Remember that users have the right to logon interactively by default.  The
denial of interactive logon is added to accounts that do not have
interactive logon rights.  If an account has interactive logon rights it
may have no enumerable rights.

LsaEnumerateAccountRights is returning "record not found"?  How?

On Mon, 8 Jan 2007 12:15:39 -0800, Mont Rothstein
<[EMAIL PROTECTED]> wrote:

>I made some progress but then I got stuck.
>
>I used the LSA Functions project from CodeProject as a starting point and
>added the ability to call LsaEnumerateAccountRights.
>
>This successfully returns any rights that I have added via
>LsaAddAccountRights.  However, that is all that it shows.  Any accounts
that
>I have not added privileges via LsaAddAccountRights return "record not
>found".
>
>That would be fine if I needed to add and verify rights but I need to
>determine what already has interactive login rights.
>
>Any ideas what I might have done wrong?
>
>I can post the code but all I did was to take the policyHandle as returned
>by LsaOpenPolicy and pass it along with the sid to
>LsaEnumerateAccountRights.

===================================
This list is hosted by DevelopMentorĀ®  http://www.develop.com

View archives and manage your subscription(s) at http://discuss.develop.com

Reply via email to