LsaEnumerateAccountsWithUserRight function

The LsaEnumerateAccountsWithUserRight function returns the accounts in the database of a Local Security Authority (LSA) Policy object that hold a specified privilege. The accounts returned by this function hold the specified privilege directly through the user account, not as part of membership to a group.

Syntax


NTSTATUS LsaEnumerateAccountsWithUserRight(
  _In_   LSA_HANDLE PolicyHandle,
  _In_   PLSA_UNICODE_STRING UserRights,
  _Out_  PVOID *EnumerationBuffer,
  _Out_  PULONG CountReturned
);

Parameters

PolicyHandle [in]

A handle to a Policy object. The handle must have POLICY_LOOKUP_NAMES and POLICY_VIEW_LOCAL_INFORMATION user rights. For more information, see Opening a Policy Object Handle.

UserRights [in]

Pointer to an LSA_UNICODE_STRING structure that specifies the name of a privilege. For a list of privileges, see Privilege Constants and Account Rights Constants.

If this parameter is NULL, the function enumerates all accounts in the LSA database of the system associated with the Policy object.

EnumerationBuffer [out]

Pointer to a variable that receives a pointer to an array of LSA_ENUMERATION_INFORMATION structures. The Sid member of each structure is a pointer to the security identifier (SID) of an account that holds the specified privilege.

When you no longer need the information, free the memory by passing the returned pointer to the LsaFreeMemory function.

CountReturned [out]

Pointer to a variable that receives the number of entries returned in the EnumerationBuffer parameter.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

ValueDescription
STATUS_NO_SUCH_PRIVILEGE

The privilege string specified was not a valid privilege.

STATUS_NO_MORE_ENTRIES

There were no accounts with the specified privilege.

 

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Ntsecapi.h

Library

Advapi32.lib

DLL

Advapi32.dll

See also

LSA_ENUMERATION_INFORMATION
LSA_UNICODE_STRING
LsaFreeMemory
LsaOpenPolicy

 

 

Community Additions

ADD
Show:
© 2014 Microsoft