I found this:

1. Open the policy on the target machine with LsaOpenPolicy(). To grant privileges, open the policy with POLICY_CREATE_ACCOUNT and POLICY_LOOKUP_NAMES access. To revoke privileges, open the policy with POLICY_LOOKUP_NAMES access.
2. Obtain a SID (security identifier) representing the user/group of interest. The LookupAccountName() and LsaLookupNames() APIs can obtain a SID from an account name.
3. Call LsaAddAccountRights() to grant privileges to the user(s) represented by the supplied SID.
4. Call LsaRemoveAccountRights() to revoke privileges from the user(s) represented by the supplied SID.
5. Close the policy with LsaClose().



Private Declare Function LsaOpenPolicy Lib "Advapi32.dll" (ByRef Sname As String, ByRef ObjName As LSA_OBJECT_ATTRIBUTES, POLICY_VIEW_LOCAL_INFORMATION, PHandle As LSA_HANDLE) As Long


That's the best i can get. I haven't been able to find any examples or get that API call working. I'm hoping it's the correct one. I have however found that a lot of people also couldn't get it working too!