DuplicateToken

The DuplicateToken function creates a new access token that duplicates one already in existence.

BOOL DuplicateToken(
  HANDLE ExistingTokenHandle,    // handle to token to duplicate
  SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
                                 // impersonation level
  PHANDLE DuplicateTokenHandle   // handle to duplicated token
);
 

Parameters

ExistingTokenHandle

Identifies an access token opened with TOKEN_DUPLICATE access.

ImpersonationLevel

Specifies a SECURITY_IMPERSONATION_LEVEL enumerated type that supplies the impersonation level of the new token.

DuplicateTokenHandle

Pointer to a variable that receives the handle of the duplicate token. This handle has TOKEN_IMPERSONATE and TOKEN_QUERY access to the new token.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The DuplicateToken function creates an impersonation token, which you can use in functions such as SetThreadToken and ImpersonateLoggedOnUser. The token created by DuplicateToken cannot be used in the CreateProcessAsUser function, which requires a primary token. To create a token that you can pass to CreateProcessAsUser, use the DuplicateTokenEx function.

QuickInfo

  Windows NT: Requires version 3.1 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in winbase.h.
  Import Library: Use advapi32.lib.

See Also

Access Control Overview, Access Control Functions, CreateProcessAsUser, DuplicateTokenEx, ImpersonateLoggedOnUser, SECURITY_IMPERSONATION_LEVEL, SetThreadToken