Process Hacker
ntsam.h
Go to the documentation of this file.
1 #ifndef _NTSAM_H
2 #define _NTSAM_H
3 
4 #define SAM_MAXIMUM_LOOKUP_COUNT (1000)
5 #define SAM_MAXIMUM_LOOKUP_LENGTH (32000)
6 #define SAM_MAX_PASSWORD_LENGTH (256)
7 #define SAM_PASSWORD_ENCRYPTION_SALT_LEN (16)
8 
9 typedef PVOID SAM_HANDLE, *PSAM_HANDLE;
11 
12 typedef struct _SAM_RID_ENUMERATION
13 {
14  ULONG RelativeId;
17 
18 typedef struct _SAM_SID_ENUMERATION
19 {
20  PSID Sid;
23 
24 typedef struct _SAM_BYTE_ARRAY
25 {
26  ULONG Size;
27  _Field_size_bytes_(Size) PUCHAR Data;
29 
30 typedef struct _SAM_BYTE_ARRAY_32K
31 {
32  ULONG Size;
33  _Field_size_bytes_(Size) PUCHAR Data;
35 
37 
38 // Basic
39 
40 NTSTATUS
41 NTAPI
43  _In_ PVOID Buffer
44  );
45 
46 NTSTATUS
47 NTAPI
49  _In_ SAM_HANDLE SamHandle
50  );
51 
52 _Check_return_
53 NTSTATUS
54 NTAPI
56  _In_ SAM_HANDLE ObjectHandle,
57  _In_ SECURITY_INFORMATION SecurityInformation,
58  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
59  );
60 
61 _Check_return_
62 NTSTATUS
63 NTAPI
65  _In_ SAM_HANDLE ObjectHandle,
66  _In_ SECURITY_INFORMATION SecurityInformation,
67  _Outptr_ PSECURITY_DESCRIPTOR *SecurityDescriptor
68  );
69 
70 _Check_return_
71 NTSTATUS
72 NTAPI
74  _In_ SAM_HANDLE ObjectHandle,
75  _In_ ULONG Rid,
76  _Outptr_ PSID *Sid
77  );
78 
79 // Server
80 
81 #define SAM_SERVER_CONNECT 0x0001
82 #define SAM_SERVER_SHUTDOWN 0x0002
83 #define SAM_SERVER_INITIALIZE 0x0004
84 #define SAM_SERVER_CREATE_DOMAIN 0x0008
85 #define SAM_SERVER_ENUMERATE_DOMAINS 0x0010
86 #define SAM_SERVER_LOOKUP_DOMAIN 0x0020
87 
88 #define SAM_SERVER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
89  SAM_SERVER_CONNECT | \
90  SAM_SERVER_INITIALIZE | \
91  SAM_SERVER_CREATE_DOMAIN | \
92  SAM_SERVER_SHUTDOWN | \
93  SAM_SERVER_ENUMERATE_DOMAINS | \
94  SAM_SERVER_LOOKUP_DOMAIN)
95 
96 #define SAM_SERVER_READ (STANDARD_RIGHTS_READ | \
97  SAM_SERVER_ENUMERATE_DOMAINS)
98 
99 #define SAM_SERVER_WRITE (STANDARD_RIGHTS_WRITE | \
100  SAM_SERVER_INITIALIZE | \
101  SAM_SERVER_CREATE_DOMAIN | \
102  SAM_SERVER_SHUTDOWN)
103 
104 #define SAM_SERVER_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
105  SAM_SERVER_CONNECT | \
106  SAM_SERVER_LOOKUP_DOMAIN)
107 
108 // Functions
109 
110 _Check_return_
111 NTSTATUS
112 NTAPI
113 SamConnect(
114  _In_opt_ PUNICODE_STRING ServerName,
115  _Out_ PSAM_HANDLE ServerHandle,
116  _In_ ACCESS_MASK DesiredAccess,
117  _In_ POBJECT_ATTRIBUTES ObjectAttributes
118  );
119 
120 _Check_return_
121 NTSTATUS
122 NTAPI
124  _In_ SAM_HANDLE ServerHandle
125  );
126 
127 // Domain
128 
129 #define DOMAIN_READ_PASSWORD_PARAMETERS 0x0001
130 #define DOMAIN_WRITE_PASSWORD_PARAMS 0x0002
131 #define DOMAIN_READ_OTHER_PARAMETERS 0x0004
132 #define DOMAIN_WRITE_OTHER_PARAMETERS 0x0008
133 #define DOMAIN_CREATE_USER 0x0010
134 #define DOMAIN_CREATE_GROUP 0x0020
135 #define DOMAIN_CREATE_ALIAS 0x0040
136 #define DOMAIN_GET_ALIAS_MEMBERSHIP 0x0080
137 #define DOMAIN_LIST_ACCOUNTS 0x0100
138 #define DOMAIN_LOOKUP 0x0200
139 #define DOMAIN_ADMINISTER_SERVER 0x0400
140 
141 #define DOMAIN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
142  DOMAIN_READ_OTHER_PARAMETERS | \
143  DOMAIN_WRITE_OTHER_PARAMETERS | \
144  DOMAIN_WRITE_PASSWORD_PARAMS | \
145  DOMAIN_CREATE_USER | \
146  DOMAIN_CREATE_GROUP | \
147  DOMAIN_CREATE_ALIAS | \
148  DOMAIN_GET_ALIAS_MEMBERSHIP | \
149  DOMAIN_LIST_ACCOUNTS | \
150  DOMAIN_READ_PASSWORD_PARAMETERS | \
151  DOMAIN_LOOKUP | \
152  DOMAIN_ADMINISTER_SERVER)
153 
154 #define DOMAIN_READ (STANDARD_RIGHTS_READ | \
155  DOMAIN_GET_ALIAS_MEMBERSHIP | \
156  DOMAIN_READ_OTHER_PARAMETERS)
157 
158 #define DOMAIN_WRITE (STANDARD_RIGHTS_WRITE | \
159  DOMAIN_WRITE_OTHER_PARAMETERS | \
160  DOMAIN_WRITE_PASSWORD_PARAMS | \
161  DOMAIN_CREATE_USER | \
162  DOMAIN_CREATE_GROUP | \
163  DOMAIN_CREATE_ALIAS | \
164  DOMAIN_ADMINISTER_SERVER)
165 
166 #define DOMAIN_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
167  DOMAIN_READ_PASSWORD_PARAMETERS | \
168  DOMAIN_LIST_ACCOUNTS | \
169  DOMAIN_LOOKUP)
170 
171 #define DOMAIN_PROMOTION_INCREMENT { 0x0, 0x10 }
172 #define DOMAIN_PROMOTION_MASK { 0x0, 0xfffffff0 }
173 
174 // SamQueryInformationDomain/SamSetInformationDomain types
