NetGroupAdd returns ERROR_ACCESS_DENIED, why? RRS feed

  • Question

  • GROUP_INFO_1 groupInfo;
    groupInfo.grpi1_name = _T("GroupName");
    groupInfo.grpi1_comment = _T("Group Name");
    DWORD dwError = 0;
    DWORD dwResult = NetGroupAdd(NULL, 1, (BYTE*)&groupInfo, &dwError);

    The above code is always returning ERROR_ACCESS_DENIED, why?

    It is running on Windows 7 with UAC turned on, the user is a domain admin who is also a member of the machine's administration group.  Visual Studio 2008 is running elevated.  Why is access denied?

    • Moved by Jesse Jiang Wednesday, April 20, 2011 9:33 AM (From:Visual C++ Language)
    Tuesday, April 19, 2011 3:08 AM

All replies

  • Hello,


    I think your issue should be raised in the

    Security for Applications in Microsoft Windows forum

    I believe they will know more information of this issue than us, and I will move this one to that forum.


    Thanks for your understanding,


    Best regards,


    Jesse Jiang [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, April 20, 2011 9:33 AM
  • can you check 'whoami /full' from an elevated cmd prompt?
    Wednesday, April 20, 2011 11:58 AM
  • There is no /full switch, when I do /all, that gives a huge amount of data, more than what I feel comfortable posting on the web.  What am I looking for?  the user is in the domain's administrator's group and in the BUILTIN\Administrators group, too.  Here is this info:



    Privilege Name                  Description                               State
    =============================== ========================================= ========
    SeIncreaseQuotaPrivilege        Adjust memory quotas for a process        Disabled
    SeSecurityPrivilege             Manage auditing and security log          Disabled
    SeTakeOwnershipPrivilege        Take ownership of files or other objects  Disabled
    SeLoadDriverPrivilege           Load and unload device drivers            Disabled
    SeSystemProfilePrivilege        Profile system performance                Disabled
    SeSystemtimePrivilege           Change the system time                    Disabled
    SeProfileSingleProcessPrivilege Profile single process                    Disabled
    SeIncreaseBasePriorityPrivilege Increase scheduling priority              Disabled
    SeCreatePagefilePrivilege       Create a pagefile                         Disabled
    SeBackupPrivilege               Back up files and directories             Disabled
    SeRestorePrivilege              Restore files and directories             Disabled
    SeShutdownPrivilege             Shut down the system                      Disabled
    SeDebugPrivilege                Debug programs                            Disabled
    SeSystemEnvironmentPrivilege    Modify firmware environment values        Disabled
    SeChangeNotifyPrivilege         Bypass traverse checking                  Enabled
    SeRemoteShutdownPrivilege       Force shutdown from a remote system       Disabled
    SeUndockPrivilege               Remove computer from docking station      Disabled
    SeManageVolumePrivilege         Perform volume maintenance tasks          Disabled
    SeImpersonatePrivilege          Impersonate a client after authentication Enabled
    SeCreateGlobalPrivilege         Create global objects                     Enabled
    SeIncreaseWorkingSetPrivilege   Increase a process working set            Disabled
    SeTimeZonePrivilege             Change the time zone                      Disabled
    SeCreateSymbolicLinkPrivilege   Create symbolic links                     Disabled

    Thursday, April 21, 2011 4:35 AM
  • I wasn't asking you to share it.

    Take a look at your token information, group membership, etc.

    Friday, April 22, 2011 2:21 PM