2.2.1.5.3 NETLOGON_DELTA_ACCOUNTS
The NETLOGON_DELTA_ACCOUNTS structure contains the settings and privileges for a Local Security Authority (LSA) account. This structure is used for replicating the LSA account data from the primary domain controller (PDC) to a backup domain controller (BDC).
-
typedef struct _NETLOGON_DELTA_ACCOUNTS { ULONG PrivilegeEntries; ULONG PrivilegeControl; [size_is(PrivilegeEntries)] ULONG* PrivilegeAttributes; [size_is(PrivilegeEntries)] PUNICODE_STRING PrivilegeNames; NLPR_QUOTA_LIMITS QuotaLimits; ULONG SystemAccessFlags; SECURITY_INFORMATION SecurityInformation; ULONG SecuritySize; [size_is(SecuritySize)] UCHAR* SecurityDescriptor; UNICODE_STRING DummyString1; UNICODE_STRING DummyString2; UNICODE_STRING DummyString3; UNICODE_STRING DummyString4; ULONG DummyLong1; ULONG DummyLong2; ULONG DummyLong3; ULONG DummyLong4; } NETLOGON_DELTA_ACCOUNTS, *PNETLOGON_DELTA_ACCOUNTS;
PrivilegeEntries: The number of privileges associated with the LSA account.
PrivilegeControl: A bit flag describing the properties of the account privileges. A flag is TRUE (or set) if its value is equal to 1. The PrivilegeControl value is as follows.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
A
-
Where the bits are defined as:
-
Value
Description
A
All of the specified privileges MUST be held by the process that is requesting access.
-
All other bits MUST be set to zero and MUST be ignored on receipt.
PrivilegeAttributes: Pointer to an array of unsigned 32-bit values that contain a set of bit flags describing each privilege's attributes. An attribute is TRUE (or set) if its value is equal to 1. The value is constructed from zero or more bit flags from the following table.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
B
A
-
Where the bits are defined as:
-
Value
Description
A
Privilege is enabled by default.
B
Privilege is enabled.
-
All other bits MUST be set to zero and MUST be ignored on receipt.
PrivilegeNames: A pointer to an array of privilege names represented as UNICODE_STRING structures. The names of the privileges are implementation specific.
QuotaLimits: An NLPR_QUOTA_LIMITS structure (section 2.2.1.5.2) that describes the account's current quota settings.
SystemAccessFlags: A set of the following bit flags that specify the ways in which the account is permitted to access the system as detailed in POLICY_MODE_INTERACTIVE, POLICY_MODE_NETWORK, POLICY_MODE_BATCH, POLICY_MODE_SERVICE, and POLICY_MODE_PROXY of [MS-LSAD]. See [MS-LSAD] for the specification of these bit values and allowed combinations.
SecurityInformation: A SECURITY_INFORMATION structure, as specified in [MS-DTYP] section 2.4.7, that specifies portions of a security descriptor about the trusted domain.
SecuritySize: The size, in bytes, of the SecurityDescriptor field.
SecurityDescriptor: A pointer to a SECURITY_DESCRIPTOR structure, as specified in [MS-DTYP] section 2.4.6, that describes the security settings for the account object.
DummyString1: A STRING structure, defined in section 2.2.1.1.2, that MUST contain 0 for the Length field, 0 for the MaximumLength field, and NULL for the Buffer field. It is ignored upon receipt. The Netlogon usage of dummy fields is defined in section 1.3.8.1.2.
DummyString2: See definition for DummyString1 field.
DummyString3: See definition for DummyString1 field.
DummyString4: See definition for DummyString1 field.
DummyLong1: MUST be set to zero and MUST be ignored on receipt. The Netlogon usage of dummy fields is defined in section 1.3.8.1.2.
DummyLong2: See definition for DummyLong1 field.
DummyLong3: See definition for DummyLong1 field.
DummyLong4: See definition for DummyLong1 field.