An article in Microsoft support details how to add privileges such as the SeServiceLogonRight “logon as a service” privilege programmatically. Well, an extensive Google search will turn up nothing at all about the necessary LsaOpenAccount and LsaCreateAccount API calls. But there is hope:

void AddPrivileges(PSID AccountSID, LSA_HANDLE PolicyHandle)
{
  LSA_UNICODE_STRING lucPrivilege;
  NTSTATUS ntsResult;

  // Create an LSA_UNICODE_STRING for the privilege names.
  if (!InitLsaString(&lucPrivilege, L”SeServiceLogonRight”))
  {
         wprintf(L”Failed InitLsaString\n”);
         return;
  }

  ntsResult = LsaAddAccountRights(
    PolicyHandle,  // An open policy handle.
    AccountSID,    // The target SID.
    &lucPrivilege, // The privileges.
    1              // Number of privileges.
  );              Â
  if (ntsResult == STATUS_SUCCESS)
  {
    wprintf(L”Privilege added.\n”);
  }
  else
  {
    wprintf(L”Privilege was not added – %lu \n”,
      LsaNtStatusToWinError(ntsResult));
  }
}

Use this code and you’re up and running! It does everything the example code from the defunct support page at MS is supposed to do.

Enjoy!