175 
177 {
192 
194 {
198 
200 {
204 
205 #include <pshpack4.h>
207 {
208  LARGE_INTEGER ForceLogoff;
212  LARGE_INTEGER DomainModifiedCount;
216  ULONG UserCount;
217  ULONG GroupCount;
218  ULONG AliasCount;
220 #include <poppack.h>
221 
222 #include <pshpack4.h>
224 {
226  LARGE_INTEGER LockoutDuration; // delta time
227  LARGE_INTEGER LockoutObservationWindow; // delta time
230 #include <poppack.h>
231 
233 {
236 
237 #ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED // defined in ntsecapi.h
238 #define _DOMAIN_PASSWORD_INFORMATION_DEFINED
239 
241 {
245  LARGE_INTEGER MaxPasswordAge;
246  LARGE_INTEGER MinPasswordAge;
248 
249 // PasswordProperties flags
250 
251 #define DOMAIN_PASSWORD_COMPLEX 0x00000001L
252 #define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L
253 #define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L
254 #define DOMAIN_LOCKOUT_ADMINS 0x00000008L
255 #define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L
256 #define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L
257 #define DOMAIN_NO_LM_OWF_CHANGE 0x00000040L
258 
259 #endif
260 
262 {
266 
268 {
269  LARGE_INTEGER ForceLogoff;
271 
273 {
276 
278 {
281 
283 {
286 
288 {
291 
293 {
294  LARGE_INTEGER DomainModifiedCount;
295  LARGE_INTEGER CreationTime;
297 
299 {
300  LARGE_INTEGER DomainModifiedCount;
301  LARGE_INTEGER CreationTime;
304 
306 {
309 
311 {
312  LARGE_INTEGER LockoutDuration; // delta time
313  LARGE_INTEGER LockoutObservationWindow; // delta time
314  USHORT LockoutThreshold; // zero means no lockout
316 
317 // SamQueryDisplayInformation types
318 
320 {
328 
329 typedef struct _DOMAIN_DISPLAY_USER
330 {
331  ULONG Index;
332  ULONG Rid;
338 
340 {
341  ULONG Index;
342  ULONG Rid;
347 
348 typedef struct _DOMAIN_DISPLAY_GROUP
349 {
350  ULONG Index;
351  ULONG Rid;
352  ULONG Attributes;
356 
358 {
359  ULONG Index;
362 
364 {
365  ULONG Index;
368 
369 // SamQueryLocalizableAccountsInDomain types
370 
372 {
375 
377 {
378  ULONG Rid;
379  SID_NAME_USE Use;
383 
385 {
386  ULONG Count;
387  _Field_size_(Count) DOMAIN_LOCALIZABLE_ACCOUNT_ENTRY *Entries;
389 
391 {
394 
395 // Functions
396 
397 _Check_return_
398 NTSTATUS
399 NTAPI
401  _In_ SAM_HANDLE ServerHandle,
402  _In_ PUNICODE_STRING Name,
403  _Outptr_ PSID *DomainId
404  );
405 
406 _Check_return_
407 NTSTATUS
408 NTAPI
410  _In_ SAM_HANDLE ServerHandle,
411  _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
412  _Outptr_ PVOID *Buffer, // PSAM_SID_ENUMERATION *Buffer
413  _In_ ULONG PreferedMaximumLength,
414  _Out_ PULONG CountReturned
415  );
416 
417 _Check_return_
418 NTSTATUS
419 NTAPI
421  _In_ SAM_HANDLE ServerHandle,
422  _In_ ACCESS_MASK DesiredAccess,
423  _In_ PSID DomainId,
424  _Out_ PSAM_HANDLE DomainHandle
425  );
426 
427 _Check_return_
428 NTSTATUS
429 NTAPI
431  _In_ SAM_HANDLE DomainHandle,
432  _In_ DOMAIN_INFORMATION_CLASS DomainInformationClass,
433  _Outptr_ PVOID *Buffer
434  );
435 
436 _Check_return_
437 NTSTATUS
438 NTAPI
440  _In_ SAM_HANDLE DomainHandle,
441  _In_ DOMAIN_INFORMATION_CLASS DomainInformationClass,
442  _In_ PVOID DomainInformation
443  );
444 
445 _Check_return_
446 NTSTATUS
447 NTAPI
449  _In_ SAM_HANDLE DomainHandle,
450  _In_ ULONG Count,
451  _In_reads_(Count) PUNICODE_STRING Names,
452  _Out_ _Deref_post_count_(Count) PULONG *RelativeIds,
453  _Out_ _Deref_post_count_(Count) PSID_NAME_USE *Use
454  );
455 
456 _Check_return_
457 NTSTATUS
458 NTAPI
460  _In_ SAM_HANDLE DomainHandle,
461  _In_ ULONG Count,
462  _In_reads_(Count) PULONG RelativeIds,
463  _Out_ _Deref_post_count_(Count) PUNICODE_STRING *Names,
464  _Out_ _Deref_post_opt_count_(Count) PSID_NAME_USE *Use
465  );
466 
467 _Check_return_
468 NTSTATUS
469 NTAPI
471  _In_ SAM_HANDLE DomainHandle,
472  _In_ PSID MemberId
473  );
474 
475 _Check_return_
476 NTSTATUS
477 NTAPI
479  _In_ SAM_HANDLE Domain,
480  _In_ ULONG Flags,
481  _In_ ULONG LanguageId,
483  _Outptr_ PVOID *Buffer
484  );
485 
486 // Group
487 
488 #define GROUP_READ_INFORMATION 0x0001
489 #define GROUP_WRITE_ACCOUNT 0x0002
490 #define GROUP_ADD_MEMBER 0x0004
491 #define GROUP_REMOVE_MEMBER 0x0008
492 #define GROUP_LIST_MEMBERS 0x0010
493 
494 #define GROUP_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
