2004-12-18 02:34:43 +00:00
|
|
|
/*++
|
|
|
|
|
|
|
|
|
|
Copyright 1996 - 1997 Microsoft Corporation
|
|
|
|
|
|
|
|
|
|
Module Name:
|
|
|
|
|
|
|
|
|
|
privs.c
|
|
|
|
|
|
|
|
|
|
Abstract:
|
|
|
|
|
|
|
|
|
|
This module illustrates how to use the Windows NT LSA security API
|
|
|
|
|
to manage account privileges on the local or a remote machine.
|
|
|
|
|
|
|
|
|
|
When targetting a domain controller for privilege update operations,
|
|
|
|
|
be sure to target the primary domain controller for the domain.
|
|
|
|
|
The privilege settings are replicated by the primary domain controller
|
|
|
|
|
to each backup domain controller as appropriate. The NetGetDCName()
|
|
|
|
|
Lan Manager API call can be used to get the primary domain controller
|
|
|
|
|
computer name from a domain name.
|
|
|
|
|
|
|
|
|
|
For a list of privilges, consult winnt.h, and search for
|
|
|
|
|
SE_ASSIGNPRIMARYTOKEN_NAME.
|
|
|
|
|
|
|
|
|
|
For a list of logon rights, which can also be assigned using this
|
|
|
|
|
sample code, consult ntsecapi.h, and search for SE_BATCH_LOGON_NAME
|
|
|
|
|
|
|
|
|
|
You can use domain\account as argv[1]. For instance, mydomain\scott will
|
|
|
|
|
grant the privilege to the mydomain domain account scott.
|
|
|
|
|
|
|
|
|
|
The optional target machine is specified as argv[2], otherwise, the
|
|
|
|
|
account database is updated on the local machine.
|
|
|
|
|
|
|
|
|
|
The LSA APIs used by this sample are Unicode only.
|
|
|
|
|
|
|
|
|
|
Use LsaRemoveAccountRights() to remove account rights.
|
|
|
|
|
|
|
|
|
|
Author:
|
|
|
|
|
|
|
|
|
|
Scott Field (sfield) 17-Apr-96
|
|
|
|
|
Minor cleanup
|
|
|
|
|
|
|
|
|
|
Scott Field (sfield) 12-Jul-95
|
|
|
|
|
|
|
|
|
|
--*/
|
|
|
|
|
|
2005-03-03 11:08:38 +00:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
|
2004-12-18 02:34:43 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
OpenPolicy(
|
|
|
|
|
LPWSTR ServerName, // machine to open policy on (Unicode)
|
|
|
|
|
DWORD DesiredAccess, // desired access to policy
|
|
|
|
|
PLSA_HANDLE PolicyHandle // resultant policy handle
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
BOOL
|
|
|
|
|
GetAccountSid(
|
2005-03-03 11:08:38 +00:00
|
|
|
LPCTSTR SystemName, // where to lookup account
|
|
|
|
|
LPCTSTR AccountName, // account of interest
|
2004-12-18 02:34:43 +00:00
|
|
|
PSID *Sid // resultant buffer containing SID
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
|
SetPrivilegeOnAccount(
|
|
|
|
|
LSA_HANDLE PolicyHandle, // open policy handle
|
|
|
|
|
PSID AccountSid, // SID to grant privilege to
|
|
|
|
|
LPWSTR PrivilegeName, // privilege to grant (Unicode)
|
|
|
|
|
BOOL bEnable // enable or disable
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
InitLsaString(
|
|
|
|
|
PLSA_UNICODE_STRING LsaString, // destination
|
|
|
|
|
LPWSTR String // source (Unicode)
|
|
|
|
|
);
|
|
|
|
|
|
- WINSETUP: Hide the 'boinc_master' and 'boinc_project' user profiles after
the accounts have been created.
- WINSETUP: Return the user rights to a known good state for 'boinc_master',
'boinc_project', 'boinc_admins', 'boinc_users', and 'boinc_projects'.
win_build/installerv2/redist/Windows/src/boinccas/
boinccas.cpp
boinccas.def
boinccas.vcproj
CAGrantBOINCAdminsRights.cpp, .h (Added)
CAGrantBOINCMasterRights.cpp
CAGrantBOINCProjectRights.cpp
CAGrantBOINCProjectsRights.cpp, .h (Added)
CAGrantBOINCUsersRights.cpp, .h (Added)
CAHideBOINCMasterProfile.cpp, .h (Added)
CAHideBOINCProjectProfile.cpp, .h (Added)
lsaprivs.cpp, .h
win_build/installerv2/redist/Windows/Win32/
boinccas.dll
boinccas95.dll
svn path=/trunk/boinc/; revision=14964
2008-03-27 17:43:27 +00:00
|
|
|
BOOL
|
|
|
|
|
GrantUserRight(
|
|
|
|
|
PSID psidAccountSid,
|
|
|
|
|
LPWSTR pszUserRight,
|
|
|
|
|
BOOL bEnable
|
|
|
|
|
);
|
