/// <summary>
/// Enables or disables the specified privilege on the primary
/// access token of the current process.
/// </summary>
/// <param name="privilege">Privilege to enable or disable.</param>
/// <param name="enable">True to enable the privilege, false to
/// disable it.</param>
/// <returns>True if the privilege was enabled prior to the change,
/// false if it was disabled.</returns>
public static bool ModifyPrivilege(PrivilegeName privilege, bool enable)
{
if (!LookupPrivilegeValue(null, privilege.ToString(), out LUID luid))
{
throw new System.ComponentModel.Win32Exception();
}
using (var identity = System.Security.Principal.WindowsIdentity.GetCurrent(
System.Security.Principal.TokenAccessLevels.AdjustPrivileges |
System.Security.Principal.TokenAccessLevels.Query))
{
var newPriv = new TOKEN_PRIVILEGES
{
Privileges = new LUID_AND_ATTRIBUTES[1],
PrivilegeCount = 1
};
newPriv.Privileges[0].Luid = luid;
newPriv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0;
var prevPriv = new TOKEN_PRIVILEGES
{
Privileges = new LUID_AND_ATTRIBUTES[1],
PrivilegeCount = 1
};
if (!AdjustTokenPrivileges(identity.Token, false, ref newPriv,
(uint)Marshal.SizeOf(prevPriv), ref prevPriv, out uint returnedBytes))
{
throw new System.ComponentModel.Win32Exception();
}
return(prevPriv.PrivilegeCount == 0 ? enable /* didn't make a change */ : ((prevPriv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) != 0));
}
}
/// <summary>
/// Enables or disables the specified privilege on the primary access token of the current process.</summary>
/// <param name="privilege">
/// Privilege to enable or disable.</param>
/// <param name="enable">
/// True to enable the privilege, false to disable it.</param>
/// <returns>
/// True if the privilege was enabled prior to the change, false if it was disabled.</returns>
public static bool ModifyPrivilege(PrivilegeName privilege, bool enable)
{
if (!LookupPrivilegeValue(null, privilege.ToString(), out Luid luid))
{
throw new Win32Exception();
}
using (var identity = WindowsIdentity.GetCurrent(TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query))
{
var newPriv = new TokenPrivileges
{
Privileges = new LuidAndAttributes[]
{
new LuidAndAttributes {
Luid = luid,
Attributes = enable ? SE_PRIVILEGE_ENABLED : 0
}
},
PrivilegeCount = 1
};
var prevPriv = new TokenPrivileges
{
Privileges = new LuidAndAttributes[1],
PrivilegeCount = 1
};
if (!AdjustTokenPrivileges(identity.Token, false, ref newPriv, (uint)Marshal.SizeOf(prevPriv), ref prevPriv, out uint returnedBytes))
{
throw new Win32Exception();
}
return(prevPriv.PrivilegeCount == 0 ? enable /* didn't make a change */ : ((prevPriv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) != 0));
}
}
/// <summary>
/// Lookup privilege value
/// </summary>
/// <param name="systemName"></param>
/// <param name="privilegeName"></param>
/// <returns></returns>
public static PrivilegeValue LookupPrivilegeValue(string systemName, PrivilegeName privilegeName)
{
if (Environment.OSVersion.Platform != PlatformID.Win32NT || !CheckEntryPoint("advapi32.dll", "LookupPrivilegeValueA"))
{
throw new PrivilegeException("Failed to lookup privilege value. LookupPrivilegeValue() is not supported.");
}
PrivilegeValue privilegePrivilegeValue = new PrivilegeValue();
if (LookupPrivilegeValue(systemName, privilegeName.ToString(), ref privilegePrivilegeValue) == 0)
{
throw new PrivilegeException($"Failed to lookup privilege value for privilege '{privilegeName}'. Win32 error: {FormatError(Marshal.GetLastWin32Error())}");
}
return(privilegePrivilegeValue);
}
