Remember that users have the right to logon interactively by default. The denial of interactive logon is added to accounts that do not have interactive logon rights. If an account has interactive logon rights it may have no enumerable rights.
LsaEnumerateAccountRights is returning "record not found"? How? On Mon, 8 Jan 2007 12:15:39 -0800, Mont Rothstein <[EMAIL PROTECTED]> wrote: >I made some progress but then I got stuck. > >I used the LSA Functions project from CodeProject as a starting point and >added the ability to call LsaEnumerateAccountRights. > >This successfully returns any rights that I have added via >LsaAddAccountRights. However, that is all that it shows. Any accounts that >I have not added privileges via LsaAddAccountRights return "record not >found". > >That would be fine if I needed to add and verify rights but I need to >determine what already has interactive login rights. > >Any ideas what I might have done wrong? > >I can post the code but all I did was to take the policyHandle as returned >by LsaOpenPolicy and pass it along with the sid to >LsaEnumerateAccountRights. =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com