如何以编程方式添加用户帐户策略?
我使用 API NetUserAdd 和 NetUserSetGroups 添加用户帐户并将其与计算机的组关联。不久之后,我发现一个示例能够使用 System.DirectoryServices 命名空间和 DirectoryEntry 对象执行相同的操作(添加用户,将他与组关联)。
现在我需要向该新帐户添加策略并面临类似的问题。我可以使用 LsaOpenPolicy 和 LsaAddAccountRights API 向帐户添加策略,但我更喜欢使用 .NET 对象和方法。
我的问题是,.NET 框架中是否有对象方法来添加和/或修改用户帐户策略设置,如果有,这些对象或方法的名称是什么?
另外,如果有一个使用示例,我们将不胜感激。
具体来说,我希望将“SeServiceLogonRight”(也称为“作为服务登录”权限)添加到新用户帐户。
I was using the APIs NetUserAdd and NetUserSetGroups to add a user account and associate it with a group to a computer. Not much later I found an example capable of doing the same thing (adding a user, associating him with a group) using System.DirectoryServices namespace and DirectoryEntry object.
Now I need to add policies to that new account and am faced with a similar problem. I can use the LsaOpenPolicy and LsaAddAccountRights APIs to add a policy to and account, but I'd prefer to use .NET objects and methods.
My question, is/are there object methods in the .NET framework to add and/or modify user account policy settings, and if so what are the names of those objects or methods?
Also an example of usage would be appreciated.
Specifically, I am looking to add the "SeServiceLogonRight", otherwise known as the log in as a service right, to a new user account.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不,我不相信当前的任何 .net 程序集都实现了这些方法。这些是我在 Fx 2.0、3.0 和 3.5 程序集中找到的唯一具有 DllImportAttribute 和名称 /Lsa.+/
[mscorlib] 的 方法
Microsoft.Win32.Win32Native.LsaNtStatusToWinError
Microsoft.Win32.Win32Native.LsaDeregisterLogonProcess
Microsoft.Win32.Win32Native.LsaClose
Microsoft.Win32.Win32Native.LsaFreeReturnBuffer
Microsoft.Win32.Win32Native.LsaLookupSids
Microsoft.Win32.Win32Native.LsaFreeMemory
Microsoft.Win32.Win32Native.LsaLookupNames
Microsoft.Win32.Win32Native.LsaOpenPolicy
Microsoft.Win32.Win32Native.LsaLogonUser
Microsoft.Win32.Win32Native.LsaLookupAuthenticationPackage
Microsoft.Win32.Win32Native.LsaRegisterLogonProcess
Microsoft.Win32.Win32Native.LsaLookupNames2
Microsoft.Win32.Win32Native.LsaConnectUntrusted
Microsoft.Win32.Win32Native.LsaGetLogonSessionData
也就是说,有人为这些函数编写了托管包装器。 http://www.hightechtalks.com/csharp/lsa-functions-276626。 html
Codeproject 上还有一篇很棒的文章,LSA Functions - Privileges and Impersonation
http://www.codeproject.com/KB/cs/lsadotnet.aspx
No, I do not believe any of the current .net Assemblies implement those methods. These are the only methods I found in the Fx 2.0, 3.0, and 3.5 assemblies with a DllImportAttribute, and a name /Lsa.+/
[mscorlib]
Microsoft.Win32.Win32Native.LsaNtStatusToWinError
Microsoft.Win32.Win32Native.LsaDeregisterLogonProcess
Microsoft.Win32.Win32Native.LsaClose
Microsoft.Win32.Win32Native.LsaFreeReturnBuffer
Microsoft.Win32.Win32Native.LsaLookupSids
Microsoft.Win32.Win32Native.LsaFreeMemory
Microsoft.Win32.Win32Native.LsaLookupNames
Microsoft.Win32.Win32Native.LsaOpenPolicy
Microsoft.Win32.Win32Native.LsaLogonUser
Microsoft.Win32.Win32Native.LsaLookupAuthenticationPackage
Microsoft.Win32.Win32Native.LsaRegisterLogonProcess
Microsoft.Win32.Win32Native.LsaLookupNames2
Microsoft.Win32.Win32Native.LsaConnectUntrusted
Microsoft.Win32.Win32Native.LsaGetLogonSessionData
That said, someone wrote a managed wrapper on these functions. http://www.hightechtalks.com/csharp/lsa-functions-276626.html
There is also a great article on Codeproject, LSA Functions - Privileges and Impersonation
http://www.codeproject.com/KB/cs/lsadotnet.aspx