Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
LookupAccountName() fails with "Access Denied" in some very specific cases only
65 views
Skip to first unread message
Stephane Barizien
Jun 6, 2008, 10:43:06 AM6/6/08
to
On SOME of our domain hosts ONLY, when a process running on machine under
the system account (during a boot-time GPO) asks the DC for the SID for the
computer's account (i.e., DOMAIN\HOSTNAME$) using the LookupAccountName()
API, this fails with error 5, i.e. "Access Denied"...
the system account (during a boot-time GPO) asks the DC for the SID for the
computer's account (i.e., DOMAIN\HOSTNAME$) using the LookupAccountName()
API, this fails with error 5, i.e. "Access Denied"...
(FWIW this LookupAccountName() call actually occurs within the invocation of
SETACL.EXE)
Any clue?
If the answer is to switch to LsaLookupNames2(), where can I find sample C++
code to use that API (I'm especially worried about the "Policy Handle"
stuff...)
0 new messages