• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2450
  • Last Modified:

Why is ACCESS DENIED in LsaOpenPolicy?

I'm trying to open a policy handle to access protected storage.  I'm passing an access mask of POLICY_GET_PRIVATE_INFORMATION to LsaOpenPolicy to read protected storage and POLICY_CREATE_SECRET to write to protected storage.

When running from a Power User account, I get an ACCESS DENIED error when opening the policy handle.  Why?  Shouldn't I be able to store server passwords in protected storage from a Power User account?
0
GaryW021199
Asked:
GaryW021199
1 Solution
 
jhanceCommented:
No, the default privilege of the POWER USER group does not have access to the LSA policy information.  You need to use an account in the ADMINISTRATORS group.
0
 
mikecrCommented:
Or you can use the delegate feature in active directory to give the user reset passwords permissions and this would work also.
0
 
cempashaCommented:
Hi GaryW

- This question is still open and needs to be closed. If any of the comments above helped you, please accept that comment as an answer. If not please send an update about your issue so that the question can be finalised. Thank you

- Experts, please feel free to add any comments in here, if you keep silent points of question can be removed

- *** PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER ***

Pasha

Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now