3.1.4.5.9 LsarEnumerateAccountsWithUserRight (Opnum 35)
The LsarEnumerateAccountsWithUserRight method is invoked to return a list of account objects that have the user right equal to the passed-in value.
-
NTSTATUS LsarEnumerateAccountsWithUserRight( [in] LSAPR_HANDLE PolicyHandle, [in, unique] PRPC_UNICODE_STRING UserRight, [out] PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer );
PolicyHandle: An RPC context handle obtained from either LsarOpenPolicy or LsarOpenPolicy2.
UserRight: The name of the right to use in enumeration.
EnumerationBuffer: Used to return the list of account objects that have the specified right.
Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.
-
Return value/code
Description
0x00000000
STATUS_SUCCESS
The request was successfully completed.
0xC0000022
STATUS_ACCESS_DENIED
The caller does not have the permissions to perform this operation.
0xC0000008
STATUS_INVALID_HANDLE
PolicyHandle is not a valid handle.
0xC0000060
STATUS_NO_SUCH_PRIVILEGE
The supplied name is not recognized by the server.
0xC000000D
STATUS_INVALID_PARAMETER
One of the supplied arguments is invalid.
0x8000001A
STATUS_NO_MORE_ENTRIES
No account was found with the specified privilege.
Processing:
This message takes three arguments:
PolicyHandle: An open handle to the policy object. If the handle is not a valid context handle to the policy object or PolicyHandle.HandleType does not equal "Policy", the server MUST return STATUS_INVALID_HANDLE. The server MUST verify that PolicyHandle grants access as specified in section 3.1.4.2.2 with RequiredAccess set to POLICY_VIEW_LOCAL_INFORMATION.<73>
UserRight: A string representation of an account right. If the server does not recognize the account right, it MUST return STATUS_NO_SUCH_PRIVILEGE.
The server executes the request by going through all accounts in its policy database and returning a set of all account object SIDs that have that right or privilege.
EnumerationBuffer: Used to return a set of account SIDs that have the specified UserRight.