NetUserAdd - 权限问题，错误的参数 [英] NetUserAdd - Permission issue, incorrect paramater

问题描述

我正在使用 NetUserAdd 添加新管理员。

I'm using NetUserAdd to add a new administrator. But I'm receiving an error that I can't figure out.

失败方法返回的错误是：

The error returned from the failing method is:

NET_API_STATUS: 87
PARAM_ERR: 5

NET_API_STATUS 有一个值 87 ，它是 ERROR_INVALID_PARAMETER 。我相信 5 是参数5.这是我困惑的地方。什么参数？我的结构与文档中的结构相同，所以这个失败在哪里？

The NET_API_STATUS has a value 87 which is ERROR_INVALID_PARAMETER. And I believe the 5 is parameter 5. Which is where I'm getting confused. What parameter? My struct is identical to the one in the docs, so where is this failing?

这里是失败的方法。

bool CreateAdminUser(wchar_t *username, wchar_t *password)
{
    _USER_INFO_1 ui;
    DWORD dwLevel = 1;
    DWORD dwError = 0;
    NET_API_STATUS = nStatus;

    ui.usri1_name = username;
    ui.usri1_password = password;
    ui.usri1_priv = USER_PRIV_ADMIN;
    ui.usri1_home_dir = NULL;
    ui.usri1_comment = NULL;
    ui.usri1_flags = UF_SCRIPT;
    ui.usri1_script_path = NULL;

    nStatus = NetUserAdd(NULL, dwLevel, (LPBYTE) &ui, &dwError);

    if(nStatus != NERR_Success)
    {
        printf("NET_API_STATUS: %s\nPARAM_ERR: %d\n", nStatus, dwError);
        return false;
    }

    return true;
}

我通过Run As作为管理员运行可执行文件。

I am running the executable as admin via Run As.

编辑

我将 USER_PRIV_ADMIN 更改为 USER_PRIV_USER 和它工作。但为什么我无法创建管理员用户？我有管理员权限。

I changed USER_PRIV_ADMIN to USER_PRIV_USER and it worked. But why am I unable to create an administrator user? I have administrator privileges. I've trued using Run As, and asking for permissions via UAC which I've included in the Manifest.

推荐答案

无论如何，它是只读的这一事实是记录在USER_INFO_1下：

At any rate, the fact that it is read-only is documented under USER_INFO_1:

分配给usri1_name的权限级别会员。当您调用NetUserAdd函数时，此成员必须是USER_PRIV_USER。当调用NetUserSetInfo函数时，此成员必须是NetUserGetInfo函数或NetUserEnum函数返回的值。

The level of privilege assigned to the usri1_name member. When you call the NetUserAdd function, this member must be USER_PRIV_USER. When you call the NetUserSetInfo function, this member must be the value returned by the NetUserGetInfo function or the NetUserEnum function.

正确的方法创建新的管理用户是首先创建没有管理员权限的用户，然后调用 NetLocalGroupAddMembers 将用户添加到Administrators组。 （或者在域环境中，您可以改为使用 NetGroupAddUser 将用户添加到Domain Admins组或已在您的域中被赋予管理员权限的其他组。）

The correct method for creating a new administrative user is to first create the user without admin privilege and then call NetLocalGroupAddMembers to add the user to the Administrators group. (Or in a domain environment you might instead use NetGroupAddUser to add the user to the Domain Admins group, or another group that has been given administrator privilege in your domain.)

这篇关于NetUserAdd - 权限问题，错误的参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！