private void GrantUserPrivilege()
{
if (this.User == null)
{
Log.LogError("User is required");
return;
}
if (this.Privilege == null)
{
Log.LogError("Privilege is required");
return;
}
this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Granting Privilege to User: {0} - {1}", this.User[0].ItemSpec, this.Privilege));
int sidInt = 0;
IntPtr sid = IntPtr.Zero;
int domainNameInt = 0;
int use = 0;
IntPtr policyHandle = new IntPtr();
try
{
StringBuilder domainNameInternal = new StringBuilder(this.Domain);
ActiveDirectoryNativeMethods.LookupAccountName(this.MachineName, this.User[0].ItemSpec, sid, ref sidInt, domainNameInternal, ref domainNameInt, ref use);
domainNameInternal = new StringBuilder(domainNameInt);
sid = Marshal.AllocHGlobal(sidInt);
int returnValue = ActiveDirectoryNativeMethods.LookupAccountName(this.MachineName, this.User[0].ItemSpec, sid, ref sidInt, domainNameInternal, ref domainNameInt, ref use);
if (returnValue == 0)
{
this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error looking up account name: {0}", returnValue));
return;
}
LSA_OBJECT_ATTRIBUTES objectAttributes = new LSA_OBJECT_ATTRIBUTES {
Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero
};
LSA_UNICODE_STRING machineNameLSA = CreateLsaString(this.MachineName);
uint result = ActiveDirectoryNativeMethods.LsaOpenPolicy(ref machineNameLSA, ref objectAttributes, ActiveDirectoryNativeMethods.POLICY_CREATE_SECRET, out policyHandle);
if (result != 0)
{
this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error running LsaOpenPolicy: {0}", returnValue));
return;
}
LSA_UNICODE_STRING privilegeString = CreateLsaString(this.Privilege);
result = ActiveDirectoryNativeMethods.LsaAddAccountRights(policyHandle, sid, ref privilegeString, 1);
if (result != 0)
{
this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error running LsaAddAccountRights: {0}", returnValue));
return;
}
}
finally
{
ActiveDirectoryNativeMethods.LsaClose(policyHandle);
Marshal.FreeHGlobal(sid);
}
}
internal static extern uint LsaOpenPolicy(ref LSA_UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, int DesiredAccess, out IntPtr PolicyHandle);
private void GrantUserPrivilege()
{
if (this.User == null)
{
Log.LogError("User is required");
return;
}
if (this.Privilege == null)
{
Log.LogError("Privilege is required");
return;
}
this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Granting Privilege to User: {0} - {1}", this.User[0].ItemSpec, this.Privilege));
int sidInt = 0;
IntPtr sid = IntPtr.Zero;
int domainNameInt = 0;
int use = 0;
IntPtr policyHandle = new IntPtr();
try
{
StringBuilder domainNameInternal = new StringBuilder(this.Domain);
ActiveDirectoryNativeMethods.LookupAccountName(this.MachineName, this.User[0].ItemSpec, sid, ref sidInt, domainNameInternal, ref domainNameInt, ref use);
domainNameInternal = new StringBuilder(domainNameInt);
sid = Marshal.AllocHGlobal(sidInt);
int returnValue = ActiveDirectoryNativeMethods.LookupAccountName(this.MachineName, this.User[0].ItemSpec, sid, ref sidInt, domainNameInternal, ref domainNameInt, ref use);
if (returnValue == 0)
{
this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error looking up account name: {0}", returnValue));
return;
}
LSA_OBJECT_ATTRIBUTES objectAttributes = new LSA_OBJECT_ATTRIBUTES { Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero };
LSA_UNICODE_STRING machineNameLSA = CreateLsaString(this.MachineName);
uint result = ActiveDirectoryNativeMethods.LsaOpenPolicy(ref machineNameLSA, ref objectAttributes, ActiveDirectoryNativeMethods.POLICY_CREATE_SECRET, out policyHandle);
if (result != 0)
{
this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error running LsaOpenPolicy: {0}", returnValue));
return;
}
LSA_UNICODE_STRING privilegeString = CreateLsaString(this.Privilege);
result = ActiveDirectoryNativeMethods.LsaAddAccountRights(policyHandle, sid, ref privilegeString, 1);
if (result != 0)
{
this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error running LsaAddAccountRights: {0}", returnValue));
}
}
finally
{
ActiveDirectoryNativeMethods.LsaClose(policyHandle);
Marshal.FreeHGlobal(sid);
}
}
internal static extern uint LsaOpenPolicy(ref LSA_UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, int DesiredAccess, out IntPtr PolicyHandle);