/// <summary> /// Give you an array with all privileges that the account have /// </summary> /// <param name="account">Account name like "Olaf"</param> /// <returns></returns> public Advapi32.LsaUnicodeString[] EnumeratePrivileges(string account) { IntPtr rightsPtr = IntPtr.Zero; try { uint countOfRights; using (var win32Sid = new Win32Sid(account)) { //Enumerate account rights NtStatus ret = Advapi32.LsaEnumerateAccountRights(this, win32Sid.Pointer, out rightsPtr, out countOfRights); if (ret != NtStatus.Success) { throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret)); } } var privileges = new Advapi32.LsaUnicodeString[countOfRights]; IntPtr tempPtr = rightsPtr; for (var i = 0; i < countOfRights; i++) { privileges[i] = (Advapi32.LsaUnicodeString)Marshal.PtrToStructure(tempPtr, typeof(Advapi32.LsaUnicodeString)); tempPtr = tempPtr + Marshal.SizeOf <Advapi32.LsaUnicodeString>(); } return(privileges); } finally { if (rightsPtr != IntPtr.Zero) { Advapi32.LsaFreeMemory(rightsPtr); } } }
/// <summary> /// Adds privileges to the given account. /// </summary> /// <param name="account">The account.</param> /// <param name="privileges">The privileges.</param> public void AddPrivileges(string account, string[] privileges) { var lsaPrivileges = new Advapi32.LsaUnicodeString[privileges.Length]; for (var i = 0; i < privileges.Length; i++) { lsaPrivileges[i] = privileges[i].ToLsaString(); } AddAccountRights(account, lsaPrivileges); }
/// <summary> /// Removes the privileges from the given account. /// </summary> /// <param name="account">The account.</param> /// <param name="privileges">The privileges.</param> /// <param name="removeAllRights">if set to <c>true</c> [remove all rights].</param> public void RemovePrivileges(string account, string[] privileges, bool removeAllRights = false) { var lsaPrivileges = new Advapi32.LsaUnicodeString[privileges.Length]; for (var i = 0; i < privileges.Length; i++) { lsaPrivileges[i] = privileges[i].ToLsaString(); } RemoveAccountRights(account, lsaPrivileges, removeAllRights); }
/// <summary> /// Add privileges to the given account /// </summary> /// <param name="account">Account name like "Olaf" xD</param> /// <param name="privilege"></param> public void AddPrivileges(string account, string privilege) { var lsaPrivileges = new Advapi32.LsaUnicodeString[1]; lsaPrivileges[0] = new Advapi32.LsaUnicodeString { Buffer = privilege, Length = (ushort)(privilege.Length * UnicodeEncoding.CharSize), MaximumLength = (ushort)((privilege.Length + 1) * UnicodeEncoding.CharSize) }; using (var win32Sid = new Win32Sid(account)) { //Add account rights NtStatus ret = Advapi32.LsaAddAccountRights(this, win32Sid.Pointer, lsaPrivileges, 1); if (ret != NtStatus.Success) { throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret)); } } }
/// <summary> /// Opens a new policy handle. /// </summary> /// <returns></returns> /// <exception cref="Win32Exception"></exception> public static LsaPolicyHandle OpenPolicyHandle() { var systemName = new Advapi32.LsaUnicodeString(); var lsaObjectAttributes = new LsaObjectAttributes { RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero, Length = Marshal.SizeOf <LsaObjectAttributes>() }; //Create a new LSA policy handle NtStatus ret = Advapi32.LsaOpenPolicy(ref systemName, ref lsaObjectAttributes, Kernel32.AccessMask.PolicySpecificRights.PolicyAllAccess, out LsaPolicyHandle policyHandle); //systemName = null (Local System) if (ret != NtStatus.Success) { throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret)); } return(policyHandle); }