Re: [cifs-protocol] LsarOpenPolicy3 and LsarQueryInformationPolicy2 - TrackingID#2407120040007167

Wed, 17 Jul 2024 05:54:48 -0700 

On Tuesday, 16 July 2024 21:47:59 GMT+2 Sreekanth Nadendla wrote:
> Hello Andreas,

Hello Sreekanth,

> PolicyHandle can be obtained from LsarOpenPolicy3. Below is
> the proposed change to the document MS-LSAD
> 
> PolicyHandle: An RPC context handle obtained from either LsarOpenPolicy or
> LsarOpenPolicy2 or LsarOpenPolicy3


thank you very much for the update! The sentence also needs to be updated for 
other functions, but you might already have checked this.



If I do a LsarOpenPolicy3 call against Windows Server 2016, I get 
DCERPC_FAULT_ACCESS_DENIED and the dcerpc connection is closed by the server.

The dcerpc fault is unexpected and the disconnect is unfortunate.
Normally you get NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE and then be able to call 
LsarOpenPolicy2 :-(


Best regards


        Andreas


> 
> Regards,
> 
> Sreekanth Nadendla
> 
> Microsoft Windows Open Specifications
> 
> ________________________________
> 
> -----Original Message-----
> From: Andreas Schneider <a...@samba.org>
> Sent: Friday, July 12, 2024 8:28 AM
> To: Interoperability Documentation Help <doch...@microsoft.com>
> Cc: cifs-protocol@lists.samba.org
> Subject: [EXTERNAL] LsarOpenPolicy3 and LsarQueryInformationPolicy2
> 
> Hello Dochelp Team,
> 
> 3.1.4.4.9 LsarOpenPolicy3 (Opnum 130) has the following note:
> > Note: LsarOpenPolicy3 supersedes LsarOpenPolicy2 and MUST be used
> > whenever
> 
> possible.
> 
> 3.1.4.4.3 LsarQueryInformationPolicy2 (Opnum 46) has:
> > PolicyHandle: An RPC context handle obtained from either
> > LsarOpenPolicy or
> 
> LsarOpenPolicy2.
> 
> Now the questions is, if it also works with LsarOpenPolicy3 and the comment
> hasn't been updated or if it really only works with LsarOpenPolicy and
> LsarOpenPolicy2.
> 
> I don't think there is a reason why it shouldn't work with a policy handle
> from LsarOpenPolicy3, but I guess it might not be the case.
> 
> 
> Thanks for your help!
> 
> 
> Best regards
> 
> 
>         Andreas Schneider
> 
> 
> P.S. The third try works right?
> 
> --
> Andreas Schneider                      a...@samba.org
> Samba Team                            
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.samba.
> org%2F&data=05%7C02%7Csrenaden%40microsoft.com%7C4545516e6c894f601e9a08dca29
> 295d9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638563997668870137%7CUnkn
> own%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC
> I6Mn0%3D%7C0%7C%7C%7C&sdata=u0ECO1K%2BQAbxegC%2B2pscCzsu77zahKqExkZ5HYtlA4Y%
> 3D&reserved=0<http://www.samba.org/> GPG-ID:    
> 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D


-- 
Andreas Schneider                      a...@samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

Attachment: samba-openpolicy3.pcapng
Description: application/pcapng

_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to