495  GROUP_LIST_MEMBERS | \
496  GROUP_WRITE_ACCOUNT | \
497  GROUP_ADD_MEMBER | \
498  GROUP_REMOVE_MEMBER | \
499  GROUP_READ_INFORMATION)
500 
501 #define GROUP_READ (STANDARD_RIGHTS_READ | \
502  GROUP_LIST_MEMBERS)
503 
504 #define GROUP_WRITE (STANDARD_RIGHTS_WRITE | \
505  GROUP_WRITE_ACCOUNT | \
506  GROUP_ADD_MEMBER | \
507  GROUP_REMOVE_MEMBER)
508 
509 #define GROUP_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
510  GROUP_READ_INFORMATION)
511 
512 typedef struct _GROUP_MEMBERSHIP
513 {
514  ULONG RelativeId;
515  ULONG Attributes;
517 
518 // SamQueryInformationGroup/SamSetInformationGroup types
519 
521 {
528 
530 {
532  ULONG Attributes;
533  ULONG MemberCount;
536 
538 {
541 
543 {
544  ULONG Attributes;
546 
548 {
551 
552 // Functions
553 
554 _Check_return_
555 NTSTATUS
556 NTAPI
558  _In_ SAM_HANDLE DomainHandle,
559  _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
560  _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *
561  _In_ ULONG PreferedMaximumLength,
562  _Out_ PULONG CountReturned
563  );
564 
565 _Check_return_
566 NTSTATUS
567 NTAPI
569  _In_ SAM_HANDLE DomainHandle,
570  _In_ PUNICODE_STRING AccountName,
571  _In_ ACCESS_MASK DesiredAccess,
572  _Out_ PSAM_HANDLE GroupHandle,
573  _Out_ PULONG RelativeId
574  );
575 
576 _Check_return_
577 NTSTATUS
578 NTAPI
580  _In_ SAM_HANDLE DomainHandle,
581  _In_ ACCESS_MASK DesiredAccess,
582  _In_ ULONG GroupId,
583  _Out_ PSAM_HANDLE GroupHandle
584  );
585 
586 _Check_return_
587 NTSTATUS
588 NTAPI
590  _In_ SAM_HANDLE GroupHandle
591  );
592 
593 _Check_return_
594 NTSTATUS
595 NTAPI
597  _In_ SAM_HANDLE GroupHandle,
598  _In_ GROUP_INFORMATION_CLASS GroupInformationClass,
599  _Outptr_ PVOID *Buffer
600  );
601 
602 _Check_return_
603 NTSTATUS
604 NTAPI
606  _In_ SAM_HANDLE GroupHandle,
607  _In_ GROUP_INFORMATION_CLASS GroupInformationClass,
608  _In_ PVOID Buffer
609  );
610 
611 _Check_return_
612 NTSTATUS
613 NTAPI
615  _In_ SAM_HANDLE GroupHandle,
616  _In_ ULONG MemberId,
617  _In_ ULONG Attributes
618  );
619 
620 _Check_return_
621 NTSTATUS
622 NTAPI
624  _In_ SAM_HANDLE GroupHandle,
625  _In_ ULONG MemberId
626  );
627 
628 _Check_return_
629 NTSTATUS
630 NTAPI
632  _In_ SAM_HANDLE GroupHandle,
633  _Out_ _Deref_post_count_(*MemberCount) PULONG *MemberIds,
634  _Out_ _Deref_post_count_(*MemberCount) PULONG *Attributes,
635  _Out_ PULONG MemberCount
636  );
637 
638 _Check_return_
639 NTSTATUS
640 NTAPI
642  _In_ SAM_HANDLE GroupHandle,
643  _In_ ULONG MemberId,
644  _In_ ULONG Attributes
645  );
646 
647 // Alias
648 
649 #define ALIAS_ADD_MEMBER 0x0001
650 #define ALIAS_REMOVE_MEMBER 0x0002
651 #define ALIAS_LIST_MEMBERS 0x0004
652 #define ALIAS_READ_INFORMATION 0x0008
653 #define ALIAS_WRITE_ACCOUNT 0x0010
654 
655 #define ALIAS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
656  ALIAS_READ_INFORMATION | \
657  ALIAS_WRITE_ACCOUNT | \
658  ALIAS_LIST_MEMBERS | \
659  ALIAS_ADD_MEMBER | \
660  ALIAS_REMOVE_MEMBER)
661 
662 #define ALIAS_READ (STANDARD_RIGHTS_READ | \
663  ALIAS_LIST_MEMBERS)
664 
665 #define ALIAS_WRITE (STANDARD_RIGHTS_WRITE | \
666  ALIAS_WRITE_ACCOUNT | \
667  ALIAS_ADD_MEMBER | \
668  ALIAS_REMOVE_MEMBER)
669 
670 #define ALIAS_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
671  ALIAS_READ_INFORMATION)
672 
673 // SamQueryInformationAlias/SamSetInformationAlias types
674 
676 {
683 
685 {
687  ULONG MemberCount;
690 
692 {
695 
697 {
700 
701 #define ALIAS_ALL_NAME (0x00000001L)
702 #define ALIAS_ALL_MEMBER_COUNT (0x00000002L)
703 #define ALIAS_ALL_ADMIN_COMMENT (0x00000004L)
704 #define ALIAS_ALL_SHELL_ADMIN_OBJECT_PROPERTIES (0x00000008L)
705 
707 {
708  ULONG WhichFields;
709  SAM_SHELL_OBJECT_PROPERTIES ShellAdminObjectProperties;
711 
712 // Functions
713 
714 _Check_return_
715 NTSTATUS
716 NTAPI
718  _In_ SAM_HANDLE DomainHandle,
719  _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
720  _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *Buffer
721  _In_ ULONG PreferedMaximumLength,
722  _Out_ PULONG CountReturned
723  );
724 
725 _Check_return_
726 NTSTATUS
727 NTAPI
729  _In_ SAM_HANDLE DomainHandle,
730  _In_ PUNICODE_STRING AccountName,
731  _In_ ACCESS_MASK DesiredAccess,
