3.1.4.5.5 LsarAddPrivilegesToAccount (Opnum 19)
The LsarAddPrivilegesToAccount method is invoked to add new privileges to an existing account object.
-
NTSTATUS LsarAddPrivilegesToAccount( [in] LSAPR_HANDLE AccountHandle, [in] PLSAPR_PRIVILEGE_SET Privileges );
AccountHandle: An open account object handle obtained from either LsarCreateAccount (section 3.1.4.5.1) or LsarOpenAccount (section 3.1.4.5.3).
Privileges: Contains a list of privileges to add to the account.
Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.
-
Return value/code
Description
0x00000000
STATUS_SUCCESS
The request was successfully completed.
0xC0000022
STATUS_ACCESS_DENIED
The caller does not have permissions to perform this operation.
0xC000000D
STATUS_INVALID_PARAMETER
Some of the parameters supplied were invalid.
0xC0000008
STATUS_INVALID_HANDLE
AccountHandle is not a valid handle.
Processing:
This message takes two arguments:
AccountHandle: An open handle to an account object. If the handle is not a valid context handle to an account object or AccountHandle.HandleType does not equal "Account", the server MUST return STATUS_INVALID_HANDLE. The server MUST verify that AccountHandle grants access as specified in section 3.1.4.2.2 with RequiredAccess set to ACCOUNT_ADJUST_PRIVILEGES.
Privileges: A set of privileges to add to an account. Each privilege is a LUID-Attributes pair where the Luid field MUST match a LUID of a privilege on the server. The attributes replace any attributes of the privilege if one was associated with the account previously. Any LUID not recognized as valid by the server SHOULD cause the message to be rejected with STATUS_INVALID_PARAMETER.<71>