/// <summary> /// Enables or disables the specified privilege on the primary /// access token of the current process. /// </summary> /// <param name="privilege">Privilege to enable or disable.</param> /// <param name="enable">True to enable the privilege, false to /// disable it.</param> /// <returns>True if the privilege was enabled prior to the change, /// false if it was disabled.</returns> public static bool ModifyPrivilege(PrivilegeName privilege, bool enable) { if (!LookupPrivilegeValue(null, privilege.ToString(), out LUID luid)) { throw new System.ComponentModel.Win32Exception(); } using (var identity = System.Security.Principal.WindowsIdentity.GetCurrent( System.Security.Principal.TokenAccessLevels.AdjustPrivileges | System.Security.Principal.TokenAccessLevels.Query)) { var newPriv = new TOKEN_PRIVILEGES { Privileges = new LUID_AND_ATTRIBUTES[1], PrivilegeCount = 1 }; newPriv.Privileges[0].Luid = luid; newPriv.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0; var prevPriv = new TOKEN_PRIVILEGES { Privileges = new LUID_AND_ATTRIBUTES[1], PrivilegeCount = 1 }; if (!AdjustTokenPrivileges(identity.Token, false, ref newPriv, (uint)Marshal.SizeOf(prevPriv), ref prevPriv, out uint returnedBytes)) { throw new System.ComponentModel.Win32Exception(); } return(prevPriv.PrivilegeCount == 0 ? enable /* didn't make a change */ : ((prevPriv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) != 0)); } }
/// <summary> /// Enables or disables the specified privilege on the primary access token of the current process.</summary> /// <param name="privilege"> /// Privilege to enable or disable.</param> /// <param name="enable"> /// True to enable the privilege, false to disable it.</param> /// <returns> /// True if the privilege was enabled prior to the change, false if it was disabled.</returns> public static bool ModifyPrivilege(PrivilegeName privilege, bool enable) { if (!LookupPrivilegeValue(null, privilege.ToString(), out Luid luid)) { throw new Win32Exception(); } using (var identity = WindowsIdentity.GetCurrent(TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query)) { var newPriv = new TokenPrivileges { Privileges = new LuidAndAttributes[] { new LuidAndAttributes { Luid = luid, Attributes = enable ? SE_PRIVILEGE_ENABLED : 0 } }, PrivilegeCount = 1 }; var prevPriv = new TokenPrivileges { Privileges = new LuidAndAttributes[1], PrivilegeCount = 1 }; if (!AdjustTokenPrivileges(identity.Token, false, ref newPriv, (uint)Marshal.SizeOf(prevPriv), ref prevPriv, out uint returnedBytes)) { throw new Win32Exception(); } return(prevPriv.PrivilegeCount == 0 ? enable /* didn't make a change */ : ((prevPriv.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) != 0)); } }
/// <summary> /// Lookup privilege value /// </summary> /// <param name="systemName"></param> /// <param name="privilegeName"></param> /// <returns></returns> public static PrivilegeValue LookupPrivilegeValue(string systemName, PrivilegeName privilegeName) { if (Environment.OSVersion.Platform != PlatformID.Win32NT || !CheckEntryPoint("advapi32.dll", "LookupPrivilegeValueA")) { throw new PrivilegeException("Failed to lookup privilege value. LookupPrivilegeValue() is not supported."); } PrivilegeValue privilegePrivilegeValue = new PrivilegeValue(); if (LookupPrivilegeValue(systemName, privilegeName.ToString(), ref privilegePrivilegeValue) == 0) { throw new PrivilegeException($"Failed to lookup privilege value for privilege '{privilegeName}'. Win32 error: {FormatError(Marshal.GetLastWin32Error())}"); } return(privilegePrivilegeValue); }