LsaConnectUntrusted function (ntsecapi.h)

The LsaConnectUntrusted function establishes an untrusted connection to the LSA server.


NTSTATUS LsaConnectUntrusted(
  [out] PHANDLE LsaHandle


[out] LsaHandle

Pointer to a handle that receives the connection handle, which must be provided in future authentication services.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is an NTSTATUS code. For more information, see LSA Policy Function Return Values.

The LsaNtStatusToWinError function converts an NTSTATUS code to a Windows error code.


LsaConnectUntrusted returns a handle to an untrusted connection; it does not verify any information about the caller. The handle should be closed using the LsaDeregisterLogonProcess function.

If your application simply needs to query information from authentication packages, you can use the handle returned by this function in calls to LsaCallAuthenticationPackage and LsaLookupAuthenticationPackage.

Applications with the SeTcbPrivilege privilege may create a trusted connection by calling LsaRegisterLogonProcess.


Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
Library Secur32.lib
DLL Secur32.dll

See also