Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
Security Management
Security Management Functions

This section contains topics for the following groups of functions:

Attachment Callback Functions

The following support functions are provided by the Security Configuration tool set and may be used by attachment engines and extension snap-ins to read and write configuration data.

Callback functionDescription
PFSCE_FREE_INFOUsed to free memory allocated by these support functions.
PFSCE_LOG_INFOUsed to log message to the configuration log file or analysis log file.
PFSCE_QUERY_INFOUsed to query the configuration and analysis information for a specific service.
PFSCE_SET_INFOUsed to set configuration and analysis information for a specific service.

Attachment Engine Functions

FunctionDescription
SceSvcAttachmentAnalyzeImplemented by the attachment engine DLL. The Security Configuration Engine calls this function when the system is analyzed.
SceSvcAttachmentConfigImplemented by the attachment engine DLL. The Security Configuration Engine calls this function when the system is configured.
SceSvcAttachmentUpdateImplemented by the attachment engine DLL. The Security Configuration Engine calls this function when it receives a configuration update request from the attachment snap-in extension.

LSA Policy Functions

The following topics provide reference information for the Local Security Authority (LSA) Policy functions.

TopicDescription
Policy FunctionsDetails functions used to open the local Policy object and to set or retrieve global policy information.
Account FunctionsDetails functions used to manage account permissions and to create and delete user accounts.
Trusted Domain FunctionsDetails functions used to create and delete trusted domain relationships and to set and retrieve information about those trusted domains.
Private Data FunctionsDo not use the LSA private data functions. Instead, use the CryptProtectData and CryptUnprotectData functions.
Miscellaneous FunctionsDetails functions not described elsewhere.

Policy Functions

The following functions enumerate user accounts and trusted domains, receive policy change notifications, and lookup account names and SIDs.

FunctionDescription
LsaEnumerateAccountsWithUserRightEnumerates all the accounts that have a specified user permission.
LsaEnumerateTrustedDomainsEnumerates the trusted domains.
LsaEnumerateTrustedDomainsExEnumerates the trusted domains. This function returns more information than LsaEnumerateTrustedDomains.
LsaLookupNamesMaps the specified names to their SIDs. Returns the SID as an RID/Domain SID pair.
LsaLookupNames2Maps the specified names to their SIDs. Returns the SID as a single element.
LsaLookupSidsMaps the specified account names to their SIDs.
LsaRegisterPolicyChangeNotificationRegisters an event object to receive notifications when the local policy information changes.
LsaUnregisterPolicyChangeNotificationUnregisters an event object that is receiving policy change notifications.

Account Functions

The following functions add, enumerate, and delete permissions for an account.

FunctionDescription
LsaAddAccountRightsAdd permissions to an account. If the account does not already exist, it is created.
LsaEnumerateAccountRightsEnumerate the permissions granted to an account.
LsaRemoveAccountRightsRemove permissions from an account. When all the permissions are removed, the account is deleted.

Trusted Domain Functions

The following functions create, enumerate, and delete trusted domains and set and retrieve trusted domain information.

FunctionDescription
LsaCreateTrustedDomainExCreates a new TrustedDomain object.
LsaDeleteTrustedDomainRemoves a TrustedDomain object.
LsaEnumerateTrustedDomainsEnumerates the domains currently trusted by the local system.
LsaEnumerateTrustedDomainsExEnumerates the domains currently trusted by the local system.
LsaOpenTrustedDomainByNameOpens a handle to a TrustedDomain object.
LsaQueryTrustedDomainInfoRetrieves information about a trusted domain. The domain is specified by SID.
LsaQueryTrustedDomainInfoByNameRetrieves information about a trusted domain. The domain is specified by name.
LsaSetTrustedDomainInfoByNameSets information for a trusted domain. The domain is specified by name.
LsaSetTrustedDomainInformationSets information for a trusted domain. The domain is specified by SID.

Private Data Functions

Do not use the LSA private data functions. Instead, use the CryptProtectData and CryptUnprotectData functions.

FunctionDescription
LsaRetrievePrivateDataRetrieves and decrypts a string.
LsaStorePrivateDataEncrypts and stores a string.

Miscellaneous Functions

The LSA Policy API has the following three functions that do not fit into any of the other LSA Policy function categories.

FunctionDescription
LsaCloseCloses a handle to a Policy object or a TrustedDomain object.
LsaFreeMemoryFrees a buffer allocated by an LSA function.
LsaNtStatusToWinErrorConverts an NTSTATUS value to a Windows error code.

Password Filter Functions

The following password filter functions are implemented by custom password filter DLLs to provide password filtering and password change notification.

FunctionDescription
InitializeChangeNotifyIndicates that a password filter DLL is initialized.
PasswordChangeNotifyIndicates that a password has been changed.
PasswordFilterValidates a new password based on password policy.

Safer Functions

The following Safer functions can be used to check the safer level of any executable and to log events.

FunctionDescription
SaferCloseLevelCloses a SAFER_LEVEL_HANDLE opened using the SaferIdentifyLevel function or the SaferCreateLevel function.
SaferComputeTokenFromLevelRestricts a token using restrictions specified by a SAFER_LEVEL_HANDLE.
SaferCreateLevelOpens a SAFER_LEVEL_HANDLE.
SaferGetLevelInformationRetrieves information about a policy level.
SaferGetPolicyInformationRetrieves information about a policy.
SaferIdentifyLevelRetrieves information about a level.
SaferiIsExecutableFileTypeDetermines whether a specified file is an executable file.
SaferRecordEventLogEntrySends a message to the event log.

Send comments about this topic to Microsoft

Build date: 10/30/2008

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker