Skip to main content
LsaGetAppliedCAPIDs function

The LsaGetAppliedCAPIDs function returns an array of central access policies (CAPs) identifiers (CAPIDs) of all the CAPs applied on a specific computer.


  _In_opt_  PLSA_UNICODE_STRING SystemName,
  _Out_     PSID **CAPIDs,
  _Out_     PULONG CAPIDCount


SystemName [in, optional]

A pointer to an LSA_UNICODE_STRING structure that contains the name of the specific computer. The name can have the form of "ComputerName" or "\\ComputerName". If this parameter is NULL, then the function returns the CAPIDs of the local computer.

CAPIDs [out]

A pointer to a variable that receives an array of pointers to CAPIDs that identify the CAPs available on the specified computer. When you have finished using the CAPIDs, call the LsaFreeMemory function on each element in the array and the entire array.

CAPIDCount [out]

A pointer to a variable that receives the number of CAPs that are available on the specified computer. The array returned in the CAPIDs parameter contains the same number of elements as the CAPIDCount parameter.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is one of the LSA Policy Function Return Values. You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.


For specific details about the central access policies, you can query the attributes of the central access policy object in the Active Directory on the specified computer's domain controller. Look for the object whose msAuthz-CentralAccessPolicyID attribute matches one of the returned CAPIDs.


Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]







See also

Centralized Authorization Policy