732  _Out_ PSAM_HANDLE AliasHandle,
733  _Out_ PULONG RelativeId
734  );
735 
736 _Check_return_
737 NTSTATUS
738 NTAPI
740  _In_ SAM_HANDLE DomainHandle,
741  _In_ ACCESS_MASK DesiredAccess,
742  _In_ ULONG AliasId,
743  _Out_ PSAM_HANDLE AliasHandle
744  );
745 
746 _Check_return_
747 NTSTATUS
748 NTAPI
750  _In_ SAM_HANDLE AliasHandle
751  );
752 
753 _Check_return_
754 NTSTATUS
755 NTAPI
757  _In_ SAM_HANDLE AliasHandle,
758  _In_ ALIAS_INFORMATION_CLASS AliasInformationClass,
759  _Outptr_ PVOID *Buffer
760  );
761 
762 _Check_return_
763 NTSTATUS
764 NTAPI
766  _In_ SAM_HANDLE AliasHandle,
767  _In_ ALIAS_INFORMATION_CLASS AliasInformationClass,
768  _In_ PVOID Buffer
769  );
770 
771 _Check_return_
772 NTSTATUS
773 NTAPI
775  _In_ SAM_HANDLE AliasHandle,
776  _In_ PSID MemberId
777  );
778 
779 _Check_return_
780 NTSTATUS
781 NTAPI
783  _In_ SAM_HANDLE AliasHandle,
784  _In_reads_(MemberCount) PSID *MemberIds,
785  _In_ ULONG MemberCount
786  );
787 
788 _Check_return_
789 NTSTATUS
790 NTAPI
792  _In_ SAM_HANDLE AliasHandle,
793  _In_ PSID MemberId
794  );
795 
796 _Check_return_
797 NTSTATUS
798 NTAPI
800  _In_ SAM_HANDLE AliasHandle,
801  _In_reads_(MemberCount) PSID *MemberIds,
802  _In_ ULONG MemberCount
803  );
804 
805 _Check_return_
806 NTSTATUS
807 NTAPI
809  _In_ SAM_HANDLE AliasHandle,
810  _Out_ _Deref_post_count_(*MemberCount) PSID **MemberIds,
811  _Out_ PULONG MemberCount
812  );
813 
814 _Check_return_
815 NTSTATUS
816 NTAPI
818  _In_ SAM_HANDLE DomainHandle,
819  _In_ ULONG PassedCount,
820  _In_reads_(PassedCount) PSID *Sids,
821  _Out_ PULONG MembershipCount,
822  _Out_ _Deref_post_count_(*MembershipCount) PULONG *Aliases
823  );
824 
825 // Group types
826 
827 #define GROUP_TYPE_BUILTIN_LOCAL_GROUP 0x00000001
828 #define GROUP_TYPE_ACCOUNT_GROUP 0x00000002
829 #define GROUP_TYPE_RESOURCE_GROUP 0x00000004
830 #define GROUP_TYPE_UNIVERSAL_GROUP 0x00000008
831 #define GROUP_TYPE_APP_BASIC_GROUP 0x00000010
832 #define GROUP_TYPE_APP_QUERY_GROUP 0x00000020
833 #define GROUP_TYPE_SECURITY_ENABLED 0x80000000
834 
835 #define GROUP_TYPE_RESOURCE_BEHAVOIR (GROUP_TYPE_RESOURCE_GROUP | \
836  GROUP_TYPE_APP_BASIC_GROUP | \
837  GROUP_TYPE_APP_QUERY_GROUP)
838 
839 // User
840 
841 #define USER_READ_GENERAL 0x0001
842 #define USER_READ_PREFERENCES 0x0002
843 #define USER_WRITE_PREFERENCES 0x0004
844 #define USER_READ_LOGON 0x0008
845 #define USER_READ_ACCOUNT 0x0010
846 #define USER_WRITE_ACCOUNT 0x0020
847 #define USER_CHANGE_PASSWORD 0x0040
848 #define USER_FORCE_PASSWORD_CHANGE 0x0080
849 #define USER_LIST_GROUPS 0x0100
850 #define USER_READ_GROUP_INFORMATION 0x0200
851 #define USER_WRITE_GROUP_INFORMATION 0x0400
852 
853 #define USER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
854  USER_READ_PREFERENCES | \
855  USER_READ_LOGON | \
856  USER_LIST_GROUPS | \
857  USER_READ_GROUP_INFORMATION | \
858  USER_WRITE_PREFERENCES | \
859  USER_CHANGE_PASSWORD | \
860  USER_FORCE_PASSWORD_CHANGE | \
861  USER_READ_GENERAL | \
862  USER_READ_ACCOUNT | \
863  USER_WRITE_ACCOUNT | \
864  USER_WRITE_GROUP_INFORMATION)
865 
866 #define USER_READ (STANDARD_RIGHTS_READ | \
867  USER_READ_PREFERENCES | \
868  USER_READ_LOGON | \
869  USER_READ_ACCOUNT | \
870  USER_LIST_GROUPS | \
871  USER_READ_GROUP_INFORMATION)
872 
873 #define USER_WRITE (STANDARD_RIGHTS_WRITE | \
874  USER_WRITE_PREFERENCES | \
875  USER_CHANGE_PASSWORD)
876 
877 #define USER_EXECUTE (STANDARD_RIGHTS_EXECUTE | \
878  USER_READ_GENERAL | \
879  USER_CHANGE_PASSWORD)
880 
881 // User account control flags
882 
883 #define USER_ACCOUNT_DISABLED (0x00000001)
884 #define USER_HOME_DIRECTORY_REQUIRED (0x00000002)
885 #define USER_PASSWORD_NOT_REQUIRED (0x00000004)
886 #define USER_TEMP_DUPLICATE_ACCOUNT (0x00000008)
887 #define USER_NORMAL_ACCOUNT (0x00000010)
888 #define USER_MNS_LOGON_ACCOUNT (0x00000020)
889 #define USER_INTERDOMAIN_TRUST_ACCOUNT (0x00000040)
890 #define USER_WORKSTATION_TRUST_ACCOUNT (0x00000080)
891 #define USER_SERVER_TRUST_ACCOUNT (0x00000100)
892 #define USER_DONT_EXPIRE_PASSWORD (0x00000200)
893 #define USER_ACCOUNT_AUTO_LOCKED (0x00000400)
894 #define USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED (0x00000800)
