LsaAddAccountRights not working for me

Posted by SteveL on Stack Overflow See other posts from Stack Overflow or by SteveL
Published on 2010-12-22T16:46:28Z Indexed on 2010/12/22 17:54 UTC
Read the original article Hit count: 299

Filed under:

winapi

Using: Delphi 2010 and the JEDI Windows API and JWSCL

I am trying to assign the Logon As A Service privilege to a user using LsaAddAccountRights function but it does not work ie. after the function returns, checking in Group Policy Editor shows that the user still does not have the above mentioned privilege.

I'm running the application on Windows XP.

Would be glad if someone could point out what is wrong in my code:

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, JwaWindows, JwsclSid;

type
  TForm1 = class(TForm)
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

function AddPrivilegeToAccount(AAccountName, APrivilege: String): DWORD;
var
  lStatus: TNTStatus;
  lObjectAttributes: TLsaObjectAttributes;
  lPolicyHandle: TLsaHandle;
  lPrivilege: TLsaUnicodeString;
  lSid: PSID;
  lSidLen: DWORD;
  lTmpDomain: String;
  lTmpDomainLen: DWORD;
  lTmpSidNameUse: TSidNameUse;
  lPrivilegeWStr: String;
begin
  ZeroMemory(@lObjectAttributes, SizeOf(lObjectAttributes));
  lStatus := LsaOpenPolicy(nil, lObjectAttributes, POLICY_LOOKUP_NAMES, lPolicyHandle);

  if lStatus <> STATUS_SUCCESS then begin
    Result := LsaNtStatusToWinError(lStatus);
    Exit;
  end;

  try
    lTmpDomainLen := DNLEN; // In 'clear code' this should be get by LookupAccountName
    SetLength(lTmpDomain, lTmpDomainLen);

    lSidLen := SECURITY_MAX_SID_SIZE;
    GetMem(lSid, lSidLen);
    try
      if LookupAccountName(nil, PChar(AAccountName), lSid, lSidLen, PChar(lTmpDomain),
        lTmpDomainLen, lTmpSidNameUse) then begin
        lPrivilegeWStr := APrivilege;

        lPrivilege.Buffer := PChar(lPrivilegeWStr);
        lPrivilege.Length := Length(lPrivilegeWStr) * SizeOf(Char);
        lPrivilege.MaximumLength := lPrivilege.Length;

        lStatus := LsaAddAccountRights(lPolicyHandle, lSid, @lPrivilege, 1);
        Result := LsaNtStatusToWinError(lStatus);
      end
      else
        Result := GetLastError;
    finally
      FreeMem(lSid);
    end;
  finally
    LsaClose(lPolicyHandle);
  end;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
  AddPrivilegeToAccount('Sam', 'SeServiceLogonRight');
end;

end.

Thanks in advance.

Developer IT

LsaAddAccountRights not working for me - Developer IT

LsaAddAccountRights not working for me

delphi

winapi

Related posts about delphi

TVirtualStringTree compatibility between Delphi 7 and Delphi 2010 - 'Parameter lists differ'

Convert Delphi 7 code to work with Delphi 2009

Book recommendation for moving from Delphi 6 to Delphi 2010

Compile Delphi component package (bpl) for different Delphi versions

Delphi Speech recognition delphi

Related posts about winapi

C: WinAPI CreateDIBitmap() from byte[] problem

mouse_event WinAPI call not working when cursor is over Flash

Custom form designer, move/resize controls using WinAPI

winapi c - read/write mbr of system drive

How to use WINAPI from newer SDK but still using the old SDK in WindowsMobile.

Categories cloud