private void GrantUserPrivilege()
        {
            if (this.User == null)
            {
                Log.LogError("User is required");
                return;
            }

            if (this.Privilege == null)
            {
                Log.LogError("Privilege is required");
                return;
            }

            this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Granting Privilege to User: {0} - {1}", this.User[0].ItemSpec, this.Privilege));

            int    sidInt        = 0;
            IntPtr sid           = IntPtr.Zero;
            int    domainNameInt = 0;
            int    use           = 0;
            IntPtr policyHandle  = new IntPtr();

            try
            {
                StringBuilder domainNameInternal = new StringBuilder(this.Domain);
                ActiveDirectoryNativeMethods.LookupAccountName(this.MachineName, this.User[0].ItemSpec, sid, ref sidInt, domainNameInternal, ref domainNameInt, ref use);
                domainNameInternal = new StringBuilder(domainNameInt);
                sid = Marshal.AllocHGlobal(sidInt);
                int returnValue = ActiveDirectoryNativeMethods.LookupAccountName(this.MachineName, this.User[0].ItemSpec, sid, ref sidInt, domainNameInternal, ref domainNameInt, ref use);
                if (returnValue == 0)
                {
                    this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error looking up account name: {0}", returnValue));
                    return;
                }

                LSA_OBJECT_ATTRIBUTES objectAttributes = new LSA_OBJECT_ATTRIBUTES {
                    Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero
                };
                LSA_UNICODE_STRING machineNameLSA = CreateLsaString(this.MachineName);
                uint result = ActiveDirectoryNativeMethods.LsaOpenPolicy(ref machineNameLSA, ref objectAttributes, ActiveDirectoryNativeMethods.POLICY_CREATE_SECRET, out policyHandle);
                if (result != 0)
                {
                    this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error running LsaOpenPolicy: {0}", returnValue));
                    return;
                }

                LSA_UNICODE_STRING privilegeString = CreateLsaString(this.Privilege);
                result = ActiveDirectoryNativeMethods.LsaAddAccountRights(policyHandle, sid, ref privilegeString, 1);
                if (result != 0)
                {
                    this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error running LsaAddAccountRights: {0}", returnValue));
                    return;
                }
            }
            finally
            {
                ActiveDirectoryNativeMethods.LsaClose(policyHandle);
                Marshal.FreeHGlobal(sid);
            }
        }
 internal static extern uint LsaOpenPolicy(ref LSA_UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, int DesiredAccess, out IntPtr PolicyHandle);
        private void GrantUserPrivilege()
        {
            if (this.User == null)
            {
                Log.LogError("User is required");
                return;
            }

            if (this.Privilege == null)
            {
                Log.LogError("Privilege is required");
                return;
            }

            this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Granting Privilege to User: {0} - {1}", this.User[0].ItemSpec, this.Privilege));

            int sidInt = 0;
            IntPtr sid = IntPtr.Zero;
            int domainNameInt = 0;
            int use = 0;
            IntPtr policyHandle = new IntPtr();

            try
            {
                StringBuilder domainNameInternal = new StringBuilder(this.Domain);
                ActiveDirectoryNativeMethods.LookupAccountName(this.MachineName, this.User[0].ItemSpec, sid, ref sidInt, domainNameInternal, ref domainNameInt, ref use);
                domainNameInternal = new StringBuilder(domainNameInt);
                sid = Marshal.AllocHGlobal(sidInt);
                int returnValue = ActiveDirectoryNativeMethods.LookupAccountName(this.MachineName, this.User[0].ItemSpec, sid, ref sidInt, domainNameInternal, ref domainNameInt, ref use);
                if (returnValue == 0)
                {
                    this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error looking up account name: {0}", returnValue));
                    return;
                }

                LSA_OBJECT_ATTRIBUTES objectAttributes = new LSA_OBJECT_ATTRIBUTES { Length = 0, RootDirectory = IntPtr.Zero, Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero };
                LSA_UNICODE_STRING machineNameLSA = CreateLsaString(this.MachineName);
                uint result = ActiveDirectoryNativeMethods.LsaOpenPolicy(ref machineNameLSA, ref objectAttributes, ActiveDirectoryNativeMethods.POLICY_CREATE_SECRET, out policyHandle);
                if (result != 0)
                {
                    this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error running LsaOpenPolicy: {0}", returnValue));
                    return;
                }

                LSA_UNICODE_STRING privilegeString = CreateLsaString(this.Privilege);
                result = ActiveDirectoryNativeMethods.LsaAddAccountRights(policyHandle, sid, ref privilegeString, 1);
                if (result != 0)
                {
                    this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Error running LsaAddAccountRights: {0}", returnValue));
                }
            }
            finally
            {
                ActiveDirectoryNativeMethods.LsaClose(policyHandle);
                Marshal.FreeHGlobal(sid);
            }
        }
 internal static extern uint LsaOpenPolicy(ref LSA_UNICODE_STRING SystemName, ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, int DesiredAccess, out IntPtr PolicyHandle);