LsaGetAppliedCAPIDs function (ntlsa.h)

Article
10/13/2021

The LsaGetAppliedCAPIDs function returns an array of central access policies (CAPs) identifiers (CAPIDs) of all the CAPs applied on a specific computer.

Syntax

NTSTATUS LsaGetAppliedCAPIDs(
  [in, optional] PLSA_UNICODE_STRING SystemName,
  [out]          PSID                **CAPIDs,
  [out]          PULONG              CAPIDCount
);

Parameters

[in, optional] SystemName

A pointer to an LSA_UNICODE_STRING structure that contains the name of the specific computer. The name can have the form of "ComputerName" or "\ComputerName". If this parameter is NULL, then the function returns the CAPIDs of the local computer.

[out] CAPIDs

A pointer to a variable that receives an array of pointers to CAPIDs that identify the CAPs available on the specified computer. When you have finished using the CAPIDs, call the LsaFreeMemory function on each element in the array and the entire array.

[out] CAPIDCount

A pointer to a variable that receives the number of CAPs that are available on the specified computer. The array returned in the CAPIDs parameter contains the same number of elements as the CAPIDCount parameter.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is one of the LSA Policy Function Return Values. You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Remarks

For specific details about the central access policies, you can query the attributes of the central access policy object in the Active Directory on the specified computer's domain controller. Look for the object whose msAuthz-CentralAccessPolicyID attribute matches one of the returned CAPIDs.

Requirements

Requirement	Value
Minimum supported client	Windows 8 [desktop apps only]
Minimum supported server	Windows Server 2012 [desktop apps only]
Target Platform	Windows
Header	ntlsa.h
Library	Advapi32.lib
DLL	Advapi32.dll