AdjustTokenPrivileges
The AdjustTokenPrivileges
function enables or disables privileges in the specified access token. Enabling
or disabling privileges in an access token requires TOKEN_ADJUST_PRIVILEGES
access.
BOOL AdjustTokenPrivileges(
|
HANDLE TokenHandle, |
// handle to token
that contains privileges |
|
BOOL DisableAllPrivileges, |
// flag for
disabling all privileges |
|
PTOKEN_PRIVILEGES NewState, |
// pointer to new
privilege information |
|
DWORD BufferLength, |
// size, in bytes,
of the PreviousState buffer |
|
PTOKEN_PRIVILEGES PreviousState, |
// receives
original state of changed privileges |
|
PDWORD ReturnLength |
// receives
required size of the PreviousState buffer |
|
); |
|
Parameters
TokenHandle
Identifies
the access token that contains the privileges to be modified.
DisableAllPrivileges
Specifies
whether the function disables all of the token s privileges. If this value is
TRUE, the function disables all privileges and ignores the NewState
parameter. If it is FALSE, the function modifies privileges based on the
information pointed to by the NewState parameter.
NewState
Pointer to a TOKEN_PRIVILEGES structure that specifies
an array of privileges and their attributes. If the DisableAllPrivileges
parameter is FALSE, AdjustTokenPrivileges enables or disables these
privileges for the token. If you set the SE_PRIVILEGE_ENABLED attribute for a
privilege, the function enables that privilege; otherwise, it disables the
privilege.
If DisableAllPrivileges
is TRUE, the function ignores this parameter.
BufferLength
Specifies the
size, in bytes, of the buffer pointed to by the PreviousState parameter.
This parameter can be NULL if the PreviousState parameter is NULL.
PreviousState
Pointer to a
buffer that the function fills with a TOKEN_PRIVILEGES structure
containing the previous state of any privileges the function modifies. The
token must be open for TOKEN_QUERY access to use this parameter. This parameter
can be NULL.
If you
specify a buffer that is too small to receive the complete list of modified
privileges, the function fails and does not adjust any privileges. In this
case, the function sets the variable pointed to by the ReturnLength
parameter to the number of bytes required to hold the complete list of modified
privileges.
ReturnLength
Pointer to a
variable that receives the required size, in bytes, of the buffer pointed to by
the PreviousState parameter. This parameter can be NULL if PreviousState
is NULL.
Return Values
If the
function succeeds, the return value is nonzero. To determine whether the
function adjusted all of the specified privileges, call GetLastError, which returns one of the
following values when the function succeeds:
|
Value |
Description |
|
ERROR_SUCCESS |
The
function adjusted all specified privileges. |
|
ERROR_NOT_ALL_ASSIGNED |
The token
does not have one or more of the privileges specified in the NewState
parameter. The function may succeed with this error value even if no
privileges were adjusted. The PreviousState parameter indicates the
privileges that were adjusted. |
If the
function fails, the return value is zero. To get extended error information,
call GetLastError.
Remarks
The
AdjustTokenPrivileges function cannot add new privileges to the access
token. It can only enable or disable the token s existing privileges. To determine
the token s privileges, call the GetTokenInformation function.
Note that the
NewState parameter can specify privileges that the token does not have,
without causing the function to fail. In this case, the function adjusts the
privileges that the token does have, ignores the other privileges, and returns
success. Call the GetLastError function to determine whether the
function adjusted all of the specified privileges. The PreviousState
parameter indicates the privileges that were adjusted.
The PreviousState
parameter retrieves a TOKEN_PRIVILEGES structure containing the the original state of
the adjusted privileges. To restore the original state, pass the PreviousState
pointer as the NewState parameter in a subsequent call to the AdjustTokenPrivileges
function
See Also