Export (0) Print
Expand All
Expand Minimize

ImpersonateAnonymousToken function

The ImpersonateAnonymousToken function enables the specified thread to impersonate the system's anonymous logon token. To ensure that a token matches the operating system's concept of anonymous access, this function should be called before attempting network access to generate an anonymous token on the remote server.

Syntax


BOOL WINAPI ImpersonateAnonymousToken(
  _In_  HANDLE ThreadHandle
);

Parameters

ThreadHandle [in]

A handle to the thread to impersonate the system's anonymous logon token.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

An error of ACCESS_DENIED may indicate that the token is for a restricted process. Use OpenProcessToken and IsTokenRestricted to check if the process is restricted.

Remarks

Anonymous tokens do not include the Everyone Group SID unless the system default has been overridden by setting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous registry value to DWORD=1.

To cancel the impersonation call RevertToSelf.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Winbase.h (include Windows.h)

Library

Advapi32.lib

DLL

Advapi32.dll

See also

Access Control Overview
Basic Access Control Functions
RevertToSelf

 

 

Community Additions

ADD
Show:
© 2014 Microsoft