Home Library Learn Downloads Support Community
Sign in | United States - English | |
0 out of 1 rated this helpful - Rate this topic

LsaEnumerateAccountsWithUserRight function

Applies to: desktop apps only

The LsaEnumerateAccountsWithUserRight function returns the accounts in the database of a Local Security Authority (LSA) Policy object that hold a specified privilege. The accounts returned by this function hold the specified privilege directly through the user account, not as part of membership to a group.

Syntax

Copy 
NTSTATUS LsaEnumerateAccountsWithUserRight(
  __in   LSA_HANDLE PolicyHandle,
  __in   PLSA_UNICODE_STRING UserRights,
  __out  PVOID *EnumerationBuffer,
  __out  PULONG CountReturned
);

Parameters

PolicyHandle [in]

A handle to a Policy object. The handle must have POLICY_LOOKUP_NAMES and POLICY_VIEW_LOCAL_INFORMATION user rights. For more information, see Opening a Policy Object Handle.

UserRights [in]

Pointer to an LSA_UNICODE_STRING structure that specifies the name of a privilege. For a list of privileges, see Privilege Constants and Account Rights Constants.

If this parameter is NULL, the function enumerates all accounts in the LSA database of the system associated with the Policy object.

EnumerationBuffer [out]

Pointer to a variable that receives a pointer to an array of LSA_ENUMERATION_INFORMATION structures. The Sid member of each structure is a pointer to the security identifier (SID) of an account that holds the specified privilege.

When you no longer need the information, free the memory by passing the returned pointer to the LsaFreeMemory function.

CountReturned [out]

Pointer to a variable that receives the number of entries returned in the EnumerationBuffer parameter.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

ValueDescription
STATUS_NO_SUCH_PRIVILEGE

The privilege string specified was not a valid privilege.

STATUS_NO_MORE_ENTRIES

There were no accounts with the specified privilege.

 

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Requirements

Minimum supported client

Windows 2000 Professional

Minimum supported server

Windows 2000 Server

Header
Ntsecapi.h

Library
Advapi32.lib

DLL
Advapi32.dll

See also

LSA_ENUMERATION_INFORMATION
LSA_UNICODE_STRING
LsaFreeMemory
LsaOpenPolicy

 

 

Send comments about this topic to Microsoft

Build date: 3/6/2012

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