Type a page name and press Enter. You'll jump to the page if it exists, or you can create it if it doesn't.
To create a page in a module other than advapi32, prefix the name with the module name and a period.
lsaenumerateaccountswithuserright (advapi32)
.
C# Signature:
[DllImport("advapi32.dll", SetLastError=true)]
static extern TODO LsaEnumerateAccountsWithUserRight(TODO);
VB Signature:
Declare Function LsaEnumerateAccountsWithUserRight Lib "advapi32.dll" ( _
ByVal PolicyHandle As IntPtr, _
ByRef userRights As LSA_UNICODE_STRING, _
ByRef EnumerationBuffer As IntPtr, _
ByRef CountReturned As Long _
) As Integer
' Check to see if the Deny permission already exists
Public Function CheckTS(ByVal PC As String) As Boolean
Dim ret, Access, sidsize, count, i As Integer
Dim SystemName, DenyTSRights As LSA_UNICODE_STRING
Dim ObjectAttr As LSA_OBJECT_ATTRIBUTES
Dim Policy, EveryoneSID, EnumBuf, ptr As IntPtr
Dim LsaInfo As LSA_ENUMERATION_INFORMATION
Dim ans As Boolean
' build a well-known SID for "Everyone"
sidsize = SECURITY_MAX_SID_SIZE
EveryoneSID = Marshal.AllocHGlobal(sidsize)
If CreateWellKnownSid(WinWorldSid, IntPtr.Zero, EveryoneSID, sidsize) = False Then
ret = Marshal.GetLastWin32Error()
Throw New Win32Exception(ret)
End If
' setup the parameters for the LsaOpenPolicy API
ObjectAttr.Length = Marshal.SizeOf(ObjectAttr)
SystemName.Length = PC.Length * UnicodeEncoding.CharSize
SystemName.MaximumLength = (PC.Length + 1) * UnicodeEncoding.CharSize
SystemName.Buffer = Marshal.StringToHGlobalUni(PC)
Access = POLICY_ALL_ACCESS
' open a policy handle on the remote PC
ret = LsaOpenPolicy(SystemName, ObjectAttr, Access, Policy)
If ret <> 0 Then
Throw New Win32Exception(LsaNtStatusToWinError(ret))
End If
' clean up
Marshal.FreeHGlobal(SystemName.Buffer)
' Setup the input parameters for the LsaEnumerateAccountsWithUserRight API
DenyTSRights.Length = SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME.Length * UnicodeEncoding.CharSize
DenyTSRights.MaximumLength = (SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME.Length + 1) * UnicodeEncoding.CharSize
DenyTSRights.Buffer = Marshal.StringToHGlobalUni(SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME)
' do it!
ret = LsaEnumerateAccountsWithUserRight(Policy, DenyTSRights, EnumBuf, count)
If ret <> 0 Then
Marshal.FreeHGlobal(DenyTSRights.Buffer)
LsaClose(Policy)
' if there are no matching entries
If ret = STATUS_NO_MORE_ENTRIES Then
Return False
End If
Throw New Win32Exception(LsaNtStatusToWinError(ret))
End If
' check to see if the Everyone SID is currently in the list
ans = False
For i = 0 To count - 1
ptr = New IntPtr(EnumBuf.ToInt32 + (i * Marshal.SizeOf(LsaInfo)))
LsaInfo = CType(Marshal.PtrToStructure(ptr, GetType(LSA_ENUMERATION_INFORMATION)), LSA_ENUMERATION_INFORMATION)
If EqualSid(LsaInfo.Sid, EveryoneSID) Then
ans = True
Exit For
End If
Next
' clean up
LsaFreeMemory(EnumBuf)
Marshal.FreeHGlobal(DenyTSRights.Buffer)
LsaClose(Policy)
Return ans
End Function
The LsaEnumerateAccountsWithUserRight function returns the accounts in the database of a Local Security Authority (LSA) Policy object that hold a specified privilege.
8/14/2014 3:31:17 PM - marc from switzerland-138.190.32.7
Please edit this page!
Do you have...
helpful tips or sample code to share for using this API in managed code?
corrections to the existing content?
variations of the signature you want to share?
additional languages you want to include?
Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).