internal static extern UInt32 LsaAddAccountRights ( LSA_HANDLE PolicyHandle, IntPtr pSID, LSA_UNICODE_STRING[] UserRights, Int32 CountOfRights );
public static extern uint LsaRemoveAccountRights( LSA_HANDLE PolicyHandle, IntPtr AccountSid, bool AllRights, LsaSecurityWrapper.LSA_UNICODE_STRING[] UserRights, int CountOfRights );
internal static extern int LsaLookupNames2( LSA_HANDLE PolicyHandle, uint Flags, uint Count, LSA_UNICODE_STRING[] Names, ref IntPtr ReferencedDomains, ref IntPtr Sids );
private static NTStatus SetPrivilegeOnAccount(LSA_HANDLE PolicyHandle, PSID AccountSid, string PrivilegeName, bool bEnable) { // // grant or revoke the privilege, accordingly // return(bEnable ? LsaAddAccountRights(PolicyHandle, AccountSid, new[] { PrivilegeName }, 1) : LsaRemoveAccountRights(PolicyHandle, AccountSid, false, new[] { PrivilegeName }, 1)); }
private static void SetAuditMode(LSA_HANDLE PolicyHandle, bool bEnable) { // obtain current AuditEvents var AuditEvents = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle); // update the relevant member AuditEvents.AuditingMode = bEnable; // set all auditevents to the unchanged status... for (var i = 0U; i < AuditEvents.MaximumAuditEventCount; i++) { AuditEvents.EventAuditingOptions[i] = POLICY_AUDIT_EVENT_OPTIONS.POLICY_AUDIT_EVENT_UNCHANGED; } // set the new auditing mode (enabled or disabled) LsaSetInformationPolicy(PolicyHandle, AuditEvents); }
private static void DisplayAudit(LSA_HANDLE PolicyHandle) { // obtain AuditEvents var AuditEvents = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle); // successfully obtained AuditEventsInformation. Now display. if (AuditEvents.AuditingMode) { Console.Write("Auditing Enabled\n"); } else { Console.Write("Auditing Disabled\n"); } for (var i = 0U; i < AuditEvents.MaximumAuditEventCount; i++) { DisplayAuditEventOption(i, AuditEvents.EventAuditingOptions[i]); } }
private static void SetAuditEvent(LSA_HANDLE PolicyHandle, POLICY_AUDIT_EVENT_TYPE EventType, POLICY_AUDIT_EVENT_OPTIONS EventOption) { // obtain AuditEvents var pae = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle); // ensure we were passed a valid EventType and EventOption if ((uint)EventType > pae.MaximumAuditEventCount || !EventOption.IsValid()) { throw ((NTStatus)NTStatus.STATUS_INVALID_PARAMETER).GetException(); } // set all auditevents to the unchanged status... for (var i = 0U; i < pae.MaximumAuditEventCount; i++) { pae.EventAuditingOptions[i] = POLICY_AUDIT_EVENT_OPTIONS.POLICY_AUDIT_EVENT_UNCHANGED; } // ...and update only the specified EventType pae.EventAuditingOptions[(int)EventType] = EventOption; // set the new AuditEvents LsaSetInformationPolicy(PolicyHandle, pae); }
public static extern NTStatus LsaLookupPrivilegeValue(LSA_HANDLE PolicyHandle, [In, MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(LsaUnicodeStringMarshaler))] string Name, out LUID Value);
public static extern uint LsaAddAccountRights( LSA_HANDLE PolicyHandle, IntPtr pSID, LsaSecurityWrapper.LSA_UNICODE_STRING[] UserRights, int CountOfRights );