3.1.4.4.5 LsarSetInformationPolicy2 (Opnum 47)
The LsarSetInformationPolicy2 method is invoked to set a policy on the server.
-
NTSTATUS LsarSetInformationPolicy2( [in] LSAPR_HANDLE PolicyHandle, [in] POLICY_INFORMATION_CLASS InformationClass, [in, switch_is(InformationClass)] PLSAPR_POLICY_INFORMATION PolicyInformation );
PolicyHandle: An RPC context handle obtained from either LsarOpenPolicy or LsarOpenPolicy2.
InformationClass: A parameter that specifies what type of information the caller is setting.
PolicyInformation: Data that represents policy being set.
Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.
-
Return value/code
Description
0x00000000
STATUS_SUCCESS
The request was successfully completed.
0xC0000022
STATUS_ACCESS_DENIED
The caller does not have the permissions to perform this operation.
0xC000000D
STATUS_INVALID_PARAMETER
One of the parameters is incorrect. For instance, this can happen if InformationClass is not supported or some of the supplied policy data is invalid.
0xC0000002
STATUS_NOT_IMPLEMENTED
This information class cannot be set.
0xC0000008
STATUS_INVALID_HANDLE
PolicyHandle is not a valid handle.
Processing:
PolicyHandle MUST reference a context that was granted an access commensurate with the InformationClass value requested. If PolicyHandle is not a valid context handle or PolicyHandle.HandleType does not equal "Policy", the server MUST return STATUS_INVALID_HANDLE. If the context does not have sufficient access, the server MUST return STATUS_ACCESS_DENIED.
The server MUST verify that PolicyHandle grants access as specified in section 3.1.4.2.2. The following table specifies the RequiredAccess value to use in this access check for each InformationClass value or indicates if no processing is supported, regardless of access granted.
|
InformationClass value |
RequiredAccess value |
|---|---|
|
PolicyAuditLogInformation |
POLICY_AUDIT_LOG_ADMIN |
|
PolicyAuditEventsInformation |
POLICY_SET_AUDIT_REQUIREMENTS |
|
PolicyPrimaryDomainInformation |
POLICY_TRUST_ADMIN |
|
PolicyPdAccountInformation |
Not applicable: This information class cannot be set; the request MUST fail with STATUS_INVALID_PARAMETER. |
|
PolicyAccountDomainInformation |
Not applicable: This information class cannot be set; the request MUST fail with STATUS_INVALID_PARAMETER. |
|
PolicyLsaServerRoleInformation |
POLICY_SERVER_ADMIN |
|
PolicyReplicaSourceInformation |
POLICY_SERVER_ADMIN |
|
PolicyModificationInformation |
Not applicable: This information class cannot be set; the request MUST fail with STATUS_INVALID_PARAMETER. |
|
PolicyAuditFullSetInformation |
Not applicable: This information class cannot be set; the request MUST fail with STATUS_INVALID_PARAMETER. |
|
PolicyAuditFullQueryInformation |
Not applicable: This information class cannot be set; the request MUST fail with STATUS_INVALID_PARAMETER. |
|
PolicyDnsDomainInformation |
POLICY_TRUST_ADMIN |
|
PolicyDnsDomainInformationInt |
POLICY_TRUST_ADMIN |
|
PolicyLocalAccountDomainInformation |
POLICY_TRUST_ADMIN |
|
PolicyMachineAccountInformation |
POLICY_TRUST_ADMIN |
The InformationClass parameter can take on any value in the POLICY_INFORMATION_CLASS enumeration range. For all values outside this range, the server MUST return the STATUS_INVALID_PARAMETER error code.
The PolicyInformation parameter contains the data that the caller wishes to set, based on the value of the InformationClass parameter. The server MUST update its abstract data model, specified in section 3.1.1.1, as follows.
|
Value of InformationClass parameter |
Information updated in abstract data model |
|---|---|
|
PolicyAuditLogInformation |
Server MUST return the STATUS_NOT_IMPLEMENTED error code because this is not a policy element that can be set. |
|
PolicyAuditEventsInformation |
Event Auditing Options. |
|
PolicyPrimaryDomainInformation |
Primary Domain Information. |
|
PolicyPdAccountInformation |
Server MUST return STATUS_INVALID_PARAMETER because this is not a policy element that can be set. |
|
PolicyAccountDomainInformation |
On a domain controller, the server MUST fail this request with the STATUS_INVALID_PARAMETER. On non-domain controllers: Account Domain Information. |
|
PolicyLsaServerRoleInformation |
Server Role Information. |
|
PolicyReplicaSourceInformation |
Replica Source Information. |
|
PolicyModificationInformation |
Server MUST return STATUS_INVALID_PARAMETER because this is not a policy element that can be set. |
|
PolicyAuditFullSetInformation |
ShutDownOnFull field of Audit Full Information.<65> |
|
PolicyAuditFullQueryInformation |
Server MUST record STATUS_INVALID_PARAMETER because this is not a policy element that can be set. |
|
PolicyDnsDomainInformation |
DNS Domain Information.<66> |
|
PolicyDnsDomainInformationInt |
DNS Domain Information. |
|
PolicyLocalAccountDomainInformation |
Account Domain Information. |
|
PolicyMachineAccountInformation |
Machine Account Information. |