Edit

Share via

LsaEnumerateAccountsWithUserRight function (ntsecapi.h)

  • Article

The LsaEnumerateAccountsWithUserRight function returns the accounts in the database of a Local Security Authority (LSA) Policy object that hold a specified privilege. The accounts returned by this function hold the specified privilege directly through the user account, not as part of membership to a group.

Syntax

NTSTATUS LsaEnumerateAccountsWithUserRight(
  [in]  LSA_HANDLE          PolicyHandle,
  [in]  PLSA_UNICODE_STRING UserRight,
  [out] PVOID               *Buffer,
  [out] PULONG              CountReturned
);

Parameters

[in] PolicyHandle

A handle to a Policy object. The handle must have POLICY_LOOKUP_NAMES and POLICY_VIEW_LOCAL_INFORMATION user rights. For more information, see Opening a Policy Object Handle.

[in] UserRight

Pointer to an LSA_UNICODE_STRING structure that specifies the name of a privilege. For a list of privileges, see Privilege Constants and Account Rights Constants.

If this parameter is NULL, the function enumerates all accounts in the LSA database of the system associated with the Policy object.

[out] Buffer

Pointer to a variable that receives a pointer to an array of LSA_ENUMERATION_INFORMATION structures. The Sid member of each structure is a pointer to the security identifier (SID) of an account that holds the specified privilege.

When you no longer need the information, free the memory by passing the returned pointer to the LsaFreeMemory function.

[out] CountReturned

Pointer to a variable that receives the number of entries returned in the EnumerationBuffer parameter.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.

Value Description
STATUS_NO_SUCH_PRIVILEGE
 The privilege string specified was not a valid privilege.
STATUS_NO_MORE_ENTRIES
 There were no accounts with the specified privilege.
 

You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
Library Advapi32.lib
DLL Advapi32.dll

See also

LSA_ENUMERATION_INFORMATION

LSA_UNICODE_STRING

LsaFreeMemory

LsaOpenPolicy