| BOOL OpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle) | |||
| HANDLE ThreadHandle; | |||
| DWORD DesiredAccess; | |||
| BOOL OpenAsSelf; | |||
| PHANDLE TokenHandle; |
The OpenThreadToken function opens a token object associated with a thread. The function obtains a handle that may be used to access that token.
ThreadHandle
Handle that specifies the thread whose token is to be opened.
DesiredAccess
An access mask that specifies the desired types of access to the token. These desired access types are reconciled against the token's discretionary access control list (ACL) to determine which accesses are granted or denied.
OpenAsSelf
A boolean value. A value of FALSE specifies that the access should be made using the calling thread's unmodified current security context. The thread's context can be that of a client if the thread is currently impersonating one. A value of TRUE specifies that the access should be made using the calling thread's process-level security context.
This parameter allows a server process to open a client's token in the case where the client specifies IDENTIFICATION level impersonation. Without this parameter, the caller would not be able to open the client's token using the client's context. That is because it is impossible to create executive level objects using IDENTIFICATION level impersonation.
TokenHandle
Pointer to a handle that the function will set to the handle of the newly-opened token.
The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.
AdjustTokenGroups, AdjustTokenPrivileges, GetTokenInformation, OpenProcessToken, SetTokenInformation