/// <summary>
/// Give you an array with all privileges that the account have
/// </summary>
/// <param name="account">Account name like "Olaf"</param>
/// <returns></returns>
public Advapi32.LsaUnicodeString[] EnumeratePrivileges(string account)
{
IntPtr rightsPtr = IntPtr.Zero;
try
{
uint countOfRights;
using (var win32Sid = new Win32Sid(account))
{
//Enumerate account rights
NtStatus ret = Advapi32.LsaEnumerateAccountRights(this, win32Sid.Pointer, out rightsPtr, out countOfRights);
if (ret != NtStatus.Success)
{
throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret));
}
}
var privileges = new Advapi32.LsaUnicodeString[countOfRights];
IntPtr tempPtr = rightsPtr;
for (var i = 0; i < countOfRights; i++)
{
privileges[i] = (Advapi32.LsaUnicodeString)Marshal.PtrToStructure(tempPtr, typeof(Advapi32.LsaUnicodeString));
tempPtr = tempPtr + Marshal.SizeOf <Advapi32.LsaUnicodeString>();
}
return(privileges);
}
finally
{
if (rightsPtr != IntPtr.Zero)
{
Advapi32.LsaFreeMemory(rightsPtr);
}
}
}
/// <summary>
/// Adds privileges to the given account.
/// </summary>
/// <param name="account">The account.</param>
/// <param name="privileges">The privileges.</param>
public void AddPrivileges(string account, string[] privileges)
{
var lsaPrivileges = new Advapi32.LsaUnicodeString[privileges.Length];
for (var i = 0; i < privileges.Length; i++)
{
lsaPrivileges[i] = privileges[i].ToLsaString();
}
AddAccountRights(account, lsaPrivileges);
}
/// <summary>
/// Removes the privileges from the given account.
/// </summary>
/// <param name="account">The account.</param>
/// <param name="privileges">The privileges.</param>
/// <param name="removeAllRights">if set to <c>true</c> [remove all rights].</param>
public void RemovePrivileges(string account, string[] privileges, bool removeAllRights = false)
{
var lsaPrivileges = new Advapi32.LsaUnicodeString[privileges.Length];
for (var i = 0; i < privileges.Length; i++)
{
lsaPrivileges[i] = privileges[i].ToLsaString();
}
RemoveAccountRights(account, lsaPrivileges, removeAllRights);
}
/// <summary>
/// Add privileges to the given account
/// </summary>
/// <param name="account">Account name like "Olaf" xD</param>
/// <param name="privilege"></param>
public void AddPrivileges(string account, string privilege)
{
var lsaPrivileges = new Advapi32.LsaUnicodeString[1];
lsaPrivileges[0] = new Advapi32.LsaUnicodeString
{
Buffer = privilege,
Length = (ushort)(privilege.Length * UnicodeEncoding.CharSize),
MaximumLength = (ushort)((privilege.Length + 1) * UnicodeEncoding.CharSize)
};
using (var win32Sid = new Win32Sid(account))
{
//Add account rights
NtStatus ret = Advapi32.LsaAddAccountRights(this, win32Sid.Pointer, lsaPrivileges, 1);
if (ret != NtStatus.Success)
{
throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret));
}
}
}
/// <summary>
/// Opens a new policy handle.
/// </summary>
/// <returns></returns>
/// <exception cref="Win32Exception"></exception>
public static LsaPolicyHandle OpenPolicyHandle()
{
var systemName = new Advapi32.LsaUnicodeString();
var lsaObjectAttributes = new LsaObjectAttributes
{
RootDirectory = IntPtr.Zero,
Attributes = 0,
SecurityDescriptor = IntPtr.Zero,
SecurityQualityOfService = IntPtr.Zero,
Length = Marshal.SizeOf <LsaObjectAttributes>()
};
//Create a new LSA policy handle
NtStatus ret = Advapi32.LsaOpenPolicy(ref systemName, ref lsaObjectAttributes, Kernel32.AccessMask.PolicySpecificRights.PolicyAllAccess, out LsaPolicyHandle policyHandle); //systemName = null (Local System)
if (ret != NtStatus.Success)
{
throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret));
}
return(policyHandle);
}