895 #define USER_SMARTCARD_REQUIRED (0x00001000)
896 #define USER_TRUSTED_FOR_DELEGATION (0x00002000)
897 #define USER_NOT_DELEGATED (0x00004000)
898 #define USER_USE_DES_KEY_ONLY (0x00008000)
899 #define USER_DONT_REQUIRE_PREAUTH (0x00010000)
900 #define USER_PASSWORD_EXPIRED (0x00020000)
901 #define USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (0x00040000)
902 #define USER_NO_AUTH_DATA_REQUIRED (0x00080000)
903 #define USER_PARTIAL_SECRETS_ACCOUNT (0x00100000)
904 #define USER_USE_AES_KEYS (0x00200000) // not used
905 
906 #define NEXT_FREE_ACCOUNT_CONTROL_BIT (USER_USE_AES_KEYS << 1)
907 
908 #define USER_MACHINE_ACCOUNT_MASK ( \
909  USER_INTERDOMAIN_TRUST_ACCOUNT | \
910  USER_WORKSTATION_TRUST_ACCOUNT | \
911  USER_SERVER_TRUST_ACCOUNT \
912  )
913 
914 #define USER_ACCOUNT_TYPE_MASK ( \
915  USER_TEMP_DUPLICATE_ACCOUNT | \
916  USER_NORMAL_ACCOUNT | \
917  USER_MACHINE_ACCOUNT_MASK \
918  )
919 
920 #define USER_COMPUTED_ACCOUNT_CONTROL_BITS ( \
921  USER_ACCOUNT_AUTO_LOCKED | \
922  USER_PASSWORD_EXPIRED \
923  )
924 
925 // Logon times may be expressed in day, hour, or minute granularity.
926 
927 #define SAM_DAYS_PER_WEEK (7)
928 #define SAM_HOURS_PER_WEEK (24 * SAM_DAYS_PER_WEEK)
929 #define SAM_MINUTES_PER_WEEK (60 * SAM_HOURS_PER_WEEK)
930 
931 typedef struct _LOGON_HOURS
932 {
933  USHORT UnitsPerWeek;
934 
935  // UnitsPerWeek is the number of equal length time units the week is
936  // divided into. This value is used to compute the length of the bit
937  // string in logon_hours. Must be less than or equal to
938  // SAM_UNITS_PER_WEEK (10080) for this release.
939  //
940  // LogonHours is a bit map of valid logon times. Each bit represents
941  // a unique division in a week. The largest bit map supported is 1260
942  // bytes (10080 bits), which represents minutes per week. In this case
943  // the first bit (bit 0, byte 0) is Sunday, 00:00:00 - 00-00:59; bit 1,
944  // byte 0 is Sunday, 00:01:00 - 00:01:59, etc. A NULL pointer means
945  // DONT_CHANGE for SamSetInformationUser() calls.
946 
947  PUCHAR LogonHours;
949 
951 {
952  ULONG Length;
955 
956 // SamQueryInformationUser/SamSetInformationUser types
957 
959 {
990 
991 #include <pshpack4.h>
992 typedef struct _USER_ALL_INFORMATION
993 {
994  LARGE_INTEGER LastLogon;
995  LARGE_INTEGER LastLogoff;
996  LARGE_INTEGER PasswordLastSet;
997  LARGE_INTEGER AccountExpires;
998  LARGE_INTEGER PasswordCanChange;
999  LARGE_INTEGER PasswordMustChange;
1014  ULONG UserId;
1020  USHORT LogonCount;
1021  USHORT CountryCode;
1022  USHORT CodePage;
1028 #include <poppack.h>
1029 
1030 // Flags for WhichFields in USER_ALL_INFORMATION
1031 
1032 #define USER_ALL_USERNAME 0x00000001
1033 #define USER_ALL_FULLNAME 0x00000002
1034 #define USER_ALL_USERID 0x00000004
1035 #define USER_ALL_PRIMARYGROUPID 0x00000008
1036 #define USER_ALL_ADMINCOMMENT 0x00000010
1037 #define USER_ALL_USERCOMMENT 0x00000020
1038 #define USER_ALL_HOMEDIRECTORY 0x00000040
1039 #define USER_ALL_HOMEDIRECTORYDRIVE 0x00000080
1040 #define USER_ALL_SCRIPTPATH 0x00000100
1041 #define USER_ALL_PROFILEPATH 0x00000200
1042 #define USER_ALL_WORKSTATIONS 0x00000400
1043 #define USER_ALL_LASTLOGON 0x00000800
1044 #define USER_ALL_LASTLOGOFF 0x00001000
1045 #define USER_ALL_LOGONHOURS 0x00002000
1046 #define USER_ALL_BADPASSWORDCOUNT 0x00004000
1047 #define USER_ALL_LOGONCOUNT 0x00008000
1048 #define USER_ALL_PASSWORDCANCHANGE 0x00010000
1049 #define USER_ALL_PASSWORDMUSTCHANGE 0x00020000
1050 #define USER_ALL_PASSWORDLASTSET 0x00040000
1051 #define USER_ALL_ACCOUNTEXPIRES 0x00080000
1052 #define USER_ALL_USERACCOUNTCONTROL 0x00100000
1053 #define USER_ALL_PARAMETERS 0x00200000
1054 #define USER_ALL_COUNTRYCODE 0x00400000
1055 #define USER_ALL_CODEPAGE 0x00800000
1056 #define USER_ALL_NTPASSWORDPRESENT 0x01000000 // field AND boolean
1057 #define USER_ALL_LMPASSWORDPRESENT 0x02000000 // field AND boolean
1058 #define USER_ALL_PRIVATEDATA 0x04000000 // field AND boolean
1059 #define USER_ALL_PASSWORDEXPIRED 0x08000000
1060 #define USER_ALL_SECURITYDESCRIPTOR 0x10000000
1061 #define USER_ALL_OWFPASSWORD 0x20000000 // boolean
1062 
1063 #define USER_ALL_UNDEFINED_MASK 0xc0000000
1064 
1065 // Fields that require USER_READ_GENERAL access to read.
