BOOL AdjustTokenPrivileges(TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength) | |||
HANDLE TokenHandle; | |||
BOOL DisableAllPrivileges; | |||
PTOKEN_PRIVILEGES NewState; | |||
DWORD BufferLength; | |||
PTOKEN_PRIVILEGES PreviousState; | |||
PDWORD ReturnLength; |
The AdjustTokenPrivileges function enables and/or disables privileges in the specified token. It can optionally capture the previous state of changed privileges. TOKEN_ADJUST_PRIVILEGES access is required to enable or disable privileges in a token.
The absence of some of the privileges listed to be changed doesn't affect the successful modification of those privileges that are in the token.
TokenHandle
Handle to the token whose privileges the function will enable/disable.
DisableAllPrivileges
Boolean value that, if TRUE, tells the function to disable all of the token's privileges. In that case, the function ignores the NewState parameter. If FALSE, the function enables/disables privileges using the NewStateParameter.
NewState
Optional pointer to a TOKEN_PRIVILEGES data structure that contains the privileges whose states are to be enabled/disabled. If present, and if DisableAllPrivileges is FALSE, the function sets each of the token's privileges to the value of that privilege's Enabled flag within this data structure.
The TOKEN_PRIVILEGES data structure has the following form:
typedef struct _TOKEN_PRIVILEGES { /* tp */
DWORD PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES ;
BufferLength
Optionally specifies the size in bytes of the buffer pointed to by PreviousState. A value is required if PreviousState is non-NULL.
PreviousState
Optional pointer to a buffer that the function will fill with a TOKEN_PRIVILEGES data structure containing the pre-adjustment state of any privileges the function modifies.
The TOKEN_PRIVILEGES data structure is detailed in the discussion of the NewState parameter above.
Since the information is formatted as a TOKEN_PRIVILEGES data structure, a pointer to the buffer can be passed as the NewState parameter in a subsequent call to this function, thus restoring the original state of the privileges.
TOKEN_QUERY access is needed to use this parameter.
If the buffer is not large enough to receive the complete list of modified privileges, then no privilege states are changed, and STATUS_BUFFER_TOO_SMALL is returned. In this case, the function sets the variable pointed to by the ReturnLength parameter to the actual number of bytes needed to hold the complete list of modified privileges.
ReturnLength
Optional pointer to a variable that the function will set to the actual number of bytes needed to hold the previous privilege state information. This parameter is ignored if PreviousState is NULL.
The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.
AdjustTokenGroups, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetTokenInformation