Exemplo n.º 1
0
 internal static extern UInt32 LsaAddAccountRights
 (
     LSA_HANDLE PolicyHandle,
     IntPtr pSID,
     LSA_UNICODE_STRING[] UserRights,
     Int32 CountOfRights
 );
 public static extern uint LsaRemoveAccountRights(
     LSA_HANDLE PolicyHandle,
     IntPtr AccountSid,
     bool AllRights,
     LsaSecurityWrapper.LSA_UNICODE_STRING[] UserRights,
     int CountOfRights
     );
Exemplo n.º 3
0
 internal static extern int LsaLookupNames2(
     LSA_HANDLE PolicyHandle,
     uint Flags,
     uint Count,
     LSA_UNICODE_STRING[] Names,
     ref IntPtr ReferencedDomains,
     ref IntPtr Sids
     );
Exemplo n.º 4
0
 private static NTStatus SetPrivilegeOnAccount(LSA_HANDLE PolicyHandle, PSID AccountSid, string PrivilegeName, bool bEnable)
 {
     //
     // grant or revoke the privilege, accordingly
     //
     return(bEnable
                         ? LsaAddAccountRights(PolicyHandle, AccountSid, new[] { PrivilegeName }, 1)
                         : LsaRemoveAccountRights(PolicyHandle, AccountSid, false, new[] { PrivilegeName }, 1));
 }
Exemplo n.º 5
0
        private static void SetAuditMode(LSA_HANDLE PolicyHandle, bool bEnable)
        {
            // obtain current AuditEvents
            var AuditEvents = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle);

            // update the relevant member
            AuditEvents.AuditingMode = bEnable;

            // set all auditevents to the unchanged status...
            for (var i = 0U; i < AuditEvents.MaximumAuditEventCount; i++)
            {
                AuditEvents.EventAuditingOptions[i] = POLICY_AUDIT_EVENT_OPTIONS.POLICY_AUDIT_EVENT_UNCHANGED;
            }

            // set the new auditing mode (enabled or disabled)
            LsaSetInformationPolicy(PolicyHandle, AuditEvents);
        }
Exemplo n.º 6
0
        private static void DisplayAudit(LSA_HANDLE PolicyHandle)
        {
            // obtain AuditEvents
            var AuditEvents = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle);

            // successfully obtained AuditEventsInformation. Now display.
            if (AuditEvents.AuditingMode)
            {
                Console.Write("Auditing Enabled\n");
            }
            else
            {
                Console.Write("Auditing Disabled\n");
            }

            for (var i = 0U; i < AuditEvents.MaximumAuditEventCount; i++)
            {
                DisplayAuditEventOption(i, AuditEvents.EventAuditingOptions[i]);
            }
        }
Exemplo n.º 7
0
        private static void SetAuditEvent(LSA_HANDLE PolicyHandle, POLICY_AUDIT_EVENT_TYPE EventType, POLICY_AUDIT_EVENT_OPTIONS EventOption)
        {
            // obtain AuditEvents
            var pae = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle);

            // ensure we were passed a valid EventType and EventOption
            if ((uint)EventType > pae.MaximumAuditEventCount || !EventOption.IsValid())
            {
                throw ((NTStatus)NTStatus.STATUS_INVALID_PARAMETER).GetException();
            }

            // set all auditevents to the unchanged status...
            for (var i = 0U; i < pae.MaximumAuditEventCount; i++)
            {
                pae.EventAuditingOptions[i] = POLICY_AUDIT_EVENT_OPTIONS.POLICY_AUDIT_EVENT_UNCHANGED;
            }

            // ...and update only the specified EventType
            pae.EventAuditingOptions[(int)EventType] = EventOption;

            // set the new AuditEvents
            LsaSetInformationPolicy(PolicyHandle, pae);
        }
Exemplo n.º 8
0
 public static extern NTStatus LsaLookupPrivilegeValue(LSA_HANDLE PolicyHandle, [In, MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(LsaUnicodeStringMarshaler))] string Name, out LUID Value);
 public static extern uint LsaAddAccountRights(
     LSA_HANDLE PolicyHandle,
     IntPtr pSID,
     LsaSecurityWrapper.LSA_UNICODE_STRING[] UserRights,
     int CountOfRights
     );