1066 
1067 #define USER_ALL_READ_GENERAL_MASK (USER_ALL_USERNAME | \
1068  USER_ALL_FULLNAME | \
1069  USER_ALL_USERID | \
1070  USER_ALL_PRIMARYGROUPID | \
1071  USER_ALL_ADMINCOMMENT | \
1072  USER_ALL_USERCOMMENT)
1073 
1074 // Fields that require USER_READ_LOGON access to read.
1075 
1076 #define USER_ALL_READ_LOGON_MASK (USER_ALL_HOMEDIRECTORY | \
1077  USER_ALL_HOMEDIRECTORYDRIVE | \
1078  USER_ALL_SCRIPTPATH | \
1079  USER_ALL_PROFILEPATH | \
1080  USER_ALL_WORKSTATIONS | \
1081  USER_ALL_LASTLOGON | \
1082  USER_ALL_LASTLOGOFF | \
1083  USER_ALL_LOGONHOURS | \
1084  USER_ALL_BADPASSWORDCOUNT | \
1085  USER_ALL_LOGONCOUNT | \
1086  USER_ALL_PASSWORDCANCHANGE | \
1087  USER_ALL_PASSWORDMUSTCHANGE)
1088 
1089 // Fields that require USER_READ_ACCOUNT access to read.
1090 
1091 #define USER_ALL_READ_ACCOUNT_MASK (USER_ALL_PASSWORDLASTSET | \
1092  USER_ALL_ACCOUNTEXPIRES | \
1093  USER_ALL_USERACCOUNTCONTROL | \
1094  USER_ALL_PARAMETERS)
1095 
1096 // Fields that require USER_READ_PREFERENCES access to read.
1097 
1098 #define USER_ALL_READ_PREFERENCES_MASK (USER_ALL_COUNTRYCODE | \
1099  USER_ALL_CODEPAGE)
1100 
1101 // Fields that can only be read by trusted clients.
1102 
1103 #define USER_ALL_READ_TRUSTED_MASK (USER_ALL_NTPASSWORDPRESENT | \
1104  USER_ALL_LMPASSWORDPRESENT | \
1105  USER_ALL_PASSWORDEXPIRED | \
1106  USER_ALL_SECURITYDESCRIPTOR | \
1107  USER_ALL_PRIVATEDATA)
1108 
1109 // Fields that can't be read.
1110 
1111 #define USER_ALL_READ_CANT_MASK USER_ALL_UNDEFINED_MASK
1112 
1113 // Fields that require USER_WRITE_ACCOUNT access to write.
1114 
1115 #define USER_ALL_WRITE_ACCOUNT_MASK (USER_ALL_USERNAME | \
1116  USER_ALL_FULLNAME | \
1117  USER_ALL_PRIMARYGROUPID | \
1118  USER_ALL_HOMEDIRECTORY | \
1119  USER_ALL_HOMEDIRECTORYDRIVE | \
1120  USER_ALL_SCRIPTPATH | \
1121  USER_ALL_PROFILEPATH | \
1122  USER_ALL_ADMINCOMMENT | \
1123  USER_ALL_WORKSTATIONS | \
1124  USER_ALL_LOGONHOURS | \
1125  USER_ALL_ACCOUNTEXPIRES | \
1126  USER_ALL_USERACCOUNTCONTROL | \
1127  USER_ALL_PARAMETERS)
1128 
1129 // Fields that require USER_WRITE_PREFERENCES access to write.
1130 
1131 #define USER_ALL_WRITE_PREFERENCES_MASK (USER_ALL_USERCOMMENT | \
1132  USER_ALL_COUNTRYCODE | \
1133  USER_ALL_CODEPAGE)
1134 
1135 // Fields that require USER_FORCE_PASSWORD_CHANGE access to write.
1136 //
1137 // Note that non-trusted clients only set the NT password as a
1138 // UNICODE string. The wrapper will convert it to an LM password,
1139 // OWF and encrypt both versions. Trusted clients can pass in OWF
1140 // versions of either or both.
1141 
1142 #define USER_ALL_WRITE_FORCE_PASSWORD_CHANGE_MASK \
1143  (USER_ALL_NTPASSWORDPRESENT | \
1144  USER_ALL_LMPASSWORDPRESENT | \
1145  USER_ALL_PASSWORDEXPIRED)
1146 
1147 // Fields that can only be written by trusted clients.
1148 
1149 #define USER_ALL_WRITE_TRUSTED_MASK (USER_ALL_LASTLOGON | \
1150  USER_ALL_LASTLOGOFF | \
1151  USER_ALL_BADPASSWORDCOUNT | \
1152  USER_ALL_LOGONCOUNT | \
1153  USER_ALL_PASSWORDLASTSET | \
1154  USER_ALL_SECURITYDESCRIPTOR | \
1155  USER_ALL_PRIVATEDATA)
1156 
1157 // Fields that can't be written.
1158 
1159 #define USER_ALL_WRITE_CANT_MASK (USER_ALL_USERID | \
1160  USER_ALL_PASSWORDCANCHANGE | \
1161  USER_ALL_PASSWORDMUSTCHANGE | \
1162  USER_ALL_UNDEFINED_MASK)
1163 
1165 {
1172 
1174 {
1177  USHORT CountryCode;
1178  USHORT CodePage;
1180 
1182 {
1185 
1186 #include <pshpack4.h>
1188 {
1191  ULONG UserId;
1198  LARGE_INTEGER LastLogon;
1199  LARGE_INTEGER LastLogoff;
1200  LARGE_INTEGER PasswordLastSet;
1201  LARGE_INTEGER PasswordCanChange;
1202  LARGE_INTEGER PasswordMustChange;
1205  USHORT LogonCount;
1208 #include <poppack.h>
1209 
1210 #include <pshpack4.h>
1212 {
1215  ULONG UserId;
1223  LARGE_INTEGER LastLogon;
1224  LARGE_INTEGER LastLogoff;
1227  USHORT LogonCount;
1228  LARGE_INTEGER PasswordLastSet;
1229  LARGE_INTEGER AccountExpires;
1232 #include <poppack.h>
1233 
1235 {
1238 
1240 {
1243 
1245 {
1249 
1251 {
1254 
1256 {
1260 
1262 {
1265 
1267 {
1270 
1272 {
1275 
1277 {
1280 
1282 {
1286 
1288 {
1291 
1293 {
1294  LARGE_INTEGER AccountExpires;
1296 
1298 {
1301 
1303 
1304 // 0xff000fff is reserved for internal callers and implementation.
