MSDN Library

Windows Development

Security and Identity

Authorization

Authorization Reference

Authorization Functions

AccessCheck

AccessCheckAndAuditAlarm

AccessCheckByType

AccessCheckByTypeAndAuditAlarm

AccessCheckByTypeResultList

AccessCheckByTypeResultListAndAuditAlarm

AccessCheckByTypeResultListAndAuditAlarmByHandle

AddAccessAllowedAce

AddAccessAllowedAceEx

AddAccessAllowedObjectAce

AddAccessDeniedAce

AddAccessDeniedAceEx

AddAccessDeniedObjectAce

AddAce

AddAuditAccessAce

AddAuditAccessAceEx

AddAuditAccessObjectAce

AddConditionalAce

AddMandatoryAce

AddResourceAttributeAce

AddScopedPolicyIDAce

AdjustTokenGroups

AdjustTokenPrivileges

AllocateAndInitializeSid

AllocateLocallyUniqueId

AreAllAccessesGranted

AreAnyAccessesGranted

AuditComputeEffectivePolicyBySid

AuditComputeEffectivePolicyByToken

AuditEnumerateCategories

AuditEnumeratePerUserPolicy

AuditEnumerateSubCategories

AuditFree

AuditLookupCategoryGuidFromCategoryId

AuditLookupCategoryIdFromCategoryGuid

AuditLookupCategoryName

AuditLookupSubCategoryName

AuditQueryPerUserPolicy

AuditQuerySecurity

AuditQuerySystemPolicy

AuditSetPerUserPolicy

AuditSetSecurity

AuditSetSystemPolicy

AuthzAccessCheck

AuthzAccessCheckCallback

AuthzAddSidsToContext

AuthzCachedAccessCheck

AuthzComputeGroupsCallback

AuthzEnumerateSecurityEventSources

AuthzFreeAuditEvent

AuthzFreeCentralAccessPolicyCache

AuthzFreeContext

AuthzFreeGroupsCallback

AuthzFreeHandle

AuthzFreeResourceManager

AuthzGetInformationFromContext

AuthzInitializeCompoundContext

AuthzInitializeContextFromAuthzContext

AuthzInitializeContextFromSid

AuthzInitializeContextFromToken

AuthzInitializeObjectAccessAuditEvent

AuthzInitializeObjectAccessAuditEvent2

AuthzInitializeRemoteResourceManager

AuthzInitializeResourceManager

AuthzInitializeResourceManagerEx

AuthzInstallSecurityEventSource

AuthzModifyClaims

AuthzModifySecurityAttributes

AuthzModifySids

AuthzOpenObjectAudit

AuthzRegisterCapChangeNotification

AuthzRegisterSecurityEventSource

AuthzReportSecurityEvent

AuthzReportSecurityEventFromParams

AuthzSetAppContainerInformation

AuthzUninstallSecurityEventSource

AuthzUnregisterCapChangeNotification

AuthzUnregisterSecurityEventSource

BuildExplicitAccessWithName

BuildImpersonateExplicitAccessWithName

BuildImpersonateTrustee

BuildSecurityDescriptor

BuildTrusteeWithName

BuildTrusteeWithObjectsAndName

BuildTrusteeWithObjectsAndSid

BuildTrusteeWithSid

CheckTokenCapability

CheckTokenMembership

CheckTokenMembershipEx

ConvertSecurityDescriptorToStringSecurityDescriptor

ConvertSidToStringSid

ConvertStringSecurityDescriptorToSecurityDescriptor

ConvertStringSidToSid

ConvertToAutoInheritPrivateObjectSecurity

CopySid

CreatePrivateObjectSecurity

CreatePrivateObjectSecurityEx

CreatePrivateObjectSecurityWithMultipleInheritance

CreateRestrictedToken

CreateSecurityPage

CreateWellKnownSid

DeleteAce

DestroyPrivateObjectSecurity

DSCreateSecurityPage

DSCreateISecurityInfoObject

DSCreateISecurityInfoObjectEx

DSEditSecurity

DuplicateToken

DuplicateTokenEx

EditSecurity

EditSecurityAdvanced

EqualDomainSid

EqualPrefixSid

EqualSid

FindFirstFreeAce

FreeInheritedFromArray

FreeSid

GetAce

GetAclInformation

GetAppContainerNamedObjectPath

GetAuditedPermissionsFromAcl

GetEffectiveRightsFromAcl

GetExplicitEntriesFromAcl

GetFileSecurity

GetInheritanceSource

GetKernelObjectSecurity

GetLengthSid

GetMultipleTrustee

GetMultipleTrusteeOperation

GetNamedSecurityInfo

GetPrivateObjectSecurity

