Platform SDK: Access Control

SetTokenInformation

The SetTokenInformation function sets various types of information for a specified access token. The information it sets replaces existing information. The calling process must have appropriate access rights to set the information.

BOOL SetTokenInformation(
  HANDLE TokenHandle,                            // handle to access token
  TOKEN_INFORMATION_CLASS TokenInformationClass, // type
  LPVOID TokenInformation,                       // buffer
  DWORD TokenInformationLength                   // size of buffer
);

Parameters

TokenHandle
[in] Handle to the access token for which information is to be set.
TokenInformationClass
[in] Specifies a value from the TOKEN_INFORMATION_CLASS enumerated type identifying the type of information the function sets. The valid values from TOKEN_INFORMATION_CLASS are TokenOwner, TokenPrimaryGroup, and TokenDefaultDacl. For more information about these values, see the description of the TokenInformation parameter, following.
TokenInformation
[in] Pointer to a buffer containing the information set in the access token. The structure of this buffer depends on the type of information specified by the TokenInformationClass parameter. The following three values are valid in calls to this function:
Token Information Class Structure Provided
TokenOwner TOKEN_OWNER structure. The TOKEN_ADJUST_DEFAULT access right is needed to set owner information. A valid owner value is a user or group identifier with an attribute allowing assignment as the owner of objects.
TokenPrimaryGroup TOKEN_PRIMARY_GROUP structure. The TOKEN_ADJUST_DEFAULT access right is needed to set primary group information.
TokenDefaultDacl TOKEN_DEFAULT_DACL structure. The TOKEN_ADJUST_DEFAULT access right is needed to set information in the default discretionary access-control list (ACL). The ACL structure provided as a new default discretionary ACL is not validated for correctness or consistency. If the TokenInformation parameter is NULL, the current default discretionary ACL is removed and no replacement is established.

The formats for the structures this function can set are listed in the following Remarks section.

TokenInformationLength
[in] Specifies the length, in bytes, of the buffer pointed to by TokenInformation.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

To set privilege information, an application can call the AdjustTokenPrivileges function. To set a token's groups, an application can call the AdjustTokenGroups function.

Token-type information can be set only when an access token is created.

Requirements

  Windows NT/2000: Requires Windows NT 3.1 or later.
  Header: Declared in Winbase.h; include Windows.h.
  Library: Use Advapi32.lib.

See Also

Access Control Overview, Access Control Functions, AdjustTokenGroups, AdjustTokenPrivileges, GetTokenInformation, OpenProcessToken, OpenThreadToken, TOKEN_DEFAULT_DACL, TOKEN_INFORMATION_CLASS, TOKEN_OWNER, TOKEN_PRIMARY_GROUP