Desktop Functions:

   Smart Device Functions:

Show Recent Changes
Subscribe (RSS)
Misc. Pages
Helpful Tools
Suggested Reading
Website TODO List
Support Forum
Download Visual Studio Add-In

Terms of Use
Privacy Policy
LsaEnumerateAccountRights (advapi32)
Enumerates the privileges assigned to a Windows account

C# Signature:

[DllImport("advapi32.dll", SetLastError=true)]
public static extern uint LsaEnumerateAccountRights(
    IntPtr PolicyHandle,
    [MarshalAs(UnmanagedType.LPArray)] byte[] AccountSid,
    out IntPtr UserRights,
    out uint CountOfRights

VB Signature:

Declare Function LsaEnumerateAccountRights Lib "advapi32.dll" (TODO) As TODO

User-Defined Types:



// NTSTATUS LsaEnumerateAccountRights(

// in LSA_HANDLE PolicyHandle,

// in PSID AccountSid,

// out PLSA_UNICODE_STRING* UserRights,

// out PULONG CountOfRights


NTSTATUS can be converted to a Windows error using LsaNtStatusToWinError

The reason behind using byte[] for a sid is a mystery to me. Has anyone documented this? I've just copied the techniques from other functions here and it seems to work.

Similarly - the sample code below works, but why can't you just use an array of LSA_UNICODE_STRING ???

(Answer: Nobody knows why, but the runtime seems to screw it up)

Tips & Tricks:

Please add some!

Sample Code (C#):

Sample Code:

// You should already have the HPolicy and SID ready
IntPtr rightsPtr;
uint countOfRights;
LsaEnumerateAccountRights(HPolicy, SID, out rightsPtr, out countOfRights);
    IntPtr ptr = rightsPtr;
    for (Int32 i = 0; i < countOfRights; i++)
    LSA_UNICODE_STRING_withPointer structure = new LSA_UNICODE_STRING_withPointer();
    Marshal.PtrToStructure(ptr, structure);

IntPtr rights;

uint cRights = 0;

uint result = LsaEnumerateAccountRights( policyHandle,

                    out rights,
                    out cRights);

privileges = new string[cRights];

for ( int i = 0; i < cRights; i++ )


    // QUESTION: Why can't we just use an array of LSAInter.LSA_UNICODE_STRING ???
    LSA_UNICODE_STRING right = (LSA_UNICODE_STRING)Marshal.PtrToStructure(
        (IntPtr)((int)rights + i * Marshal.SizeOf(typeof(LSA_UNICODE_STRING))),
    privileges[i] = Marshal.PtrToStringAuto(right.Buffer,(int)right.Length);


    char[] destination = new char[structure.length / sizeof(char)];
    Marshal.Copy(structure.pwstr, destination, 0, destination.Length);

    string userRightStr = new string(destination, 0, destination.Length);

    Console.WriteLine("Another Privilege found: " + userRightStr);

    ptr = (IntPtr)(((long)ptr) + Marshal.SizeOf(typeof(LSA_UNICODE_STRING)));

Alternative Managed API:

Do you know one? Please contribute it!


Please edit this page!

Do you have...

  • helpful tips or sample code to share for using this API in managed code?
  • corrections to the existing content?
  • variations of the signature you want to share?
  • additional languages you want to include?

Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).

Access directly from VS:
Terms of Use
Edit This Page
Find References
Show Printable Version