info
Google Groepen ondersteunt geen nieuwe Usenet-berichten of -abonnementen meer. Historische content blijft zichtbaar.
Dismiss
LookupAccountName() fails with "Access Denied" in some very specific cases only
8 weergaven
Naar het eerste ongelezen bericht
Stephane Barizien
6 jun 2008, 10:43:0606-06-2008
aan
On SOME of our domain hosts ONLY, when a process running on machine under
the system account (during a boot-time GPO) asks the DC for the SID for the
computer's account (i.e., DOMAIN\HOSTNAME$) using the LookupAccountName()
API, this fails with error 5, i.e. "Access Denied"...
the system account (during a boot-time GPO) asks the DC for the SID for the
computer's account (i.e., DOMAIN\HOSTNAME$) using the LookupAccountName()
API, this fails with error 5, i.e. "Access Denied"...
(FWIW this LookupAccountName() call actually occurs within the invocation of
SETACL.EXE)
Any clue?
If the answer is to switch to LsaLookupNames2(), where can I find sample C++
code to use that API (I'm especially worried about the "Policy Handle"
stuff...)
0 nieuwe berichten