://pinvoke.net/$$$.htm Summary: Enumerates the privileges assigned to a Windows account !!!!C# Signature: [DllImport("advapi32.dll", SetLastError=true)] public static extern uint LsaEnumerateAccountRights( IntPtr PolicyHandle, [MarshalAs(UnmanagedType.LPArray)] byte[] AccountSid, out IntPtr UserRights, out uint CountOfRights ); !!!!VB Signature: Declare Function LsaEnumerateAccountRights Lib "advapi32.dll" (TODO) As TODO !!!!User-Defined Types: None. !!!!Notes: // NTSTATUS LsaEnumerateAccountRights( // [in] LSA_HANDLE PolicyHandle, // [in] PSID AccountSid, // [out] PLSA_UNICODE_STRING* UserRights, // [out] PULONG CountOfRights //); NTSTATUS can be converted to a Windows error using LsaNtStatusToWinError The reason behind using byte[] for a sid is a mystery to me. Has anyone documented this? I've just copied the techniques from other functions here and it seems to work. Similarly - the sample code below works, but why can't you just use an array of LSA_UNICODE_STRING ??? (Answer: Nobody knows why, but the runtime seems to screw it up) !!!!Tips & Tricks: Please add some! !!!!Sample Code (C#): // You should already have the HPolicy and SID ready IntPtr rightsPtr; uint countOfRights; LsaEnumerateAccountRights(HPolicy, SID, out rightsPtr, out countOfRights); try { IntPtr ptr = rightsPtr; for (Int32 i = 0; i < countOfRights; i++) { LSA_UNICODE_STRING_withPointer structure = new LSA_UNICODE_STRING_withPointer(); Marshal.PtrToStructure(ptr, structure); char[] destination = new char[structure.length / sizeof(char)]; Marshal.Copy(structure.pwstr, destination, 0, destination.Length); string userRightStr = new string(destination, 0, destination.Length); Console.WriteLine("Another Privilege found: " + userRightStr); ptr = (IntPtr)(((long)ptr) + Marshal.SizeOf(typeof(LSA_UNICODE_STRING))); } } finally { LsaFreeMemory(rightsPtr); } !!!!Alternative Managed API: Do you know one? Please contribute it! Documentation: LsaEnumerateAccountRights@msdn on MSDN http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/lsaenumerateaccountrights.asp
Edit advapi32.lsaenume...
You do not have permission to change this page. If you feel this is in error, please send feedback with the contact link on the main page.