LsaRetrievePrivateData function (ntsecapi.h)

Do not use the LSA private data functions. Instead, use the CryptProtectData and CryptUnprotectData functions.


NTSTATUS LsaRetrievePrivateData(
  [in]  LSA_HANDLE          PolicyHandle,
  [out] PLSA_UNICODE_STRING *PrivateData


[in] PolicyHandle

A handle to a Policy object. The handle must have the POLICY_GET_PRIVATE_INFORMATION access right. For more information, see Opening a Policy Object Handle.

[in] KeyName

Pointer to an LSA_UNICODE_STRING structure that contains the name of the key under which the private data is stored.

To create a specialized object, add one of the following prefixes to the key name.

Prefix Meaning
For local objects.
For global objects.
For computer objects.

If you are not creating one of these specialized types, you do not need to specify a key name prefix. For more information, see Private Data Object.

[out] PrivateData

Pointer to a variable that receives a pointer to an LSA_UNICODE_STRING structure that contains the private data.

When you no longer need the information, pass the returned pointer to LsaFreeMemory.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS value, which can be the following value or one of the LSA Policy Function Return Values.

Return code Description
No private data is stored under the name specified by the KeyName parameter.

You can use the LsaNtStatusToWinError function to convert the NTSTATUS value to a Windows error code.


You must run this process "As Administrator" or the call fails with ERROR_ACCESS_DENIED.


Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
Library Advapi32.lib
DLL Advapi32.dll

See also