MSDN Library

Windows Development

Security and Identity

Authorization

Authorization Reference

Authorization Functions

AccessCheck

AccessCheckAndAuditAlarm

AccessCheckByType

AccessCheckByTypeAndAuditAlarm

AccessCheckByTypeResultList

AccessCheckByTypeResultListAndAuditAlarm

AccessCheckByTypeResultListAndAuditAlarmByHandle

AddAccessAllowedAce

AddAccessAllowedAceEx

AddAccessAllowedObjectAce

AddAccessDeniedAce

AddAccessDeniedAceEx

AddAccessDeniedObjectAce

AddAce

AddAuditAccessAce

AddAuditAccessAceEx

AddAuditAccessObjectAce

AddConditionalAce

AddMandatoryAce

AddResourceAttributeAce

AddScopedPolicyIDAce

AdjustTokenGroups

AdjustTokenPrivileges

AllocateAndInitializeSid

AllocateLocallyUniqueId

AreAllAccessesGranted

AreAnyAccessesGranted

AuditComputeEffectivePolicyBySid

AuditComputeEffectivePolicyByToken

AuditEnumerateCategories

AuditEnumeratePerUserPolicy

AuditEnumerateSubCategories

AuditFree

AuditLookupCategoryGuidFromCategoryId

AuditLookupCategoryIdFromCategoryGuid

AuditLookupCategoryName

AuditLookupSubCategoryName

AuditQueryPerUserPolicy

AuditQuerySecurity

AuditQuerySystemPolicy

AuditSetPerUserPolicy

AuditSetSecurity

AuditSetSystemPolicy

AuthzAccessCheck

AuthzAccessCheckCallback

AuthzAddSidsToContext

AuthzCachedAccessCheck

AuthzComputeGroupsCallback

AuthzEnumerateSecurityEventSources

AuthzFreeAuditEvent

AuthzFreeCentralAccessPolicyCache

AuthzFreeContext

AuthzFreeGroupsCallback

AuthzFreeHandle

AuthzFreeResourceManager

AuthzGetInformationFromContext

AuthzInitializeCompoundContext

AuthzInitializeContextFromAuthzContext

AuthzInitializeContextFromSid

AuthzInitializeContextFromToken

AuthzInitializeObjectAccessAuditEvent

AuthzInitializeObjectAccessAuditEvent2

AuthzInitializeRemoteResourceManager

AuthzInitializeResourceManager

AuthzInitializeResourceManagerEx

AuthzInstallSecurityEventSource

AuthzModifyClaims

AuthzModifySecurityAttributes

AuthzModifySids

AuthzOpenObjectAudit

AuthzRegisterCapChangeNotification

AuthzRegisterSecurityEventSource

AuthzReportSecurityEvent

AuthzReportSecurityEventFromParams

AuthzSetAppContainerInformation

AuthzUninstallSecurityEventSource

AuthzUnregisterCapChangeNotification

AuthzUnregisterSecurityEventSource

BuildExplicitAccessWithName

BuildImpersonateExplicitAccessWithName

BuildImpersonateTrustee

BuildSecurityDescriptor

BuildTrusteeWithName

BuildTrusteeWithObjectsAndName

BuildTrusteeWithObjectsAndSid

BuildTrusteeWithSid

CheckTokenCapability

CheckTokenMembership

CheckTokenMembershipEx

ConvertSecurityDescriptorToStringSecurityDescriptor

ConvertSidToStringSid

ConvertStringSecurityDescriptorToSecurityDescriptor

ConvertStringSidToSid

ConvertToAutoInheritPrivateObjectSecurity

CopySid

CreatePrivateObjectSecurity

CreatePrivateObjectSecurityEx

CreatePrivateObjectSecurityWithMultipleInheritance

CreateRestrictedToken

CreateSecurityPage

CreateWellKnownSid

DeleteAce

DestroyPrivateObjectSecurity

DSCreateSecurityPage

DSCreateISecurityInfoObject

DSCreateISecurityInfoObjectEx

DSEditSecurity

DuplicateToken

DuplicateTokenEx

EditSecurity

EditSecurityAdvanced

EqualDomainSid

EqualPrefixSid

EqualSid

FindFirstFreeAce

FreeInheritedFromArray

FreeSid

GetAce

GetAclInformation

GetAppContainerNamedObjectPath

GetAuditedPermissionsFromAcl

GetEffectiveRightsFromAcl

GetExplicitEntriesFromAcl

GetFileSecurity

GetInheritanceSource

GetKernelObjectSecurity

GetLengthSid

GetMultipleTrustee

GetMultipleTrusteeOperation

GetNamedSecurityInfo

