@msdn=http://search.microsoft.com/search/results.aspx?qu=$$$ @pinvoke=http://pinvoke.net/$$$.htm Summary: The LsaRemoveAccountRights function removes one or more privileges from an account. !!!!C# Signature: [DllImport("advapi32.dll", SetLastError = true, PreserveSig = true)] static extern uint LsaRemoveAccountRights( IntPtr PolicyHandle, byte[] AccountSid, [MarshalAs(UnmanagedType.U1)] bool AllRights, LSA_UNICODE_STRING[] UserRights, uint CountOfRights); !!!!VB Signature: Private Declare Unicode Function LsaRemoveAccountRights Lib "advapi32.dll" ( _ ByVal PolicyHandle As IntPtr, _ ByVal AccountSid As IntPtr, _ ByVal AllRights As Boolean, _ ByRef UserRights As LSA_UNICODE_STRING, _ ByVal CountOfRights As Integer _ ) As Integer !!!!User-Defined Types: None. !!!!Alternative Managed API: Do you know one? Please contribute it! !!!!Notes: 'NTSTATUS LsaRemoveAccountRights( ' LSA_HANDLE PolicyHandle, ' PSID AccountSid, ' BOOLEAN AllRights, ' PLSA_UNICODE_STRING[] UserRights, ' ULONG CountOfRights '); !!!!Tips & Tricks: The UserRights parameter is really an array of LSA_UNICODE_STRINGS !!!!VB.Net Sample Code: Private WinWorldSid As Integer = 1 Private POLICY_ALL_ACCESS As Integer = &HF0FFF Private SECURITY_MAX_SID_SIZE As Integer = 68 Private SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME As String = "SeDenyRemoteInteractiveLogonRight" Private NT_STATUS_OBJECT_NAME_NOT_FOUND As Integer = &HC0000034 Private STATUS_NO_MORE_ENTRIES As Integer = &H8000001A ' Remove the Deny permission Public Sub AllowTS(ByVal PC As String) Dim ret, Access, sidsize As Integer Dim SystemName, DenyTSRights As LSA_UNICODE_STRING Dim ObjectAttr As LSA_OBJECT_ATTRIBUTES Dim Policy, EveryoneSID As IntPtr ' build a well-known SID for "Everyone" sidsize = SECURITY_MAX_SID_SIZE EveryoneSID = Marshal.AllocHGlobal(sidsize) If CreateWellKnownSid(WinWorldSid, IntPtr.Zero, EveryoneSID, sidsize) = False Then ret = Marshal.GetLastWin32Error() Throw New Win32Exception(ret) End If ' setup the parameters for the LsaOpenPolicy API ObjectAttr.Length = Marshal.SizeOf(ObjectAttr) SystemName.Length = PC.Length * UnicodeEncoding.CharSize SystemName.MaximumLength = (PC.Length + 1) * UnicodeEncoding.CharSize SystemName.Buffer = Marshal.StringToHGlobalUni(PC) Access = POLICY_ALL_ACCESS ' open a policy handle on the remote PC ret = LsaOpenPolicy(SystemName, ObjectAttr, Access, Policy) If ret <> 0 Then Throw New Win32Exception(LsaNtStatusToWinError(ret)) End If ' clean up Marshal.FreeHGlobal(SystemName.Buffer) ' Setup the input parameters for the LsaRemoveAccountRights API DenyTSRights.Length = SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME.Length * UnicodeEncoding.CharSize DenyTSRights.MaximumLength = (SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME.Length + 1) * UnicodeEncoding.CharSize DenyTSRights.Buffer = Marshal.StringToHGlobalUni(SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME) ' do it! ret = LsaRemoveAccountRights(Policy, EveryoneSID, False, DenyTSRights, 1) If ret <> 0 And ret <> NT_STATUS_OBJECT_NAME_NOT_FOUND Then Marshal.FreeHGlobal(DenyTSRights.Buffer) LsaClose(Policy) Throw New Win32Exception(LsaNtStatusToWinError(ret)) End If ' clean up Marshal.FreeHGlobal(DenyTSRights.Buffer) LsaClose(Policy) End Sub Documentation: LsaRemoveAccountRights@msdn on MSDN
Edit advapi32.LsaRemov...
You do not have permission to change this page. If you feel this is in error, please send feedback with the contact link on the main page.