3.1.4.5.8 LsarSetSystemAccessAccount (Opnum 24)
The LsarSetSystemAccessAccount method is invoked to set system access account flags for an account object.
-
NTSTATUS LsarSetSystemAccessAccount( [in] LSAPR_HANDLE AccountHandle, [in] unsigned long SystemAccess );
AccountHandle: An open account object handle obtained from either LsarCreateAccount (section 3.1.4.5.1) or LsarOpenAccount (section 3.1.4.5.3).
SystemAccess: A bitmask containing the account flags to be set on the account.
Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.
-
Return value/code
Description
0x00000000
STATUS_SUCCESS
The request was successfully completed.
0xC0000022
STATUS_ACCESS_DENIED
The caller does not have the permissions to perform this operation.
0xC000000D
STATUS_INVALID_PARAMETER
One of the supplied parameters was invalid.
0xC0000008
STATUS_INVALID_HANDLE
AccountHandle is not a valid handle.
Processing:
This message takes two arguments:
AccountHandle: An open handle to an account object. If the handle is not a valid context handle to an account object or AccountHandle.HandleType does not equal "Account", the server MUST return STATUS_INVALID_HANDLE. The server MUST verify that AccountHandle grants access as specified in section 3.1.4.2.2 with RequiredAccess set to ACCOUNT_ADJUST_SYSTEM_ACCESS.
SystemAccess: Specifies the set of access bits to be added to account's system access. The server MUST verify that the bits do not fall outside the set of system access rights defined on the system, and fail the request with STATUS_INVALID_PARAMETER otherwise. The new system access bits replace the old ones.