NetUserAdd - Permission issue, incorrect paramater

Question

I\'m using NetUserAdd to add a new administrator. But I\'m receiving an error that I can\'t figure out.

The error returned from the failing method is:

NE         


        

Answer 1

The useri1.priv member is read-only. (I suspect that it only exists for compatibility with early versions of the old DOS-based LAN Manager, which I presume really did determine admin privilege by a flag on the account rather than by group membership.)

At any rate, the fact that it is read-only is documented under USER_INFO_1:

The level of privilege assigned to the usri1_name member. When you call the NetUserAdd function, this member must be USER_PRIV_USER. When you call the NetUserSetInfo function, this member must be the value returned by the NetUserGetInfo function or the NetUserEnum function.

The correct method for creating a new administrative user is to first create the user without admin privilege and then call NetLocalGroupAddMembers to add the user to the Administrators group. (Or in a domain environment you might instead use NetGroupAddUser to add the user to the Domain Admins group, or another group that has been given administrator privilege in your domain.)