Module win32security

An interface to the win32 security API's

Methods

DsGetSpn
Compose one or more service principal names to be registered using win32security::DsWriteAccountSpn 

DsWriteAccountSpn
Associates a set of service principal names with an account 

DsBind
Creates a connection to a directory service 

DsUnBind
Closes a directory services handle created by win32security::DsBind 

DsGetDcName
Returns the name of a domain controller (DC) in a specified domain. You can supply DC selection criteria to this function to indicate preference for a DC with particular characteristics. 

DsCrackNames
Converts an array of directory service object names from one format to another. 

DsListInfoForServer
Lists miscellaneous information for a server. 

DsListServersInSite
 

DsListServersInSite
 

DsListServersInSite
 

DsListRoles
 

DsListDomainsInSite
 

ACL
Creates a new PyACL object. 

SID
Creates a new PySID object. 

SECURITY_ATTRIBUTES
Creates a new PySECURITY_ATTRIBUTES object. 

SECURITY_DESCRIPTOR
Creates a new PySECURITY_DESCRIPTOR object. 

ImpersonateNamedPipeClient
Impersonates a named-pipe client application. 

ImpersonateLoggedOnUser
Impersonates a logged on user. 

ImpersonateAnonymousToken
Cause a thread to act in the security context of an anonymous token 

IsTokenRestricted
Checks if a token contains restricted sids 

RevertToSelf
Terminates the impersonation of a client application. 

LogonUser
Attempts to log a user on to the local computer, that is, to the computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer. 

LogonUserEx
Log a user onto the local machine, 

LookupAccountName
Accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found. 

LookupAccountSid
Accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found. 

GetBinarySid
Accepts a SID string (eg: S-1-5-32-544) and returns the SID as a PySID object. 

SetSecurityInfo
Sets security info for an object by handle 

GetSecurityInfo
Retrieve security info for an object by handle 

SetNamedSecurityInfo
Sets security info for an object by name 

GetNamedSecurityInfo
Retrieve security info for an object by name 

OpenProcessToken
Opens the access token associated with a process. 

LookupPrivilegeValue
Retrieves the locally unique id for a privilege name 

LookupPrivilegeName
return the text name for a privilege LUID 

LookupPrivilegeDisplayName
Returns long description for a privilege name 

AdjustTokenPrivileges
Enables or disables privileges for an access token. 

AdjustTokenGroups
Sets the groups associated to an access token. 

GetTokenInformation
Retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information. 

OpenThreadToken
Opens the access token associated with a thread. 

SetThreadToken
Assigns an impersonation token to a thread. The function can also cause a thread to stop using an impersonation token. 

GetFileSecurity
Obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges. 

SetFileSecurity
Sets information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges. 

GetUserObjectSecurity
Obtains specified information about the security of a user object. The information obtained is constrained by the caller's access rights and privileges. 

SetUserObjectSecurity
Sets information about the security of a user object. The information obtained is constrained by the caller's access rights and privileges. 

GetKernelObjectSecurity
Obtains specified information about the security of a kernel object. The information obtained is constrained by the caller's access rights and privileges. 

SetKernelObjectSecurity
Sets information about the security of a kernel object. The information obtained is constrained by the caller's access rights and privileges. 

SetTokenInformation
Set a specified type of information in an access token 

LsaOpenPolicy
Opens a policy handle for the specified system 

LsaClose
Closes a policy handle created by win32security::LsaOpenPolicy 

LsaQueryInformationPolicy
Retrieves information from the policy handle 

LsaSetInformationPolicy
Sets policy options 

LsaAddAccountRights
Adds a list of privileges to an account 

LsaRemoveAccountRights
Removes privs from an account 

LsaEnumerateAccountRights
Lists privileges held by SID 

LsaEnumerateAccountsWithUserRight
Return SIDs that hold specified priv 

ConvertSidToStringSid
Return string representation of a SID 

ConvertStringSidToSid
Creates a SID from a string representation 

ConvertSecurityDescriptorToStringSecurityDescriptor
Return string representation of a SECURITY_DESCRIPTOR 

ConvertStringSecurityDescriptorToSecurityDescriptor
Turns string representation of a SECURITY_DESCRIPTOR into the real thing 

LsaStorePrivateData
Stores encrypted unicode data under specified Lsa registry key. Returns None on success 

LsaRetrievePrivateData
Retreives encrypted unicode data from Lsa registry key. 

LsaRegisterPolicyChangeNotification
Register an event handle to receive policy change events 

LsaUnregisterPolicyChangeNotification
Stop receiving policy change notification 

CryptEnumProviders
List cryptography providers 

EnumerateSecurityPackages
List available security packages as a sequence of dictionaries representing SecPkgInfo structures 

AllocateLocallyUniqueId
Creates a new LUID 

ImpersonateSelf
Assigns an impersonation token for current security context to current process 

DuplicateToken
Creates a copy of an access token with specified impersonation level 

DuplicateTokenEx
Extended version of DuplicateToken. 

CheckTokenMembership
Checks if a SID is enabled in a token 

CreateRestrictedToken
Creates a restricted copy of an access token with reduced privs - requires win2K or higher 

LsaRegisterLogonProcess
Creates a trusted connection to LSA 

LsaConnectUntrusted
Creates untrusted connection to LSA 

LsaDeregisterLogonProcess
Closes connection to LSA server 

LsaLookupAuthenticationPackage
Retrieves the unique id for an authentication package 

LsaEnumerateLogonSessions
Lists all current logon ids 

LsaGetLogonSessionData
Returns information about a logon session 

AcquireCredentialsHandle
Creates a handle to credentials for use with SSPI 

InitializeSecurityContext
Creates a security context based on credentials created by AcquireCredentialsHandle 

AcceptSecurityContext
Builds security context between server and client 

QuerySecurityPackageInfo
Retrieves parameters for a security package 

LsaCallAuthenticationPackage
Requests the services of an authentication package 

TranslateName
Converts a directory service object name from one format to another. 

CreateWellKnownSid
Returns one of the predefined well known sids 

MapGenericMask
Translates generic access rights into specific rights