Win32 has been designed with B-level security in mind, and Windows NT will initially be certified as C2 secure.
For additional information on the security design, see the Security Overview.
The security functions include:
| Function | Description |
| AbsoluteToSelfRelativeSD | |
| AccessCheck | |
| AccessCheckAndAuditAlarm | |
| AddAccessAllowedAce | |
| AddAce | |
| AdjustTokenGroups | |
| AdjustTokenPrivileges | |
| AreAllAccessesGranted | |
| AreAnyAccessesGranted | |
| CloseWindowStation | |
| CopySid | |
| CreateUserObjectSecurity | |
| DdeImpersonateClient | |
| DdeRevertToSelf | |
| DeleteAce | |
| DestroyUserObjectSecurity | |
| EnumDisplayDevices | |
| EnumWindowStationFunc | |
| EnumWindowStations | |
| EqualSid | |
| GetAce | |
| GetAclInformation | |
| GetFileSecurity | |
| GetInputDesktop | |
| GetLengthSid | |
| GetObjectSecurity | |
| GetProcessWindowStation | |
| GetSecurityDescriptorControl | |
| GetSecurityDescriptorDacl | |
| GetSecurityDescriptorGroup | |
| GetSecurityDescriptorLength | |
| GetSecurityDescriptorOwner | |
| GetSecurityDescriptorSacl | |
| GetSidIdentifierAuthority | |
| GetSidLengthRequired | |
| GetSidSubAuthority | |
| GetSidSubAuthorityCount | |
| GetTokenInformation | |
| GetUserObjectSecurity | |
| GetWindowStationAttrs | |
| ImpersonateNamedPipeClient | |
| InitializeAcl | |
| InitializeSecurityDescriptor | |
| InitializeSid | |
| IsValidAcl | |
| IsValidSecurityDescriptor | |
| IsValidSid | |
| MapGenericMask | |
| NamedPipeRevertToSelf | |
| ObjectCloseAuditAlarm | |
| ObjectOpenAuditAlarm | |
| ObjectPrivilegeAuditAlarm | |
| OpenProcessToken | |
| OpenThreadToken | |
| OpenWindowStation | |
| PrivilegeCheck | |
| PrivilegedServiceAuditAlarm | |
| SelfRelativeToAbsoluteSD | |
| SetAclInformation | |
| SetFileSecurity | |
| SetObjectSecurity | |
| SetProcessWindowStation | |
| SetSecurityDescriptorDacl | |
| SetSecurityDescriptorGroup | |
| SetSecurityDescriptorOwner | |
| SetSecurityDescriptorSacl | |
| SetTokenInformation | |
| SetUserObjectSecurity |