UID | title | description | helpviewer_keywords | old-location | tech.root | ms.assetid | ms.date | ms.keywords | req.header | req.include-header | req.target-type | req.target-min-winverclnt | req.target-min-winversvr | req.kmdf-ver | req.umdf-ver | req.ddi-compliance | req.unicode-ansi | req.idl | req.max-support | req.namespace | req.assembly | req.type-library | req.lib | req.dll | req.irql | targetos | req.typenames | req.redist | ms.custom | f1_keywords | dev_langs | topic_type | api_type | api_location | api_name | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
NF:ntsecapi.LsaRemoveAccountRights |
LsaRemoveAccountRights function (ntsecapi.h) |
Removes one or more privileges from an account. |
|
security\lsaremoveaccountrights.htm |
security |
ad250a01-7a24-4fae-975c-aa3e65731c82 |
12/05/2018 |
LsaRemoveAccountRights, LsaRemoveAccountRights function [Security], _lsa_lsaremoveaccountrights, ntsecapi/LsaRemoveAccountRights, security.lsaremoveaccountrights |
ntsecapi.h |
Windows |
Windows XP [desktop apps only] |
Windows Server 2003 [desktop apps only] |
Advapi32.lib |
Advapi32.dll |
Windows |
19H1 |
|
|
|
|
|
|
The LsaRemoveAccountRights function removes one or more privileges from an account. You can specify the privileges to be removed, or you can set a flag to remove all privileges. When you remove all privileges, the function deletes the account. If you specify privileges not held by the account, the function ignores them.
A handle to a Policy object. The handle must have the POLICY_LOOKUP_NAMES access right. For more information, see Opening a Policy Object Handle.
Pointer to the security identifier (SID) of the account from which the privileges are removed.
If TRUE, the function removes all privileges and deletes the account. In this case, the function ignores the UserRights parameter. If FALSE, the function removes the privileges specified by the UserRights parameter.
Pointer to an array of LSA_UNICODE_STRING structures. Each structure contains the name of a privilege to be removed from the account. For a list of privilege names, see Privilege Constants.
Specifies the number of elements in the UserRights array.
If the function succeeds, the return value is STATUS_SUCCESS.
If the function fails, the return value is an NTSTATUS code, which can be one of the following values or one of the LSA Policy Function Return Values.
Value | Description |
---|---|
|
One of the privilege names is not valid. |
|
Indicates the UserRights parameter was NULL and the AllRights parameter was FALSE. |
You can use the LsaNtStatusToWinError function to convert the NTSTATUS code to a Windows error code.