LsaGetLogonSessionData function (ntsecapi.h)

The LsaGetLogonSessionData function retrieves information about a specified logon session.

To retrieve information about a logon session, the caller must be the owner of the session or a local system administrator.


NTSTATUS LsaGetLogonSessionData(
  [in]  PLUID                        LogonId,
  [out] PSECURITY_LOGON_SESSION_DATA *ppLogonSessionData


[in] LogonId

Specifies a pointer to a LUID that identifies the logon session whose information will be retrieved. For information about valid values for this parameter, see Remarks.

[out] ppLogonSessionData

Address of a pointer to a SECURITY_LOGON_SESSION_DATA structure containing information on the logon session specified by LogonId. This structure is allocated by the LSA. When the information is no longer needed, call the LsaFreeReturnBuffer function to free the memory used by this structure.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is an NTSTATUS code indicating the reason.


To obtain valid logon session identifiers that may be passed to this function's LogonId parameter, call the LsaEnumerateLogonSessions function.

If LogonID specifies the LocalSystem account (0x0:0x3e7), then this function returns zero for the logon session data retrieved in ppLogonSessionData. The reason is that the LocalSystem account does not get logged on in the typical logon manner. Rather, the LocalSystem account is active after the system starts.


Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
Library Secur32.lib
DLL Secur32.dll