我从 PINVOKE.NET 获得了完整的 LSA 代码来执行所有 LSA 调用。ret = Win32Sec.LsaAddAccountRights(lsaHandle, pSid, privileges, 1);只有当我尝试设置时,它的值才是3221225485 SeAssignPrimaryTokenPrivilege。
public void AddPrivileges(string account, string privilege)
{
uint ret = 0;
IntPtr pSid = GetSIDInformation(account);
LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1];
privileges[0] = InitLsaString(privilege);
ret = Win32Sec.LsaAddAccountRights(lsaHandle, pSid, privileges, 1);
try
{
if (ret == 0)
{
if (this._writeToConsole)
{
//Console.WriteLine("Added: {0} to {1} successfully.", account, privilege);
LSA.WriteError("LsaWrapper::AddPrivleges", String.Format("Added: {0} to {1} successfully.", account, privilege), 0);
}
return;
}
if (ret == STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
if ((ret == STATUS_INSUFFICIENT_RESOURCES) || (ret == STATUS_NO_MEMORY))
{
throw new OutOfMemoryException();
}
throw new Win32Exception(Win32Sec.LsaNtStatusToWinError((int)ret));
}
catch (Exception er)
{
string msg = "\r\nSource:\r\n\t" + er.Source + "\r\n" +
"Stack trace:\r\n\t" + er.StackTrace + "\r\n" +