Solved

Why is ACCESS DENIED in LsaOpenPolicy?

Posted on 2001-09-04
3
2,028 Views
Last Modified: 2010-07-27
I'm trying to open a policy handle to access protected storage.  I'm passing an access mask of POLICY_GET_PRIVATE_INFORMATION to LsaOpenPolicy to read protected storage and POLICY_CREATE_SECRET to write to protected storage.

When running from a Power User account, I get an ACCESS DENIED error when opening the policy handle.  Why?  Shouldn't I be able to store server passwords in protected storage from a Power User account?
0
Comment
Question by:GaryW021199
3 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 100 total points
ID: 6453684
No, the default privilege of the POWER USER group does not have access to the LSA policy information.  You need to use an account in the ADMINISTRATORS group.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 6454047
Or you can use the delegate feature in active directory to give the user reset passwords permissions and this would work also.
0
 
LVL 5

Expert Comment

by:cempasha
ID: 8493712
Hi GaryW

- This question is still open and needs to be closed. If any of the comments above helped you, please accept that comment as an answer. If not please send an update about your issue so that the question can be finalised. Thank you

- Experts, please feel free to add any comments in here, if you keep silent points of question can be removed

- *** PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER ***

Pasha

Cleanup Volunteer
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In case you ever have to remove a faulty web part from a page , add the following to the end of the page url ?contents=1
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question