3.1.2.2 Standard Handle-Based Access Checks
The following tables specify the required access for the RPC methods that enforce required access on a handle parameter.
-
Information level
Required access
N/A
None checked
-
Information level
Required access
N/A
SAM_SERVER_LOOKUP_DOMAIN
SamrEnumerateDomainsInSamServer
Information level
Required access
N/A
SAM_SERVER_ENUMERATE_DOMAINS
-
Information level
Required access
N/A
SAM_SERVER_LOOKUP_DOMAIN
-
Information level
Required access
DomainPasswordInformation
DOMAIN_READ_PASSWORD_PARAMETERS
DomainLockoutInformation:
DOMAIN_READ_PASSWORD_PARAMETERS
DomainGeneralInformation
DOMAIN_READ_OTHER_PARAMETERS
DomainLogoffInformation
DOMAIN_READ_OTHER_PARAMETERS
DomainOemInformation
DOMAIN_READ_OTHER_PARAMETERS
DomainNameInformation
DOMAIN_READ_OTHER_PARAMETERS
DomainServerRoleInformation
DOMAIN_READ_OTHER_PARAMETERS
DomainReplicationInformation
DOMAIN_READ_OTHER_PARAMETERS
DomainModifiedInformation
DOMAIN_READ_OTHER_PARAMETERS
DomainStateInformation
DOMAIN_READ_OTHER_PARAMETERS
DomainModifiedInformation2
DOMAIN_READ_OTHER_PARAMETERS
DomainGeneralInformation2
DOMAIN_READ_PASSWORD_PARAMETERS |
DOMAIN_READ_OTHER_PARAMETERS
-
Information level
Required access
DomainPasswordInformation
DOMAIN_WRITE_PASSWORD_PARAMS
DomainLockoutInformation
DOMAIN_WRITE_PASSWORD_PARAMS
DomainLogoffInformation
DOMAIN_WRITE_OTHER_PARAMETERS
DomainOemInformation
DOMAIN_WRITE_OTHER_PARAMETERS
DomainReplicationInformation
DOMAIN_ADMINISTER_SERVER
DomainStateInformation
DOMAIN_ADMINISTER_SERVER
DomainServerRoleInformation
DOMAIN_ADMINISTER_SERVER
-
Information level
Required access
N/A
DOMAIN_CREATE_GROUP
-
Information level
Required access
N/A
DOMAIN_LIST_ACCOUNTS
-
Information level
Required access
N/A
DOMAIN_CREATE_USER
-
Information level
Required access
N/A
DOMAIN_LIST_ACCOUNTS
-
Information level
Required access
N/A
DOMAIN_CREATE_ALIAS
-
Information level
Required access
N/A
DOMAIN_LIST_ACCOUNTS
-
Information level
Required access
N/A
DOMAIN_GET_ALIAS_MEMBERSHIP
-
Information level
Required access
N/A
DOMAIN_LOOKUP
-
Information level
Required access
N/A
DOMAIN_LOOKUP
-
Information level
Required access
N/A
DOMAIN_LOOKUP
-
Information level
Required access
GroupGeneralInformation
GROUP_READ_INFORMATION
GroupNameInformation
GROUP_READ_INFORMATION
GroupAttributeInformation
GROUP_READ_INFORMATION
GroupAdminCommentInformation
GROUP_READ_INFORMATION
GroupReplicationInformation
GROUP_READ_INFORMATION
-
Information level
Required access
GroupNameInformation
GROUP_WRITE_ACCOUNT
GroupAttributeInformation
GROUP_WRITE_ACCOUNT
GroupAdminCommentInformation
GROUP_WRITE_ACCOUNT
-
Information level
Required access
N/A
GROUP_ADD_MEMBER
-
Information level
Required access
N/A
DELETE
-
Information level
Required access
N/A
GROUP_REMOVE_MEMBER
-
Information level
Required access
N/A
GROUP_LIST_MEMBERS
SamrSetMemberAttributesOfGroup
Information level
Required access
N/A
GROUP_ADD_MEMBER
-
Information level
Required access
N/A
DOMAIN_LOOKUP
-
Information level
Required access
AliasGeneralInformation
ALIAS_READ_INFORMATION
AliasNameInformation
ALIAS_READ_INFORMATION
AliasAdminCommentInformation
ALIAS_READ_INFORMATION
AliasReplicationInformation
ALIAS_READ_INFORMATION
-
Information level
Required access
AliasNameInformation
ALIAS_WRITE_ACCOUNT
AliasAdminCommentInformation
ALIAS_WRITE_ACCOUNT
-
Information level
Required access
N/A
DELETE
-
Information level
Required access
N/A
ALIAS_ADD_MEMBER
-
Information level
Required access
N/A
ALIAS_REMOVE_MEMBER
-
Information level
Required access
N/A
ALIAS_LIST_MEMBERS
-
Information level
Required access
N/A
DOMAIN_LOOKUP
-
Information level
Required access
N/A
DELETE
-
Information level
Required access
N/A
None checked
-
Information level
Required access
N/A
USER_LIST_GROUPS
-
Information level
Required access
N/A
DOMAIN_LIST_ACCOUNTS
SamrGetDisplayEnumerationIndex
SamrGetDisplayEnumerationIndex2
Information level
Required access
N/A
DOMAIN_LIST_ACCOUNTS
SamrRemoveMemberFromForeignDomain
Information level
Required access
N/A
DOMAIN_LOOKUP
-
Information level
Required access
N/A
ALIAS_ADD_MEMBER
SamrRemoveMultipleMembersFromAlias
Information level
Required access
N/A
ALIAS_REMOVE_MEMBER
-
Information level
Required access
N/A
None checked