The AdjustTokenGroups function adjusts groups in the specified access token. TOKEN_ADJUST_GROUPS access is required to enable or disable groups in an access token.
BOOL AdjustTokenGroups(
HANDLE TokenHandle, // handle to token that contains groups
BOOL ResetToDefault, // flag for default settings
PTOKEN_GROUPS NewState, // address of address of new group
// information
DWORD BufferLength, // size of buffer for previous information
PTOKEN_GROUPS PreviousState,
// address of previous group information
PDWORD ReturnLength // address of required buffer size
);
If a buffer is specified but it does not contain enough space to receive the complete list of modified groups, no group states are changed and the function fails. In this case, the function sets the variable pointed to by the ReturnLength parameter to the number of bytes required to hold the complete list of modified groups.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
The information retrieved in the PreviousState parameter is formatted as a TOKEN_GROUPS structure. This means a pointer to the buffer can be passed as the NewState parameter in a subsequent call to the AdjustTokenGroups function, restoring the original state of the groups.
The NewState parameter can list groups to be changed that are not present in the access token. This does not affect the successful modification of the groups in the token.
Mandatory groups cannot be disabled. They are identified by the SE_GROUP_MANDATORY attribute in the TOKEN_GROUPS structure. If an attempt is made to disable any mandatory groups, AdjustTokenGroups fails and leaves the state of all groups unchanged.
You cannot enable a group that has the SE_GROUP_USE_FOR_DENY_ONLY attribute.
Windows NT: Requires version 3.1 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winbase.h.
Import Library: Use advapi32.lib.
Access Control Overview, Access Control Functions, AdjustTokenPrivileges, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetTokenInformation, TOKEN_GROUPS