internal static extern UInt32 LsaAddAccountRights
(
LSA_HANDLE PolicyHandle,
IntPtr pSID,
LSA_UNICODE_STRING[] UserRights,
Int32 CountOfRights
);
public static extern uint LsaRemoveAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr AccountSid,
bool AllRights,
LsaSecurityWrapper.LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
internal static extern int LsaLookupNames2(
LSA_HANDLE PolicyHandle,
uint Flags,
uint Count,
LSA_UNICODE_STRING[] Names,
ref IntPtr ReferencedDomains,
ref IntPtr Sids
);
private static NTStatus SetPrivilegeOnAccount(LSA_HANDLE PolicyHandle, PSID AccountSid, string PrivilegeName, bool bEnable)
{
//
// grant or revoke the privilege, accordingly
//
return(bEnable
? LsaAddAccountRights(PolicyHandle, AccountSid, new[] { PrivilegeName }, 1)
: LsaRemoveAccountRights(PolicyHandle, AccountSid, false, new[] { PrivilegeName }, 1));
}
private static void SetAuditMode(LSA_HANDLE PolicyHandle, bool bEnable)
{
// obtain current AuditEvents
var AuditEvents = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle);
// update the relevant member
AuditEvents.AuditingMode = bEnable;
// set all auditevents to the unchanged status...
for (var i = 0U; i < AuditEvents.MaximumAuditEventCount; i++)
{
AuditEvents.EventAuditingOptions[i] = POLICY_AUDIT_EVENT_OPTIONS.POLICY_AUDIT_EVENT_UNCHANGED;
}
// set the new auditing mode (enabled or disabled)
LsaSetInformationPolicy(PolicyHandle, AuditEvents);
}
private static void DisplayAudit(LSA_HANDLE PolicyHandle)
{
// obtain AuditEvents
var AuditEvents = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle);
// successfully obtained AuditEventsInformation. Now display.
if (AuditEvents.AuditingMode)
{
Console.Write("Auditing Enabled\n");
}
else
{
Console.Write("Auditing Disabled\n");
}
for (var i = 0U; i < AuditEvents.MaximumAuditEventCount; i++)
{
DisplayAuditEventOption(i, AuditEvents.EventAuditingOptions[i]);
}
}
private static void SetAuditEvent(LSA_HANDLE PolicyHandle, POLICY_AUDIT_EVENT_TYPE EventType, POLICY_AUDIT_EVENT_OPTIONS EventOption)
{
// obtain AuditEvents
var pae = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle);
// ensure we were passed a valid EventType and EventOption
if ((uint)EventType > pae.MaximumAuditEventCount || !EventOption.IsValid())
{
throw ((NTStatus)NTStatus.STATUS_INVALID_PARAMETER).GetException();
}
// set all auditevents to the unchanged status...
for (var i = 0U; i < pae.MaximumAuditEventCount; i++)
{
pae.EventAuditingOptions[i] = POLICY_AUDIT_EVENT_OPTIONS.POLICY_AUDIT_EVENT_UNCHANGED;
}
// ...and update only the specified EventType
pae.EventAuditingOptions[(int)EventType] = EventOption;
// set the new AuditEvents
LsaSetInformationPolicy(PolicyHandle, pae);
}
public static extern NTStatus LsaLookupPrivilegeValue(LSA_HANDLE PolicyHandle, [In, MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(LsaUnicodeStringMarshaler))] string Name, out LUID Value);
public static extern uint LsaAddAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr pSID,
LsaSecurityWrapper.LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
