/// <summary>
/// Give you an array with all privileges that the account have
/// </summary>
/// <param name="account">Account name like "Olaf"</param>
/// <returns></returns>
public Advapi32.LsaUnicodeString[] EnumeratePrivileges(string account)
{
IntPtr rightsPtr = IntPtr.Zero;
try
{
uint countOfRights;
using (var win32Sid = new Win32Sid(account))
{
//Enumerate account rights
NtStatus ret = Advapi32.LsaEnumerateAccountRights(this, win32Sid.Pointer, out rightsPtr, out countOfRights);
if (ret != NtStatus.Success)
{
throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret));
}
}
var privileges = new Advapi32.LsaUnicodeString[countOfRights];
IntPtr tempPtr = rightsPtr;
for (var i = 0; i < countOfRights; i++)
{
privileges[i] = (Advapi32.LsaUnicodeString)Marshal.PtrToStructure(tempPtr, typeof(Advapi32.LsaUnicodeString));
tempPtr = tempPtr + Marshal.SizeOf <Advapi32.LsaUnicodeString>();
}
return(privileges);
}
finally
{
if (rightsPtr != IntPtr.Zero)
{
Advapi32.LsaFreeMemory(rightsPtr);
}
}
}
private void RemoveAccountRights(string account, Advapi32.LsaUnicodeString[] rights, bool removeAllRights = false)
{
using (var win32Sid = new Win32Sid(account))
{
//Remove account rights
NtStatus ret = Advapi32.LsaRemoveAccountRights(this, win32Sid.Pointer, removeAllRights, rights, 1);
if (ret != NtStatus.Success)
{
throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret));
}
}
}
private void AddAccountRights(string account, Advapi32.LsaUnicodeString[] rights)
{
using (var win32Sid = new Win32Sid(account))
{
//Add account rights
NtStatus ret = Advapi32.LsaAddAccountRights(this, win32Sid.Pointer, rights, 1);
if (ret != NtStatus.Success)
{
throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret));
}
}
}
/// <summary>
/// Give you an array with all privileges that the account have.
/// </summary>
/// <param name="account">Account name like "Olaf"</param>
/// <returns></returns>
public string[] EnumeratePrivileges(string account)
{
IntPtr rightsPtr = IntPtr.Zero;
try
{
uint countOfRights;
using (var win32Sid = new Win32Sid(account))
{
//Enumerate account rights
NtStatus ret = Advapi32.LsaEnumerateAccountRights(this, win32Sid.Pointer, out rightsPtr, out countOfRights);
if (ret == NtStatus.ObjectNameNotFound) //When you use a user account that does not have privileges explicitly assigned to it, the function will return NtStatus.ObjectNameNotFound.
{
return(Array.Empty <string>());
}
if (ret != NtStatus.Success)
{
throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret));
}
}
var lsaUnicodeStringSize = Marshal.SizeOf <Advapi32.LsaUnicodeString>();
var privileges = new string[countOfRights];
IntPtr tempPtr = rightsPtr;
for (var i = 0; i < countOfRights; i++)
{
var lasPrivilege = Marshal.PtrToStructure <Advapi32.LsaUnicodeString>(tempPtr);
IntPtr.Add(tempPtr, lsaUnicodeStringSize);
privileges[i] = lasPrivilege.Buffer;
}
return(privileges);
}
finally
{
if (rightsPtr != IntPtr.Zero)
{
Advapi32.LsaFreeMemory(rightsPtr);
}
}
}
/// <summary>
/// Add privileges to the given account
/// </summary>
/// <param name="account">Account name like "Olaf" xD</param>
/// <param name="privilege"></param>
public void AddPrivileges(string account, string privilege)
{
var lsaPrivileges = new Advapi32.LsaUnicodeString[1];
lsaPrivileges[0] = new Advapi32.LsaUnicodeString
{
Buffer = privilege,
Length = (ushort)(privilege.Length * UnicodeEncoding.CharSize),
MaximumLength = (ushort)((privilege.Length + 1) * UnicodeEncoding.CharSize)
};
using (var win32Sid = new Win32Sid(account))
{
//Add account rights
NtStatus ret = Advapi32.LsaAddAccountRights(this, win32Sid.Pointer, lsaPrivileges, 1);
if (ret != NtStatus.Success)
{
throw new Win32Exception(Advapi32.LsaNtStatusToWinError(ret));
}
}
}