These are the things you may want to read up on.
LsaAddAccountRights
Grants privileges to a sid. To convert account names to sid's use LsaLookupNames. Be really carefully with the sid. If the sid does not belong to a user, LsaAddAccountRights creates a new user without a user name.
LsaRemoveAccountRights
Removes privileges from a sid. To convert account names to sid's use LsaLookupNames. If the optional parameter $all is not null, all privileges for $sid will be removed. In this case, @privileges has no meaning. Note: there is a mistake in the documentation from Microsoft (see the platform sdk). If you remove all privileges with the $all parameter the account won't be deleted.
The right is SE_NETWORK_LOGON_NAME.
Unfortunately, I only know how to access them via Perl at this time. Maybe someone else can add more information or provide a way to search and destroy your unathorized shares.
