public static void RemoveAccountPermission(IntPtr policyHandle, byte[] accountSid, string permissionName)
{
NativeMethods.LsaUnicodeString UserPermission = new NativeMethods.LsaUnicodeString(permissionName);
uint ntStatus = NativeMethods.LsaRemoveAccountRights(policyHandle, accountSid, false, UserPermission, 1);
if (ntStatus != 0)
{
throw new Win32Exception(NativeMethods.LsaNtStatusToWinError(ntStatus));
}
}
public static IEnumerable <string> QueryGrantedAccountPermissions(IntPtr policyHandle, byte[] accountSid)
{
ICollection <string> GrantedAccountPermissions = new Collection <string>();
uint ntStatus = NativeMethods.LsaEnumerateAccountRights(policyHandle, accountSid, out IntPtr lpUserRights, out uint RightsCount);
switch (ntStatus)
{
case NativeMethods.LSA_STATUS_OBJECT_NAME_NOT_FOUND:
return(GrantedAccountPermissions);
case 0:
try
{
IntPtr lpCurrentUserRight = lpUserRights;
for (int index = 0; index < RightsCount; ++index)
{
NativeMethods.LsaUnicodeString UserPermission = Marshal.PtrToStructure <NativeMethods.LsaUnicodeString>(lpCurrentUserRight);
if (!string.IsNullOrEmpty(UserPermission.lpBuffer))
{
GrantedAccountPermissions.Add(UserPermission.lpBuffer);
}
lpCurrentUserRight = (IntPtr)((long)lpCurrentUserRight + NativeMethods.LsaUnicodeString.SizeOf);
}
}
finally
{
ntStatus = NativeMethods.LsaFreeMemory(lpUserRights);
}
if (ntStatus != 0)
{
throw new Win32Exception(NativeMethods.LsaNtStatusToWinError(ntStatus));
}
return(GrantedAccountPermissions);
default:
throw new Win32Exception(NativeMethods.LsaNtStatusToWinError(ntStatus));
}
}