3.1.4.5.7 LsarGetSystemAccessAccount (Opnum 23)

Article
09/20/2023

The LsarGetSystemAccessAccount method is invoked to retrieve system access account flags for an account object. System access account flags are described as part of the account object data model, as specified in section 3.1.1.3.

 NTSTATUS LsarGetSystemAccessAccount(
   [in] LSAPR_HANDLE AccountHandle,
   [out] unsigned long* SystemAccess
 );

AccountHandle: An open account object handle obtained from either LsarCreateAccount (section 3.1.4.5.1) or LsarOpenAccount (section 3.1.4.5.3).

SystemAccess: Used to return a bitmask of access flags associated with the account.

Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.

Return value/code	Description
0x00000000 STATUS_SUCCESS	The request was successfully completed.
0xC0000022 STATUS_ACCESS_DENIED	The caller does not have the permissions to perform this operation.
0xC0000008 STATUS_INVALID_HANDLE	AccountHandle is not a valid handle.

Return value/code

Description

0x00000000

STATUS_SUCCESS

The request was successfully completed.

0xC0000022

STATUS_ACCESS_DENIED

The caller does not have the permissions to perform this operation.

0xC0000008

STATUS_INVALID_HANDLE

AccountHandle is not a valid handle.

Processing:

This message takes two arguments:

AccountHandle: An open handle to an account object. If the handle is not a valid context handle to an account object or AccountHandle.HandleType does not equal "Account", the server MUST return STATUS_INVALID_HANDLE. The server MUST verify that AccountHandle grants access as specified in section 3.1.4.2.2 with RequiredAccess set to ACCOUNT_VIEW.

SystemAccess: Used to return a bitmask of system access bits.

Share via

3.1.4.5.7 LsarGetSystemAccessAccount (Opnum 23)

Additional resources