3.1.4.6.8 LsarCreateSecret2 (Opnum 137)

The LsarCreateSecret2 method is invoked to create a new secret object in the server's database.<89>

 NTSTATUS LsarCreateSecret2(
   [in] LSAPR_HANDLE PolicyHandle,
   [in] PLSAPR_AES_CIPHER_VALUE EncryptedSecretName,
   [in] ACCESS_MASK DesiredAccess,
   [out] LSAPR_HANDLE *SecretHandle
 );

PolicyHandle: An RPC context handle obtained from LsarOpenPolicy3 (section 3.1.4.4.9).

EncryptedSecretName: The name of the secret to be created, encrypted to specification per AES Cipher Usage (section 5.1.5). 

DesiredAccess: A bitmask that specifies the accesses to be granted to the newly created and opened secret object at this time (section 2.2.1.1.4).

SecretHandle: Used to return a handle to the newly created secret object.

Return Values: The return values are the same as specified for LsarOpenSecret (section 3.1.4.6.2).

Processing:

The processing is the same as LsarCreateSecret section (3.1.4.6.1) with the exception that the encrypted secret name is first decrypted.