184.108.40.206.2 LsarLookupPrivilegeValue (Opnum 31)
The LsarLookupPrivilegeValue method is invoked to map the name of a privilege into a locally unique identifier (LUID) by which the privilege is known on the server. The locally unique value of the privilege can then be used in subsequent calls to other methods, such as LsarAddPrivilegesToAccount.
NTSTATUS LsarLookupPrivilegeValue( [in] LSAPR_HANDLE PolicyHandle, [in] PRPC_UNICODE_STRING Name, [out] PLUID Value );
Name: A string containing the name of a privilege.
Value: Used to return a LUID assigned by the server to the privilege by this name.
Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.
The request was successfully completed.
The caller does not have the permissions to perform this operation.
One or more of the supplied parameters was invalid.
The privilege name is not recognized by the server.
PolicyHandle is not a valid handle.
This message takes three arguments:
PolicyHandle: An open handle to the policy object. If the handle is not a valid context handle to the policy object or PolicyHandle.HandleType does not equal "Policy", the server MUST return STATUS_INVALID_HANDLE. The server MUST verify that PolicyHandle grants access as specified in section 220.127.116.11.2 with RequiredAccess set to POLICY_LOOKUP_NAMES.
Name: The string name of the privilege.
Value: Used to return the LUID corresponding to the Name argument.
If the value in the Name argument is not recognized by the server, the server MUST fail the request with STATUS_NO_SUCH_PRIVILEGE. The privileges recognized by the server are specified in section 18.104.22.168.1.