3.1.4.4.8 LsarSetDomainInformationPolicy (Opnum 54)

The LsarSetDomainInformationPolicy method is invoked to change policy settings in addition to those exposed through LsarQueryInformationPolicy and LsarSetInformationPolicy2. Despite the term "Domain" in the name of the method, processing of this message occurs with local data. Also, there is no requirement that this data have any relationship with the LSA information in the domain in which the machine is joined.

 NTSTATUS LsarSetDomainInformationPolicy(
   [in] LSAPR_HANDLE PolicyHandle,
   [in] POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
   [in, unique, switch_is(InformationClass)] 
     PLSAPR_POLICY_DOMAIN_INFORMATION PolicyDomainInformation
 );

PolicyHandle: An RPC context handle obtained from either LsarOpenPolicy or LsarOpenPolicy2.

InformationClass: A parameter that specifies what type of information the caller is setting.

PolicyDomainInformation: Data representing policy being set.

Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the following message processing.

Return value/code	Description
0x00000000 STATUS_SUCCESS	The request was successfully completed.
0xC0000022 STATUS_ACCESS_DENIED	The caller does not have the permissions to perform this operation.
0xC000000D STATUS_INVALID_PARAMETER	One of the supplied arguments was invalid.
0xC0000008 STATUS_INVALID_HANDLE	PolicyHandle is not a valid handle.

Processing:

If the InformationClass parameter is PolicyDomainEfsInformation, and the responder implementation does not support Encrypting File System (EFS) Policy Information as specified in section 3.1.1.1, the request MUST fail with STATUS_INVALID_PARAMETER.

If the InformationClass parameter is PolicyDomainQualityOfServiceInformation, and the responder implementation does not support Quality Of Service Information as specified in section 3.1.1.1, the request MUST fail with an RPC exception RPC_S_INVALID_TAG.

If PolicyHandle is not a valid context handle or PolicyHandle.HandleType does not equal "Policy", the server MUST return STATUS_INVALID_HANDLE.

The server MUST verify that PolicyHandle grants access as specified in section 3.1.4.2.2. The following table specifies the RequiredAccess value to use in this access check for each InformationClass value.

The InformationClass parameter can take on any value in the POLICY_DOMAIN_INFORMATION_CLASS enumeration range. For all values outside this range, the server MUST return the STATUS_INVALID_PARAMETER error code.

The PolicyDomainInformation parameter contains the data that the caller needs to set, based on the value of the InformationClass parameter. The server MUST update its abstract data model, specified in section 3.1.1.1, as follows.

If the abstract data model update succeeds and the InformationClass parameter is PolicyDomainKerberosTicketInformation, the server MUST invoke the KDC ConfigurationChange event (see [MS-KILE] section 3.3.4.1) and MUST ignore any errors that are returned.