| Platform SDK: Access Control |
The IsTokenRestricted function indicates whether a token contains a list of restricting SIDs.
BOOL IsTokenRestricted( HANDLE TokenHandle // handle to access token );
If the token contains a list of restricting SIDs, the return value is nonzero.
If the token does not contain a list of restricting SIDs, the return value is zero.
If an error occurs, the return value is zero. To get extended error information, call GetLastError.
The CreateRestrictedToken function can restrict a token by disabling SIDs, deleting privileges, and specifying a list of restricting SIDs. The IsTokenRestricted function checks only for the list of restricting SIDs. If a token does not have any restricting SIDs, IsTokenRestricted returns FALSE even though the token was created by a call to CreateRestrictedToken.
Windows NT/2000: Requires Windows 2000.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Advapi32.lib.
Access Control Overview, Access Control Functions, CreateRestrictedToken