I was using the APIs NetUserAdd and NetUserSetGroups to add a user account and associate it with a group to a computer. Not much later I found an example capable of doing the same thing (adding a user, associating him with a group) using System.DirectoryServices
namespace and DirectoryEntry
object.
Now I need to add policies to that new account and am faced with a similar problem. I can use the LsaOpenPolicy
and LsaAddAccou开发者_如何学CntRights
APIs to add a policy to and account, but I'd prefer to use .NET objects and methods.
My question, is/are there object methods in the .NET framework to add and/or modify user account policy settings, and if so what are the names of those objects or methods?
Also an example of usage would be appreciated.
Specifically, I am looking to add the "SeServiceLogonRight", otherwise known as the log in as a service right, to a new user account.
No, I do not believe any of the current .net Assemblies implement those methods. These are the only methods I found in the Fx 2.0, 3.0, and 3.5 assemblies with a DllImportAttribute, and a name /Lsa.+/
[mscorlib]
Microsoft.Win32.Win32Native.LsaNtStatusToWinError
Microsoft.Win32.Win32Native.LsaDeregisterLogonProcess
Microsoft.Win32.Win32Native.LsaClose
Microsoft.Win32.Win32Native.LsaFreeReturnBuffer
Microsoft.Win32.Win32Native.LsaLookupSids
Microsoft.Win32.Win32Native.LsaFreeMemory
Microsoft.Win32.Win32Native.LsaLookupNames
Microsoft.Win32.Win32Native.LsaOpenPolicy
Microsoft.Win32.Win32Native.LsaLogonUser
Microsoft.Win32.Win32Native.LsaLookupAuthenticationPackage
Microsoft.Win32.Win32Native.LsaRegisterLogonProcess
Microsoft.Win32.Win32Native.LsaLookupNames2
Microsoft.Win32.Win32Native.LsaConnectUntrusted
Microsoft.Win32.Win32Native.LsaGetLogonSessionData
That said, someone wrote a managed wrapper on these functions. http://www.hightechtalks.com/csharp/lsa-functions-276626.html
There is also a great article on Codeproject, LSA Functions - Privileges and Impersonation http://www.codeproject.com/KB/cs/lsadotnet.aspx
精彩评论