1305 
1306 #define USER_EXTENDED_FIELD_USER_TILE (0x00001000L)
1307 #define USER_EXTENDED_FIELD_PASSWORD_HINT (0x00002000L)
1308 #define USER_EXTENDED_FIELD_DONT_SHOW_IN_LOGON_UI (0x00004000L)
1309 #define USER_EXTENDED_FIELD_SHELL_ADMIN_OBJECT_PROPERTIES (0x00008000L)
1310 
1312 {
1317  SAM_SHELL_OBJECT_PROPERTIES ShellAdminObjectProperties;
1319 
1320 // For local callers only.
1322 {
1326 
1327 // SamChangePasswordUser3 types
1328 
1329 // Error values:
1330 // * SAM_PWD_CHANGE_NO_ERROR
1331 // * SAM_PWD_CHANGE_PASSWORD_TOO_SHORT
1332 // * SAM_PWD_CHANGE_PWD_IN_HISTORY
1333 // * SAM_PWD_CHANGE_USERNAME_IN_PASSWORD
1334 // * SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD
1335 // * SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT
1336 // * SAM_PWD_CHANGE_FAILED_BY_FILTER
1337 
1339 {
1343 
1344 // ExtendedFailureReason values
1345 
1346 #define SAM_PWD_CHANGE_NO_ERROR 0
1347 #define SAM_PWD_CHANGE_PASSWORD_TOO_SHORT 1
1348 #define SAM_PWD_CHANGE_PWD_IN_HISTORY 2
1349 #define SAM_PWD_CHANGE_USERNAME_IN_PASSWORD 3
1350 #define SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD 4
1351 #define SAM_PWD_CHANGE_NOT_COMPLEX 5
1352 #define SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT 6
1353 #define SAM_PWD_CHANGE_FAILED_BY_FILTER 7
1354 #define SAM_PWD_CHANGE_PASSWORD_TOO_LONG 8
1355 #define SAM_PWD_CHANGE_FAILURE_REASON_MAX 8
1356 
1357 // Functions
1358 
1359 _Check_return_
1360 NTSTATUS
1361 NTAPI
1363  _In_ SAM_HANDLE DomainHandle,
1364  _Inout_ PSAM_ENUMERATE_HANDLE EnumerationContext,
1365  _In_ ULONG UserAccountControl,
1366  _Outptr_ PVOID *Buffer, // PSAM_RID_ENUMERATION *
1367  _In_ ULONG PreferedMaximumLength,
1368  _Out_ PULONG CountReturned
1369  );
1370 
1371 _Check_return_
1372 NTSTATUS
1373 NTAPI
1375  _In_ SAM_HANDLE DomainHandle,
1376  _In_ PUNICODE_STRING AccountName,
1377  _In_ ACCESS_MASK DesiredAccess,
1378  _Out_ PSAM_HANDLE UserHandle,
1379  _Out_ PULONG RelativeId
1380  );
1381 
1382 _Check_return_
1383 NTSTATUS
1384 NTAPI
1386  _In_ SAM_HANDLE DomainHandle,
1387  _In_ PUNICODE_STRING AccountName,
1388  _In_ ULONG AccountType,
1389  _In_ ACCESS_MASK DesiredAccess,
1390  _Out_ PSAM_HANDLE UserHandle,
1391  _Out_ PULONG GrantedAccess,
1392  _Out_ PULONG RelativeId
1393  );
1394 
1395 _Check_return_
1396 NTSTATUS
1397 NTAPI
1398 SamOpenUser(
1399  _In_ SAM_HANDLE DomainHandle,
1400  _In_ ACCESS_MASK DesiredAccess,
1401  _In_ ULONG UserId,
1402  _Out_ PSAM_HANDLE UserHandle
1403  );
1404 
1405 _Check_return_
1406 NTSTATUS
1407 NTAPI
1409  _In_ SAM_HANDLE UserHandle
1410  );
1411 
1412 _Check_return_
1413 NTSTATUS
1414 NTAPI
1416  _In_ SAM_HANDLE UserHandle,
1417  _In_ USER_INFORMATION_CLASS UserInformationClass,
1418  _Outptr_ PVOID *Buffer
1419  );
1420 
1421 _Check_return_
1422 NTSTATUS
1423 NTAPI
1425  _In_ SAM_HANDLE UserHandle,
1426  _In_ USER_INFORMATION_CLASS UserInformationClass,
1427  _In_ PVOID Buffer
1428  );
1429 
1430 _Check_return_
1431 NTSTATUS
1432 NTAPI
1434  _In_ SAM_HANDLE UserHandle,
1435  _Out_ _Deref_post_count_(*MembershipCount) PGROUP_MEMBERSHIP *Groups,
1436  _Out_ PULONG MembershipCount
1437  );
1438 
1439 _Check_return_
1440 NTSTATUS
1441 NTAPI
1443  _In_ SAM_HANDLE UserHandle,
1444  _In_ PUNICODE_STRING OldPassword,
1445  _In_ PUNICODE_STRING NewPassword
1446  );
1447 
1448 _Check_return_
1449 NTSTATUS
1450 NTAPI
1452  _In_ PUNICODE_STRING ServerName,
1453  _In_ PUNICODE_STRING UserName,
1454  _In_ PUNICODE_STRING OldPassword,
1455  _In_ PUNICODE_STRING NewPassword
1456  );
1457 
1458 _Check_return_
1459 NTSTATUS
1460 NTAPI
1462  _In_ PUNICODE_STRING ServerName,
1463  _In_ PUNICODE_STRING UserName,
1464  _In_ PUNICODE_STRING OldPassword,
1465  _In_ PUNICODE_STRING NewPassword,
1466  _Outptr_ PDOMAIN_PASSWORD_INFORMATION *EffectivePasswordPolicy,
1467  _Outptr_ PUSER_PWD_CHANGE_FAILURE_INFORMATION *PasswordChangeFailureInfo
