Export (0) Print
Expand All
Expand Minimize
4 out of 7 rated this helpful - Rate this topic

PrivilegeCheck function

The PrivilegeCheck function determines whether a specified set of privileges are enabled in an access token. The PrivilegeCheck function is typically called by a server application to check the privileges of a client's access token.

Syntax


BOOL WINAPI PrivilegeCheck(
  _In_     HANDLE ClientToken,
  _Inout_  PPRIVILEGE_SET RequiredPrivileges,
  _Out_    LPBOOL pfResult
);

Parameters

ClientToken [in]

A handle to an access token representing a client process. This handle must have been obtained by opening the token of a thread impersonating the client. The token must be open for TOKEN_QUERY access.

RequiredPrivileges [in, out]

A pointer to a PRIVILEGE_SET structure. The Privilege member of this structure is an array of LUID_AND_ATTRIBUTES structures. Before calling PrivilegeCheck, use the Privilege array to indicate the set of privileges to check. Set the Control member to PRIVILEGE_SET_ALL_NECESSARY if all of the privileges must be enabled; or set it to zero if it is sufficient that any one of the privileges be enabled.

When PrivilegeCheck returns, the Attributes member of each LUID_AND_ATTRIBUTES structure is set to SE_PRIVILEGE_USED_FOR_ACCESS if the corresponding privilege is enabled.

pfResult [out]

A pointer to a value the function sets to indicate whether any or all of the specified privileges are enabled in the access token. If the Control member of the PRIVILEGE_SET structure specifies PRIVILEGE_SET_ALL_NECESSARY, this value is TRUE only if all the privileges are enabled; otherwise, this value is TRUE if any of the privileges are enabled.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

An access token contains a list of the privileges held by the account associated with the token. These privileges can be enabled or disabled; most are disabled by default. The PrivilegeCheck function checks only for enabled privileges. To get a list of all the enabled and disabled privileges held by an access token, call the GetTokenInformation function. To enable or disable a set of privileges in an access token, call the AdjustTokenPrivileges function.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Winbase.h (include Windows.h)

Library

Advapi32.lib

DLL

Advapi32.dll

See also

Client/Server Access Control Overview
Client/Server Access Control Functions
AdjustTokenPrivileges
GetTokenInformation
LookupPrivilegeValue
LUID_AND_ATTRIBUTES
ObjectPrivilegeAuditAlarm
PRIVILEGE_SET
PrivilegedServiceAuditAlarm

 

 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.