I'm trying to open a policy handle to access protected storage. I'm passing an access mask of POLICY_GET_PRIVATE_INFORMATION to LsaOpenPolicy to read protected storage and POLICY_CREATE_SECRET to write to protected storage.
When running from a Power User account, I get an ACCESS DENIED error when opening the policy handle. Why? Shouldn't I be able to store server passwords in protected storage from a Power User account?