开发者

How do you add user account policies programmatically?

开发者 https://www.devze.com 2022-12-19 11:02 出处:网络
I was using the APIs NetUserAdd and NetUserSetGroups to add a user account and associate it with a group to a computer. Not much later I found an example capable of doing the same thing (adding a user

I was using the APIs NetUserAdd and NetUserSetGroups to add a user account and associate it with a group to a computer. Not much later I found an example capable of doing the same thing (adding a user, associating him with a group) using System.DirectoryServices namespace and DirectoryEntry object.

Now I need to add policies to that new account and am faced with a similar problem. I can use the LsaOpenPolicy and LsaAddAccou开发者_如何学CntRights APIs to add a policy to and account, but I'd prefer to use .NET objects and methods.

My question, is/are there object methods in the .NET framework to add and/or modify user account policy settings, and if so what are the names of those objects or methods?

Also an example of usage would be appreciated.

Specifically, I am looking to add the "SeServiceLogonRight", otherwise known as the log in as a service right, to a new user account.


No, I do not believe any of the current .net Assemblies implement those methods. These are the only methods I found in the Fx 2.0, 3.0, and 3.5 assemblies with a DllImportAttribute, and a name /Lsa.+/

[mscorlib] Microsoft.Win32.Win32Native.LsaNtStatusToWinError Microsoft.Win32.Win32Native.LsaDeregisterLogonProcess Microsoft.Win32.Win32Native.LsaClose Microsoft.Win32.Win32Native.LsaFreeReturnBuffer Microsoft.Win32.Win32Native.LsaLookupSids Microsoft.Win32.Win32Native.LsaFreeMemory Microsoft.Win32.Win32Native.LsaLookupNames Microsoft.Win32.Win32Native.LsaOpenPolicy Microsoft.Win32.Win32Native.LsaLogonUser Microsoft.Win32.Win32Native.LsaLookupAuthenticationPackage Microsoft.Win32.Win32Native.LsaRegisterLogonProcess Microsoft.Win32.Win32Native.LsaLookupNames2 Microsoft.Win32.Win32Native.LsaConnectUntrusted
Microsoft.Win32.Win32Native.LsaGetLogonSessionData

That said, someone wrote a managed wrapper on these functions. http://www.hightechtalks.com/csharp/lsa-functions-276626.html

There is also a great article on Codeproject, LSA Functions - Privileges and Impersonation http://www.codeproject.com/KB/cs/lsadotnet.aspx

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号