1468  );
1469 
1470 _Check_return_
1471 NTSTATUS
1472 NTAPI
1474  _In_ SAM_HANDLE DomainHandle,
1475  _In_ DOMAIN_DISPLAY_INFORMATION DisplayInformation,
1476  _In_ ULONG Index,
1477  _In_ ULONG EntryCount,
1478  _In_ ULONG PreferredMaximumLength,
1479  _In_ PULONG TotalAvailable,
1480  _Out_ PULONG TotalReturned,
1481  _Out_ PULONG ReturnedEntryCount,
1482  _Outptr_ PVOID *SortedBuffer
1483  );
1484 
1485 _Check_return_
1486 NTSTATUS
1487 NTAPI
1489  _In_ SAM_HANDLE DomainHandle,
1490  _In_ DOMAIN_DISPLAY_INFORMATION DisplayInformation,
1491  _In_ PUNICODE_STRING Prefix,
1492  _Out_ PULONG Index
1493  );
1494 
1495 // Database replication
1496 
1498 {
1508 
1510 {
1520 
1521 typedef enum _SAM_ACCOUNT_TYPE
1522 {
1527 
1528 #define SAM_USER_ACCOUNT (0x00000001)
1529 #define SAM_GLOBAL_GROUP_ACCOUNT (0x00000002)
1530 #define SAM_LOCAL_GROUP_ACCOUNT (0x00000004)
1531 
1532 typedef struct _SAM_GROUP_MEMBER_ID
1533 {
1534  ULONG MemberRid;
1536 
1537 typedef struct _SAM_ALIAS_MEMBER_ID
1538 {
1541 
1542 typedef union _SAM_DELTA_DATA
1543 {
1548 
1549 typedef NTSTATUS (NTAPI *PSAM_DELTA_NOTIFICATION_ROUTINE)(
1550  _In_ PSID DomainSid,
1551  _In_ SECURITY_DB_DELTA_TYPE DeltaType,
1552  _In_ SECURITY_DB_OBJECT_TYPE ObjectType,
1553  _In_ ULONG ObjectRid,
1554  _In_opt_ PUNICODE_STRING ObjectName,
1555  _In_ PLARGE_INTEGER ModifiedCount,
1556  _In_opt_ PSAM_DELTA_DATA DeltaData
1557  );
1558 
1559 #define SAM_DELTA_NOTIFY_ROUTINE "DeltaNotify"
1560 
1561 _Check_return_
1562 NTSTATUS
1563 NTAPI
1565  _In_ SECURITY_DB_OBJECT_TYPE ObjectType,
1566  _In_ HANDLE NotificationEventHandle
1567  );
1568 
1569 NTSTATUS
1570 NTAPI
1572  _In_ SECURITY_DB_OBJECT_TYPE ObjectType,
1573  _In_ HANDLE NotificationEventHandle
1574  );
1575 
1576 // Compatibility mode
1577 
1578 #define SAM_SID_COMPATIBILITY_ALL 0
1579 #define SAM_SID_COMPATIBILITY_LAX 1
1580 #define SAM_SID_COMPATIBILITY_STRICT 2
1581 
1582 _Check_return_
1583 NTSTATUS
1584 NTAPI
1586  _In_ SAM_HANDLE ObjectHandle,
1587  _Out_ ULONG *Mode
1588  );
1589 
1590 // Password validation
1591 
1593 {
1598 
1600 {
1601  ULONG Length;
1602  _Field_size_bytes_(Length) PUCHAR Hash;
1604 
1605 // Flags for PresentFields in SAM_VALIDATE_PERSISTED_FIELDS
1606 
1607 #define SAM_VALIDATE_PASSWORD_LAST_SET 0x00000001
1608 #define SAM_VALIDATE_BAD_PASSWORD_TIME 0x00000002
1609 #define SAM_VALIDATE_LOCKOUT_TIME 0x00000004
1610 #define SAM_VALIDATE_BAD_PASSWORD_COUNT 0x00000008
1611 #define SAM_VALIDATE_PASSWORD_HISTORY_LENGTH 0x00000010
1612 #define SAM_VALIDATE_PASSWORD_HISTORY 0x00000020
1613 
1615 {
1617  LARGE_INTEGER PasswordLastSet;
1618  LARGE_INTEGER BadPasswordTime;
1619  LARGE_INTEGER LockoutTime;
1622  _Field_size_bytes_(PasswordHistoryLength) PSAM_VALIDATE_PASSWORD_HASH PasswordHistory;
1624 
1626 {
1639 
1641 {
1645 
1647 {
1651 
1653 {
1658  BOOLEAN PasswordMatch; // denotes if the old password supplied by user matched or not
1660 
1662 {
1667  BOOLEAN PasswordMustChangeAtNextLogon; // looked at only for password reset
1668  BOOLEAN ClearLockout; // can be used clear user account lockout
1670 
1672 {
1677 
1679 {
1684 
1685 _Check_return_
1686 NTSTATUS
1687 NTAPI
1689  _In_opt_ PUNICODE_STRING ServerName,
1690  _In_ PASSWORD_POLICY_VALIDATION_TYPE ValidationType,
1691  _In_ PSAM_VALIDATE_INPUT_ARG InputArg,
1692  _Out_ PSAM_VALIDATE_OUTPUT_ARG *OutputArg
1693  );
1694 
1695 // Generic operation
1696 
1698 {
1701 
1703 {
1704  BOOLEAN Register;
1705  ULONG64 EventHandle;
1707  ULONG ProcessID;
1709 
1711 {
1712  ULONG Reserved;
1714 
1716 {
1719 
1721 {
1724 
1725 _Check_return_
1726 NTSTATUS
1727 NTAPI
1729  _In_opt_ PWSTR ServerName,
1730  _In_ SAM_GENERIC_OPERATION_TYPE OperationType,
1731  _In_ PSAM_GENERIC_OPERATION_INPUT OperationIn,
1732  _Out_ PSAM_GENERIC_OPERATION_OUTPUT *OperationOut
1733  );
1734 
1735 #endif