IsTokenRestricted

[This is preliminary documentation and subject to change.]

The IsTokenRestricted function indicates whether a token contains a list of restricting SIDs.

BOOL IsTokenRestricted(
  HANDLE TokenHandle         // handle to an access token to test
);
 

Parameters

TokenHandle

Handle to an access token to test.

Return Values

If the token contains a list of restricting SIDs, the return value is nonzero.

If the token does not contain a list of restricting SIDs, the return value is zero.

If an error occurs, the return value is zero. To get extended error information, call GetLastError.

Remarks

The CreateRestrictedToken function can restrict a token by disabling SIDs, deleting privileges, and specifying a list of restricting SIDs. The IsTokenRestricted function checks only for the list of restricting SIDs. If a token does not have any restricting SIDs, IsTokenRestricted returns FALSE even though the token was created by a call to CreateRestrictedToken.

QuickInfo

  Windows NT: Requires version 5.0 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in winbase.h.
  Import Library: Use advapi32.lib.

See Also

Access Control Overview, Access Control Functions, CreateRestrictedToken