LsaAddAccountRights function
The LsaAddAccountRights function assigns one or more privileges to an account. If the account does not exist, LsaAddAccountRights creates it.
Syntax
NTSTATUS LsaAddAccountRights( _In_ LSA_HANDLE PolicyHandle, _In_ PSID AccountSid, _In_ PLSA_UNICODE_STRING UserRights, _In_ ULONG CountOfRights );
Parameters
- PolicyHandle [in]
-
A handle to a Policy object. The handle must have the POLICY_LOOKUP_NAMES access right. If the account identified by the AccountSid parameter does not exist, the handle must have the POLICY_CREATE_ACCOUNT access right. For more information, see Opening a Policy Object Handle.
- AccountSid [in]
-
Pointer to the SID of the account to which the function assigns privileges.
- UserRights [in]
-
Pointer to an array of LSA_UNICODE_STRING structures. Each structure contains the name of a privilege to add to the account. For a list of privilege names, see Privilege Constants.
- CountOfRights [in]
-
Specifies the number of elements in the UserRights array.
Return value
If the function succeeds, the return value is STATUS_SUCCESS.
If the function fails, the return value is an NTSTATUS code, which can be the following value or one of the LSA Policy Function Return Values.
| Return code | Description |
|---|---|
|
One of the privilege names is not valid. |
You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.
Remarks
If you specify privileges already granted to the account, they are ignored.
For an example that demonstrates calling this function, see Managing Account Permissions.
Requirements
|
Minimum supported client |
Windows XP [desktop apps only] |
|---|---|
|
Minimum supported server |
Windows Server 2003 [desktop apps only] |
|
Header |
|
|
Library |
|
|
DLL |
|
See also