Act as part of the operating system

[Janaka]

I need to write a program to add an entry to Local Security Settings -> User Rights Assignment -> Act as part of the operating system.

There is user in the network called \\lol_dev\yapa I need to add it to the computer that I am running the program (\\lol_dev\janaka).

The code that I have written to do it is

VB Code:

#include "winNT.h"
#include "NTSecAPI.h"
#include "lm.h"
#include "assert.h"
#pragma hdrstop
#pragma comment( lib, "netapi32.lib" )
 
…
 
void CThirdDlg::AddUser() {
 
 
    //char localgroup_name[100];
    char domain_name[100];
    DWORD domname_len = 100;
    char psid_buffer[1024];
    PSID psid = (PSID) psid_buffer;
    DWORD sid_length = 1024;
 
    SID_NAME_USE acc_type;
 
 
    BOOL fRet =  LookupAccountName (NULL, "\\lol_dev\yapa", psid,
                  &sid_length, domain_name, &domname_len,
                  &acc_type);
    
    ASSERT(fRet != 0);
 
    LSA_HANDLE          hPolicy = GetPolicyHandle();
 
    
    LSA_UNICODE_STRING lsastrPrivs[1] = { 0 };
 
    //lsastrPrivs[0].Buffer = (PWSTR)SE_TCB_NAME;
    lsastrPrivs[0].Buffer = (PWSTR)SE_SYSTEMTIME_NAME;
    lsastrPrivs[0].Length = lstrlen((LPCSTR)lsastrPrivs[0].Buffer) * sizeof(WCHAR);
    lsastrPrivs[0].MaximumLength = lsastrPrivs[0].Length + sizeof(WCHAR);
 
    
    // this is the place I get the error
NTSTATUS ntStatus = LsaAddAccountRights(hPolicy, psid, lsastrPrivs, 1);
    ULONG lErr = LsaNtStatusToWinError(ntStatus);
    CString msg = "Success";
    if (lErr >0)
    {
        
        msg.Format("Error %d", lErr);
    }
    AfxMessageBox( msg);
 
}
 
#define TARGET_SYSTEM_NAME L"JANAKA"
 
 
LSA_HANDLE GetPolicyHandle()
{
  LSA_OBJECT_ATTRIBUTES ObjectAttributes;
  WCHAR SystemName[] = TARGET_SYSTEM_NAME;
  USHORT SystemNameLength;
  LSA_UNICODE_STRING lusSystemName;
  NTSTATUS ntsResult;
  LSA_HANDLE lsahPolicyHandle;
 
  // Object attributes are reserved, so initialize to zeroes.
  ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
 
  //Initialize an LSA_UNICODE_STRING to the server name.
  SystemNameLength = wcslen(SystemName);
  lusSystemName.Buffer = SystemName;
  lusSystemName.Length = SystemNameLength * sizeof(WCHAR);
  lusSystemName.MaximumLength = (SystemNameLength+1) * sizeof(WCHAR);
 
  // Get a handle to the Policy object.
  ntsResult = LsaOpenPolicy(
        &lusSystemName,    //Name of the target system.
        &ObjectAttributes, //Object attributes.
        POLICY_ALL_ACCESS, //Desired access permissions.
        &lsahPolicyHandle  //Receives the policy handle.
    );
 
  if (ntsResult != 0 )//STATUS_SUCCESS)
  {
    // An error occurred. Display it as a win32 error code.
    wprintf(L"OpenPolicy returned %lu\n",
      LsaNtStatusToWinError(ntsResult));
    return NULL;
  } 
  return lsahPolicyHandle;
}

when I run the program in the line

VB Code:

NTSTATUS ntStatus = LsaAddAccountRights(hPolicy, psid, lsastrPrivs, 1);

I get the error the error code is 1313
How do I fix it?

[parksie]

What does looking up code 1313 give you?

[CornedBee]

It's a security rights violation.

Are you sure you're running this app as an admin?

[Janaka]

yes i have admin rights.

I need to write a program to add an entry to Local Security Settings -> User Rights Assignment -> Act as part of the operating system.

I found these settings could be changed using Scripting Hosts too. Any idea about that?