GetSecurityDescriptorControl

GetSecurityDescriptorDacl

GetSecurityDescriptorGroup

GetSecurityDescriptorLength

GetSecurityDescriptorOwner

GetSecurityDescriptorRMControl

GetSecurityDescriptorSacl

GetSecurityInfo

GetSidIdentifierAuthority

GetSidLengthRequired

GetSidSubAuthority

GetSidSubAuthorityCount

GetTokenInformation

GetTrusteeForm

GetTrusteeName

GetTrusteeType

GetUserObjectSecurity

GetWindowsAccountDomainSid

ImpersonateAnonymousToken

ImpersonateLoggedOnUser

ImpersonateNamedPipeClient

ImpersonateSelf

InitializeAcl

InitializeSecurityDescriptor

InitializeSid

IsTokenRestricted

IsValidAcl

IsValidSecurityDescriptor

IsValidSid

IsWellKnownSid

LookupAccountName

LookupAccountSid

LookupPrivilegeDisplayName

LookupPrivilegeName

LookupPrivilegeValue

LookupSecurityDescriptorParts

MakeAbsoluteSD

MakeSelfRelativeSD

MapGenericMask

NtCompareTokens

ObjectCloseAuditAlarm

ObjectDeleteAuditAlarm

ObjectOpenAuditAlarm

ObjectPrivilegeAuditAlarm

OpenProcessToken

OpenThreadToken

PrivilegeCheck

PrivilegedServiceAuditAlarm

QuerySecurityAccessMask

QueryServiceObjectSecurity

RegGetKeySecurity

RegSetKeySecurity

RevertToSelf

RtlConvertSidToUnicodeString

RtlSetSaclSecurityDescriptor

SetAclInformation

SetEntriesInAcl

SetFileSecurity

SetKernelObjectSecurity

SetNamedSecurityInfo

SetPrivateObjectSecurity

SetPrivateObjectSecurityEx

SetSecurityAccessMask

SetSecurityDescriptorControl

SetSecurityDescriptorDacl

SetSecurityDescriptorGroup

SetSecurityDescriptorOwner

SetSecurityDescriptorRMControl

SetSecurityDescriptorSacl

SetSecurityInfo

SetServiceObjectSecurity

SetThreadToken

SetTokenInformation

SetUserObjectSecurity

TreeResetNamedSecurityInfo

TreeSetNamedSecurityInfo

Community Content

Add code samples and tips to enhance this topic.

More...

This topic has not yet been rated - Rate this topic

ImpersonateAnonymousToken function

Applies to: desktop apps only

The ImpersonateAnonymousToken function enables the specified thread to impersonate the system's anonymous logon token. To ensure that a token matches the operating system's concept of anonymous access, this function should be called before attempting network access to generate an anonymous token on the remote server.

Syntax

Copy

BOOL WINAPI ImpersonateAnonymousToken(
  __in  HANDLE ThreadHandle
);

Parameters

ThreadHandle [in]: A handle to the thread to impersonate the system's anonymous logon token.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

An error of ACCESS_DENIED may indicate that the token is for a restricted process. Use OpenProcessToken and IsTokenRestricted to check if the process is restricted.

Remarks

Anonymous tokens do not include the Everyone Group SID unless the system default has been overridden by setting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous registry value to DWORD=1.

To cancel the impersonation call RevertToSelf.

Requirements

Minimum supported client	Windows XP
Minimum supported server	Windows Server 2003
Header	Winbase.h (include Windows.h)
Library	Advapi32.lib
DLL	Advapi32.dll

See also

Access Control Overview
Basic Access Control Functions
RevertToSelf

Send comments about this topic to Microsoft

Build date: 3/7/2012

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

Annotations

FAQ

© 2012 Microsoft. All rights reserved.

Terms of Use | Trademarks | Privacy Statement | Site Feedback Site Feedback

Site Feedback

x

Tell us about your experience...

Did the page load quickly?

Yes No

Do you like the page design?

Yes No

Tell us more