Home Library Learn Downloads Support Community
Sign in | United States - English | |
This topic has not yet been rated - Rate this topic

LsaRemoveAccountRights function

Applies to: desktop apps only

The LsaRemoveAccountRights function removes one or more privileges from an account. You can specify the privileges to be removed, or you can set a flag to remove all privileges. When you remove all privileges, the function deletes the account. If you specify privileges not held by the account, the function ignores them.

Syntax

Copy 
NTSTATUS LsaRemoveAccountRights(
  __in  LSA_HANDLE PolicyHandle,
  __in  PSID AccountSid,
  __in  BOOLEAN AllRights,
  __in  PLSA_UNICODE_STRING UserRights,
  __in  ULONG CountOfRights
);

Parameters

PolicyHandle [in]

A handle to a Policy object. The handle must have the POLICY_LOOKUP_NAMES access right. For more information, see Opening a Policy Object Handle.

AccountSid [in]

Pointer to the security identifier (SID) of the account from which the privileges are removed.

AllRights [in]

If TRUE, the function removes all privileges and deletes the account. In this case, the function ignores the UserRights parameter. If FALSE, the function removes the privileges specified by the UserRights parameter.

UserRights [in]

Pointer to an array of LSA_UNICODE_STRING structures. Each structure contains the name of a privilege to be removed from the account. For a list of privilege names, see Privilege Constants.

CountOfRights [in]

Specifies the number of elements in the UserRights array.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

ValueDescription
STATUS_NO_SUCH_PRIVILEGE

One of the privilege names is not valid.

STATUS_INVALID_PARAMETER

Indicates the UserRights parameter was NULL and the AllRights parameter was FALSE.

 

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Requirements

Minimum supported client

Windows 2000 Professional

Minimum supported server

Windows 2000 Server

Header
Ntsecapi.h

Library
Advapi32.lib

DLL
Advapi32.dll

See also

LsaAddAccountRights
LsaEnumerateAccountRights
LSA_UNICODE_STRING

 

 

Send comments about this topic to Microsoft

Build date: 3/6/2012

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