XProfan

English

Description:

declared LsaRemoveAccountRights removes of a Account Privilegien, sofern it itself not circa Gruppenprivilegien deals. These function there only NT-based Windowssystemen. Privilegien go first to the renewed Einloggen the special Users from the Account removes.

Deklaration:

DEF @LsaRemoveAccountRights(5) !advapi32,LsaRemoveAccountRights

Parameter:

1.Parameter: With the LSAOpenPolicy sustained lever the Policy Objektes as Longint. the lever must with POLICY_LOOKUP_NAMES opened go.

2.Parameter: Memory-Variable with the SID the Accounts, from the The Privilegien removes go should.

3.Parameter: Flag the angibt, whether any Privilegien removes werdcen should. =>
·1 = any Privilegien go removes.
·0 = only The in Parameter 4 angegebenen Privilegien go removes.

4.Parameter: Bereichvariable with a aray from LSA_UNICODE_STRING Structures, The indicated over The To entfernenden Privilegien contains. =>
·byte 0-1 = The long the Strings in Bytes, on the byte 4-7 verweist.
·byte 2-3 = The length the Bereichs in Bytes, on the byte 4-7 verweist.
·byte 4-7 = discretionary, but enough large Memory-Variable with a String in the Unicode stature, the whom names one hinzuzufügenden Privilegs contains.
·byte 8-9 = The long the Strings in Bytes, on the byte 12-15 verweist.
·byte 10-11 = The length the Bereichs in Bytes, on the byte 12-15 verweist.
·byte 12-15 = discretionary, but enough large Memory-Variable with a String in the Unicode stature, the whom names one hinzuzufügenden Privilegs contains.
·etc...

5.Parameter: The Number of To entfernenden Privilegien from Parameter 4.

Return Value:

0 with success, otherwise one NT-status Error Code (LongInt), the with LsaNtStatusToWinError in a Systemfehlercode transformed go can.

Examples:

Compile Mark Separation

DEF @LsaOpenPolicy(4) !"advapi32","LsaOpenPolicy"
DEF @LsaClose(1) !"advapi32","LsaClose"
DEF @LsaNtStatusToWinError(1) !"advapi32","LsaNtStatusToWinError"
DEF @LsaRemoveAccountRights(5) !"advapi32","LsaRemoveAccountRights"
DEF @MultiByteToWideChar(6) !"kernel32","MultiByteToWideChar"
DEF @LookupAccountName(7) !"advapi32","LookupAccountNameA"
DEF @GetACP(0) !"kernel32","GetACP"
Declare Fehler&,UNICODE#,Attribut#,POLICY_Handle#
Declare Policy_Handle&,PrivilegSET#,PRIVILEG#
Declare SID#,DOMAIN#,SID_TYPE_INDICATOR#,DOMAIN#,Attribut#,ALLPRIVS#,COUNT#,SID#,DOMAINNAME_SIZE_ADDR#
Declare SYSTEM$,DOMAIN$,SID_Size#,Account$
Struct LSA_UNICODE_STRING=Length%,MaximumLength%,Buffer&
DIM UNICODE#,LSA_UNICODE_STRING
Clear UNICODE#
Struct LSA_OBJECT_ATTRIBUTES=Length&,RootDirectory&,Length%,MaximumLength%,Buffer&,Attributes&,SecurityDescriptor#(4),SecurityQualityOfService#(4)
DIM Attribut#,LSA_OBJECT_ATTRIBUTES
Clear Attribut#
DIM ALLPRIVS#,2000
DIM COUNT#,4
DIM DOMAIN#,256
DIM SID#,800
DIM SID_Size#,4
DIM DOMAINNAME_SIZE_ADDR#,4
DIM SID_TYPE_INDICATOR#,256
DIM POLICY_Handle#,4
DIM PRIVILEG#,100
DIM PrivilegSET#,100
Windowstyle 31
Windowtitle "Aus one Account the privilege to that Change the System-Time Remove."
Window 0,0-640,440
CLEAR SID#,DOMAIN#,SID_TYPE_INDICATOR#,DOMAIN#,Attribut#,ALLPRIVS#,COUNT#,SID#,DOMAINNAME_SIZE_ADDR#
Long SID_Size#,0=800
LONG DOMAINNAME_SIZE_ADDR#,0=255
LET SYSTEM$=""
LET ACCOUNT$=@input$("Accountnamen prompt (no Alias):","Account","Gast")
LET Fehler&=@LookupAccountName(@ADDR(system$),@addr(ACCOUNT$),SID#,SID_Size#,DOMAIN#,DOMAINNAME_SIZE_ADDR#,SID_TYPE_INDICATOR#)
Print "Rückmeldung of LookupAccountName="+@STR$(Fehler&)

If Fehler&=1

    LET Fehler&=@LsaOpenPolicy(0,Attribut#,$10 | $0800,POLICY_Handle#)
    Print "Rückmeldung of LsaOpenPolicy="+@STR$(Fehler&)
    Let Fehler&=@LsaNtStatusToWinError(Fehler&)
    PRINT "LsaOpenPolicy feedback transformed in windows Fehlercode="+@STR$(Fehler&)
    LET Policy_Handle&=@LONG(POLICY_Handle#,0)
    Print "Geliefertes Handle="+@STR$(Policy_Handle&)

    IF Fehler&=0

        CLEAR UNICODE#,PrivilegSET#,PRIVILEG#
        STRING PrivilegSET#,0="SeSystemtimePrivilege"
        LET Fehler&=@MultiByteToWideChar(@GetACP(),0,PRIVILEGSET#,-1,PRIVILEG#,100)
        Print "Rückmeldung of MultiByteToWideChar="+@STR$(Fehler&)
        UNICODE#.Buffer&=PRIVILEG#
        UNICODE#.Length%=@LEN("SeSystemtimePrivilege")*2
        UNICODE#.MaximumLength%=100
        LET Fehler&=@LsaRemoveAccountRights(Policy_Handle&,SID#,0,UNICODE#,1)
        Print "Rückmeldung of LsaRemoveAccountRights="+@STR$(Fehler&)
        Let Fehler&=@LsaNtStatusToWinError(Fehler&)
        PRINT "LsaRemoveAccountRights feedback transformed in windows Fehlercode="+@STR$(Fehler&)
        LET Fehler&=@LsaClose(Policy_Handle&,0)
        Print "Rückmeldung of LsaClose="+@STR$(Fehler&)
        Let Fehler&=@LsaNtStatusToWinError(Fehler&)
        PRINT "LsaClose feedback transformed in windows Fehlercode="+@STR$(Fehler&)

    Endif

endif

Dispose POLICY_Handle#
Dispose ALLPRIVS#
Dispose COUNT#
Dispose DOMAIN#
Dispose SID#
Dispose SID_Size#
Dispose DOMAINNAME_SIZE_ADDR#
Dispose SID_TYPE_INDICATOR#
Dispose POLICY_Handle#
Dispose PRIVILEG#
Dispose PrivilegSET#

While 0=0

    Waitinput

Wend