Platform SDK: Access Control |
The PrivilegeCheck function determines whether a specified set of privileges are enabled in an access token. PrivilegeCheck is typically called by a server application to check the privileges of a client's access token.
BOOL PrivilegeCheck( HANDLE ClientToken, // handle to client's access token PPRIVILEGE_SET RequiredPrivileges, // privileges LPBOOL pfResult // result );
When PrivilegeCheck returns, the Attributes member of each LUID_AND_ATTRIBUTES structure is set to SE_PRIVILEGE_USED_FOR_ACCESS if the corresponding privilege is enabled.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
An access token contains a list of the privileges held by the account associated with the token. These privileges can be enabled or disabled; most are disabled by default. The PrivilegeCheck function checks only for enabled privileges. To get a list of all the enabled and disabled privileges held by an access token, call the GetTokenInformation function. To enable or disable a set of privileges in an access token, call the AdjustTokenPrivileges function.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Advapi32.lib.
Client/Server Access Control Overview, Client/Server Access Control Functions, AdjustTokenPrivileges, GetTokenInformation, LookupPrivilegeValue, LUID_AND_ATTRIBUTES, ObjectPrivilegeAuditAlarm, PRIVILEGE_SET, PrivilegedServiceAuditAlarm