security - LsaEnumerateAccountRights always returns "File not found" -

-

I call the Advaspi32.dll LSAEnumerateAccountRights function with a policy handle from LsaOpenPolicy and account SID by LookupAccountName.

However, as much as I can, I am always bringing back 0xC0000034 which gives me the translation after LSATTTTOVIN ARR, "The referenced file can not be found."

Which is not very good. My code handles this and using LSAAddAccountRights, the account goes on granting subsidy to SeServiceLogonRight, so I know that the policy handles and account SID are OK because it will exit because there was something wrong with either of them.

The end result is that it has the right right to the account which works for the code.

However, I am using it under the MSI Custom Action, to check that the account is correct and if it (or fails in the above) gives it correct And remember that he did it in the established state, if there is a rollback and it is appropriately added then it is removed, we never remove it in an uninstall because second app is the same domain That can be installed using they may we use the services.

Then the problem occurs when an MSI rollbacks - it will always remove as correct, it always thinks that it has added it. Therefore the rights to use LsaEnumerateAccountRights are checked for this - but I can not do it at work.

Any ideas - please note that I am using C # to expose Win32 functions with the Delimport attribute, and I am not the best Win32 programmer in the world to be the first C # Unix is!

I am still struggling with it, but it has broken down ...

Ignore the back, I now see that there is a clue in the MSDN documentation: "The account given by this function has the specified privileges directly through the user account, not as part of the group being a member . "

See:

An account SID from LSAOpenPolicy () and LookupAccountName () you said correctly.

If the username you entered was a group's name ("user", "administrator", etc.) then LsaEnumerateAccountRights () works fine and calculates all rights of the group.

If you call it on the username whose rights are fully received, the groups of which it is a member, then it 0xc0000034 (= Windows Error 2 - can not specify the system "file" ), Which means (now that we feel) "can not get additional rights assigned personally." It seems that the Windows Error 2 translation is a catch- "what you wanted was not found".

Now ... if you have entrates.exa, then run it ... for example:

ntrights + r SeNetworkLogonRight -u MyUserName

After that, LsaEnumerateAccountRights () works fine, returns without error, and returns a single right value, "SenhorLogNrite".


Comments

Post a Comment

Popular posts from this blog

asp.net - Javascript/DOM Why is does my form not support submit()? -

-
This is my first time working with asp.net and javascript, so I do not know very good web resources, or Much about javascript debugging I have to find out that on line oFormObject.submit (); Microsoft JScript Runtime Error: Object does not support this property or method I am using the link to work as a button because I am terrible in aesthetics and I think That link will look more professional than a table of 50 buttons. I have read that this solution can cause problems with browsers due to pre-rendering of my links and many additional traffic and problems, but CSS gives me a button like a link, which has issues of alignment and difference seemed to. & lt ;! DOCTYPE HTML PUBLIC "- // W3C // DTD HTML 4.01 // N" "http://www.w3.org/TR/html4/strict.dtd"> & Lt; Html xmlns = "http://www.w3.org/1999/xhtml" & gt; & Lt; Head & gt; & Lt; Link rel = "stylesheet" type = "text / css" href = "defect differen
Read more

sockets - Delphi: TTcpServer, connection reset when reading -

-
I am trying to implement one for Delphi, but there are some problems with communication. Fitnesse will start my process, and give me a portmember as a command line argument. Then I should make a socket on the port number given to me, and fitness will connect to that port I am using a TCPCP server for the job: < Pre> TcpServer1.LocalPort: = ParamStr (ParamCount); TcpServer1 Active: = true; On OnEXEPT () -Event, I send the protocol version to use as specified in the protocol. Process TForm1.TcpServer1Accept (From: TOBject; ClientSocket: TCustomIpClient); Var s: ansistring; Start clientSocket. Syndrome ('slim - v 0.0', # 10); SetLength (S, 6); ClientSketts Receavebook (S, 6); End; When I call ReceiveBuf (), the process ends, and fitness throws an exception: java.net.SocketException: connection Reset I have seen what sent and received. It shows that my code sends the protocol version, fitness sends back a message, and when I try to get this message
Read more

javascript - Classic ASP "ExecuteGlobal" statement acting differently on two servers -

-
I have a strange problem that I really do not know. In addition to developing a new ASP.NET site, I have to support the old "classic ASP" site. It is written in VBScript with a batch of JavaScript functions. Many of the JavaScript functions include 'files' Everything is fine on our production system (which security is controlled by another group - this is a military installation) Debugging them once did not work I). However, I have a fix for a vague bug that needs to be fully tested and some functions do not run under the "local" copy of the website that runs on my PC. For the record, I am running IIS 5.1 on XP. The problem is that some Javascript functions are running "OK" on the production server, but when they use it as a server, they are not defined on my PC what is happening that last Programmer, for some reason, has decided to put some functions in a series of files, which according to the observations, imitate the "need_once
Read more