RE: Local security getting overwritten
- From: jetan@xxxxxxxxxxxxxxxxxxxx ("Jeffrey Tan[MSFT]")
- Date: Tue, 23 May 2006 02:24:50 GMT
Hi Scott,
Thanks for your post!
I am not sure I understand you completely.
Based on my understanding, your sever application running account's 'Log on
as batch job' right is overwritten by the domain policy.
Do you want to programmatically assign 'Log on as batch job' right to the
sever application running account? If so, the domain policy will still
reapply the Global Policy and overwrite your setting again. Do you feel
comfortable regarding this design?
To operate LSA programmatically, you can use LSA API just as you found.
More specifically, you can use LsaAddAccountRights API to add the
permission. Please refer to the 2 articles below:
"Managing Account Permissions"
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmgmt/sec
urity/managing_account_permissions.asp
"How To Manage User Privileges Programmatically in Windows NT"
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q132958&;
If you want to do it in .Net, the article below gives you a sample:
"LSA Functions - Privileges and Impersonation"
http://www.thecodeproject.com/csharp/lsadotnet.asp
Hope this helps!
Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Prev by Date: RE: AzMan Access Check
- Next by Date: Re: AzMan Access Check
- Previous by thread: CryptUIDlgViewCertificate add propertypages
- Next by thread: RE: Local security getting overwritten
- Index(es):
