Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Why is ACCESS DENIED in LsaOpenPolicy?

Posted on 2001-09-04
3
Medium Priority
?
2,289 Views
Last Modified: 2010-07-27
I'm trying to open a policy handle to access protected storage.  I'm passing an access mask of POLICY_GET_PRIVATE_INFORMATION to LsaOpenPolicy to read protected storage and POLICY_CREATE_SECRET to write to protected storage.

When running from a Power User account, I get an ACCESS DENIED error when opening the policy handle.  Why?  Shouldn't I be able to store server passwords in protected storage from a Power User account?
0
Comment
Question by:GaryW021199
3 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 400 total points
ID: 6453684
No, the default privilege of the POWER USER group does not have access to the LSA policy information.  You need to use an account in the ADMINISTRATORS group.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 6454047
Or you can use the delegate feature in active directory to give the user reset passwords permissions and this would work also.
0
 
LVL 5

Expert Comment

by:cempasha
ID: 8493712
Hi GaryW

- This question is still open and needs to be closed. If any of the comments above helped you, please accept that comment as an answer. If not please send an update about your issue so that the question can be finalised. Thank you

- Experts, please feel free to add any comments in here, if you keep silent points of question can be removed

- *** PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER ***

Pasha

Cleanup Volunteer
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question