怎么感觉LAS是和帐户相关的API,好像和IPSec没什么关系吧? 在vista上,IPSec可以用WFP API来配置,在server2003上,没找到api.[/quote]我没有深入研究 从文档的说明来看 组策略数据库就是这个子系统管的:
Policy Object
The Policy object is used to control access to the Local Security Authority (LSA) database and contains information that applies to the entire system or establishes defaults for the system. Each system has only one Policy object. This Policy object is created by the LSA when the system starts up, and applications cannot create or destroy it.
The information stored in a Policy object includes:
System default memory quota. Unless otherwise specified, each user logging on to the system will be assigned this memory quota. Special memory quotas can be assigned to individuals or members of groups or local groups through an Account object.
System-wide security auditing requirements.
The name and SID of the account domain of this system.
Information about the primary domain of this system. This information includes the name and SID of the primary domain, the name of the account within the primary domain that is to be used for authentication requests, name and SID translations, and obtaining the names of domain controllers within the domain. These names may be out of date and should be taken only as a hint. The order of this list is assumed to be significant and will be maintained. This allows, for example, the first name in the list to represent the last-known primary domain controller.
Information about whether the LSA holds the master copy of the policy information or a replica. Only part of the policy information is replicated; the remainder is established on a per-system basis.
所以你的问题就好像是“要吃饭但是你怎么给我找了家餐厅,以前我是用碗筷吃的” 哈哈 开个玩笑 相信LSA文档里面能找到访问方法,并且好像是有例子的。另外还有一个笨办法就是做好策略导出为文件,这个文件通常是文本格式的,然后用代码依葫芦画瓢,做好一个“导出文件”再用其他方式导入:powershell基本可以肯定有办法导入导出,mmc命令行也许可以。