LsaAddAccountRights function (ntsecapi.h)
The LsaAddAccountRights function assigns one or more privileges to an account. If the account does not exist, LsaAddAccountRights creates it.
Syntax
NTSTATUS LsaAddAccountRights(
[in] LSA_HANDLE PolicyHandle,
[in] PSID AccountSid,
[in] PLSA_UNICODE_STRING UserRights,
[in] ULONG CountOfRights
);
Parameters
[in] PolicyHandle
A handle to a Policy object. The handle must have the POLICY_LOOKUP_NAMES access right. If the account identified by the AccountSid parameter does not exist, the handle must have the POLICY_CREATE_ACCOUNT access right. For more information, see Opening a Policy Object Handle.
[in] AccountSid
Pointer to the SID of the account to which the function assigns privileges.
[in] UserRights
Pointer to an array of LSA_UNICODE_STRING structures. Each structure contains the name of a privilege to add to the account. For a list of privilege names, see Privilege Constants.
[in] CountOfRights
Specifies the number of elements in the UserRights array.
Return value
If the function succeeds, the return value is STATUS_SUCCESS.
If the function fails, the return value is an NTSTATUS code, which can be the following value or one of the LSA Policy Function Return Values.
| Return code | Description |
|---|---|
|
One of the privilege names is not valid. |
You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.
Remarks
If you specify privileges already granted to the account, they are ignored.
For an example that demonstrates calling this function, see Managing Account Permissions.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | ntsecapi.h |
| Library | Advapi32.lib |
| DLL | Advapi32.dll |