LsaAddAccountRights function

The LsaAddAccountRights function assigns one or more privileges to an account. If the account does not exist, LsaAddAccountRights creates it.

Syntax


NTSTATUS LsaAddAccountRights(
  _In_  LSA_HANDLE PolicyHandle,
  _In_  PSID AccountSid,
  _In_  PLSA_UNICODE_STRING UserRights,
  _In_  ULONG CountOfRights
);

Parameters

PolicyHandle [in]

A handle to a Policy object. The handle must have the POLICY_LOOKUP_NAMES access right. If the account identified by the AccountSid parameter does not exist, the handle must have the POLICY_CREATE_ACCOUNT access right. For more information, see Opening a Policy Object Handle.

AccountSid [in]

Pointer to the SID of the account to which the function assigns privileges.

UserRights [in]

Pointer to an array of LSA_UNICODE_STRING structures. Each structure contains the name of a privilege to add to the account. For a list of privilege names, see Privilege Constants.

CountOfRights [in]

Specifies the number of elements in the UserRights array.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is an NTSTATUS code, which can be the following value or one of the LSA Policy Function Return Values.

Return codeDescription
STATUS_NO_SUCH_PRIVILEGE

One of the privilege names is not valid.

 

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Remarks

If you specify privileges already granted to the account, they are ignored.

For an example that demonstrates calling this function, see Managing Account Permissions.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Ntsecapi.h

Library

Advapi32.lib

DLL

Advapi32.dll

See also

LsaEnumerateAccountRights
LsaRemoveAccountRights
LSA_UNICODE_STRING

 

 

Community Additions

ADD
Show:
© 2014 Microsoft