GetPrivateObjectSecurity

GetSecurityDescriptorControl

GetSecurityDescriptorDacl

GetSecurityDescriptorGroup

GetSecurityDescriptorLength

GetSecurityDescriptorOwner

GetSecurityDescriptorRMControl

GetSecurityDescriptorSacl

GetSecurityInfo

GetSidIdentifierAuthority

GetSidLengthRequired

GetSidSubAuthority

GetSidSubAuthorityCount

GetTokenInformation

GetTrusteeForm

GetTrusteeName

GetTrusteeType

GetUserObjectSecurity

GetWindowsAccountDomainSid

ImpersonateAnonymousToken

ImpersonateLoggedOnUser

ImpersonateNamedPipeClient

ImpersonateSelf

InitializeAcl

InitializeSecurityDescriptor

InitializeSid

IsTokenRestricted

IsValidAcl

IsValidSecurityDescriptor

IsValidSid

IsWellKnownSid

LookupAccountName

LookupAccountSid

LookupPrivilegeDisplayName

LookupPrivilegeName

LookupPrivilegeValue

LookupSecurityDescriptorParts

MakeAbsoluteSD

MakeSelfRelativeSD

MapGenericMask

NtCompareTokens

ObjectCloseAuditAlarm

ObjectDeleteAuditAlarm

ObjectOpenAuditAlarm

ObjectPrivilegeAuditAlarm

OpenProcessToken

OpenThreadToken

PrivilegeCheck

PrivilegedServiceAuditAlarm

QuerySecurityAccessMask

QueryServiceObjectSecurity

RegGetKeySecurity

RegSetKeySecurity

RevertToSelf

RtlConvertSidToUnicodeString

RtlSetSaclSecurityDescriptor

SetAclInformation

SetEntriesInAcl

SetFileSecurity

SetKernelObjectSecurity

SetNamedSecurityInfo

SetPrivateObjectSecurity

SetPrivateObjectSecurityEx

SetSecurityAccessMask

SetSecurityDescriptorControl

SetSecurityDescriptorDacl

SetSecurityDescriptorGroup

SetSecurityDescriptorOwner

SetSecurityDescriptorRMControl

SetSecurityDescriptorSacl

SetSecurityInfo

SetServiceObjectSecurity

SetThreadToken

SetTokenInformation

SetUserObjectSecurity

TreeResetNamedSecurityInfo

TreeSetNamedSecurityInfo

Community Content

Add code samples and tips to enhance this topic.

More...

This topic has not yet been rated - Rate this topic

IsTokenRestricted function

Applies to: desktop apps only

The IsTokenRestricted function indicates whether a token contains a list of restricted security identifiers (SIDs).

Syntax

Copy

BOOL WINAPI IsTokenRestricted(
  __in  HANDLE TokenHandle
);

Parameters

TokenHandle [in]: A handle to an access token to test.

Return value

If the token contains a list of restricting SIDs, the return value is nonzero.

If the token does not contain a list of restricting SIDs, the return value is zero.

If an error occurs, the return value is zero. To get extended error information, call GetLastError.

Remarks

The CreateRestrictedToken function can restrict a token by disabling SIDs, deleting privileges, and specifying a list of restricting SIDs. The IsTokenRestricted function checks only for the list of restricting SIDs. If a token does not have any restricting SIDs, IsTokenRestricted returns FALSE, even though the token was created by a call to CreateRestrictedToken.

Requirements

Minimum supported client	Windows XP
Minimum supported server	Windows Server 2003
Header	Winbase.h (include Windows.h)
Library	Advapi32.lib
DLL	Advapi32.dll

See also

Access Control Overview
Basic Access Control Functions
CreateRestrictedToken

Send comments about this topic to Microsoft

Build date: 3/7/2012

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

Annotations

FAQ

© 2012 Microsoft. All rights reserved.

Terms of Use | Trademarks | Privacy Statement | Site Feedback Site Feedback

Site Feedback

x

Tell us about your experience...

Did the page load quickly?

Yes No

Do you like the page design?

Yes No

Tell us more