3.1.4.5.4 LsarEnumeratePrivilegesAccount (Opnum 18)

The LsarEnumeratePrivilegesAccount method is invoked to retrieve a list of privileges granted to an account on the server.

 NTSTATUS LsarEnumeratePrivilegesAccount(
   [in] LSAPR_HANDLE AccountHandle,
   [out] PLSAPR_PRIVILEGE_SET* Privileges
 );

AccountHandle: An open account object handle obtained from either LsarCreateAccount (section 3.1.4.5.1) or LsarOpenAccount (section 3.1.4.5.3).

Privileges: Used to return a list of privileges granted to the account.

Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.

Return value/code

Description

0x00000000

STATUS_SUCCESS

The request was successfully completed.

0xC000009A

STATUS_INSUFFICIENT_RESOURCES

There are insufficient resources to complete the request.

0xC0000022

STATUS_ACCESS_DENIED

The caller does not have the permissions to perform this operation.

0xC0000008

STATUS_INVALID_HANDLE

AccountHandle is not a valid handle.

Processing:

This message takes two arguments:

AccountHandle: An open handle to an account object. If the handle is not a valid context handle to an account object or AccountHandle.HandleType does not equal "Account", the server MUST return STATUS_INVALID_HANDLE. The server MUST verify that AccountHandle grants access as specified in section 3.1.4.2.2 with RequiredAccess set to ACCOUNT_VIEW.

Privileges: Used to return a set of privileges associated with the account. It is valid for the set of privileges to be empty.

The server MUST return STATUS_INSUFFICIENT_RESOURCES if it runs out of memory while processing this request.