| Platform SDK: Access Control |
The GetTokenInformation function retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
To determine if a user is a member of a specific group, use the CheckTokenMembership function.
BOOL GetTokenInformation( HANDLE TokenHandle, // handle to access token TOKEN_INFORMATION_CLASS TokenInformationClass, // token type LPVOID TokenInformation, // buffer DWORD TokenInformationLength, // size of buffer PDWORD ReturnLength // required buffer size );
| Value | Description |
|---|---|
| NULL | The function returns the required buffer size. No data is stored in the buffer. |
| TokenDefaultDacl | The buffer receives a TOKEN_DEFAULT_DACL structure containing the default DACL for newly created objects. |
| TokenGroups | The buffer receives a TOKEN_GROUPS structure containing the group accounts associated with the token. |
| TokenImpersonationLevel | The buffer receives a SECURITY_IMPERSONATION_LEVEL value indicating the impersonation level of the token. If the access token is not an impersonation token, the function fails. |
| TokenOwner | The buffer receives a TOKEN_OWNER structure containing the default owner SID for newly created objects. |
| TokenPrimaryGroup | The buffer receives a TOKEN_PRIMARY_GROUP structure containing the default primary group SID for newly created objects. |
| TokenPrivileges | The buffer receives a TOKEN_PRIVILEGES structure containing the token's privileges. |
| TokenRestrictedSids | The buffer receives a TOKEN_GROUPS structure containing the list of restricting SIDs in a restricted token. |
| TokenSessionId | The buffer receives a DWORD value that indicates the Terminal Services session identifier associated with the token. If the token is associated with the Terminal Server console session, the session identifier is zero. A nonzero session identifier indicates a Terminal Services client session. In a non-Terminal Services environment, the session identifier is zero. |
| TokenSource | The buffer receives a TOKEN_SOURCE structure containing the source of the token. TOKEN_QUERY_SOURCE access is needed to retrieve this information. |
| TokenStatistics | The buffer receives a TOKEN_STATISTICS structure containing various token statistics. |
| TokenType | The buffer receives a TOKEN_TYPE value indicating whether the token is a primary or impersonation token. |
| TokenUser | The buffer receives a TOKEN_USER structure containing the token's user account. |
If the value of the TokenInformationClass parameter is TokenDefaultDacl and the token has no default DACL, the function sets the variable pointed to by ReturnLength to sizeof(TOKEN_DEFAULT_DACL) and sets the DefaultDacl member of the TOKEN_DEFAULT_DACL structure to NULL.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Advapi32.lib.
Access Control Overview, Access Control Functions, AdjustTokenGroups, AdjustTokenPrivileges, CheckTokenMembership, OpenProcessToken, OpenThreadToken, SetTokenInformation, SECURITY_IMPERSONATION_LEVEL, TOKEN_DEFAULT_DACL, TOKEN_GROUPS, TOKEN_INFORMATION_CLASS, TOKEN_OWNER, TOKEN_PRIMARY_GROUP, TOKEN_PRIVILEGES, TOKEN_SOURCE, TOKEN_STATISTICS, TOKEN_TYPE, TOKEN_USER