LsaEnumerateAccountRights function

The LsaEnumerateAccountRights function enumerates the privileges assigned to an account.

Syntax


NTSTATUS LsaEnumerateAccountRights(
  _In_   LSA_HANDLE PolicyHandle,
  _In_   PSID AccountSid,
  _Out_  PLSA_UNICODE_STRING *UserRights,
  _Out_  PULONG CountOfRights
);

Parameters

PolicyHandle [in]

A handle to a Policy object. The handle must have the POLICY_LOOKUP_NAMES access right. For more information, see Opening a Policy Object Handle.

AccountSid [in]

Pointer to the SID of the account for which to enumerate privileges.

UserRights [out]

Receives a pointer to an array of LSA_UNICODE_STRING structures. Each structure contains the name of a privilege held by the account. For a list of privilege names, see Privilege Constants

When you no longer need the information, pass the returned pointer to LsaFreeMemory.

CountOfRights [out]

Pointer to a variable that receives the number of privileges in the UserRights array.

Return value

If at least one account right is found, the function succeeds and returns STATUS_SUCCESS.

If no account rights are found or if the function fails for any other reason, the function returns an NTSTATUS code such as FILE_NOT_FOUND. For more information, see LSA Policy Function Return Values. Use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Ntsecapi.h

Library

Advapi32.lib

DLL

Advapi32.dll

See also

LsaAddAccountRights
LsaFreeMemory
LsaRemoveAccountRights
LSA_UNICODE_STRING

 

 

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.