TRUSTEE  MF3FQN 

[New - Windows NT]

The TRUSTEE structure identifies a user account, group account, or a logon account for a program such as a Windows NT service. The structure can use a name or a security identifier (SIDCLJI72) to identify the trustee.

Access control functions, such as SetEntriesInAcl0LYB0G and GetExplicitEntriesFromAclD1E2UB, use this structure to identify the logon account associated with the access-control or audit-control information in an EXPLICIT_ACCESS structure.

typedef struct _TRUSTEE

    PTRUSTEE                    pMultipleTrustee;

    MULTIPLE_TRUSTEE_OPERATION  MultipleTrusteeOperation;

    TRUSTEE_FORM                TrusteeForm;

    TRUSTEE_TYPE                TrusteeType;

    LPTSTR                      ptstrName;

} TRUSTEE;

 

Members

pMultipleTrustee

Pointer to a TRUSTEE structure that identifies a server account that can impersonate the user identified by the ptstrName member. Windows NT does not currently support this functionality; therefore, this member must be NULL.

MultipleTrusteeOperation

Specifies a value from the MULTIPLE_TRUSTEE_OPERATION36Z2SH4 enumeration type. Currently, this member must be NO_MULTIPLE_TRUSTEE.

TrusteeForm

Specifies a value from the TRUSTEE_FORM2Y5KDP5 enumeration type that indicates whether the trustee is identified by name or by a SID.

TrusteeType

Specifies a value from the TRUSTEE_TYPE22_62DE enumeration type that indicates whether the trustee is a user account, a group account, or the account type is unknown.

ptstrName

If TrusteeForm is TRUSTEE_IS_NAME, this member is a pointer to a null-terminated string that contains the name of the trustee.

If TrusteeForm is TRUSTEE_IS_SID, this member is a pointer to the SID of the trustee.

 

Remarks

A trustee name can have any of the following formats:

    A fully qualified name, such as  g:\remotedir\abc .

    A Windows NT version 3.x or later domain account, such as  redmond\xyz .

    One of the predefined group names, such as  EVERYONE  or  GUEST .

    One of the following special names.

Name

Meaning

 CURRENT_USER 

Indicates the owner of the calling thread or process.

 CREATOR OWNER 

Indicates the CREATOR_OWNER security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the SID of the user who created the object.

 CREATOR GROUP 

Indicates the CREATOR_GROUP security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the primary group SID of the user who created the object.

 

A trustee SID can be any user or group SID. It can also be any of the universal, well-known SIDs. For more information, see Security Identifiers (SIDs)SO25GK.

See Also

ACL, EXPLICIT_ACCESS, GetExplicitEntriesFromAcl, MULTIPLE_TRUSTEE_OPERATION, SetEntriesInAcl, SID, TRUSTEE_FORM, TRUSTEE_TYPE,