Capability SID Constants

The capability SID constants define for applications well-known capabilities by using the AllocateAndInitializeSid function.

SECURITY_CAPABILITY_INTERNET_CLIENT

(0x00000001L)

An account has access to the Internet from a client computer.

SECURITY_CAPABILITY_INTERNET_CLIENT_SERVER

(0x00000002L)

An account has access to the Internet from the client and server computers.

SECURITY_CAPABILITY_PRIVATE_NETWORK_CLIENT_SERVER

(0x00000003L)

An account has access to the Internet from a private network.

SECURITY_CAPABILITY_PICTURES_LIBRARY

(0x00000004L)

An account has access to the pictures library.

SECURITY_CAPABILITY_VIDEOS_LIBRARY

(0x00000005L)

An account has access to the videos library.

SECURITY_CAPABILITY_MUSIC_LIBRARY

(0x00000006L)

An account has access to the music library.

SECURITY_CAPABILITY_DOCUMENTS_LIBRARY

(0x00000007L)

An account has access to the documentation library.

SECURITY_CAPABILITY_ENTERPRISE_AUTHENTICATION

(0x00000008L)

An account has access to the default Windows credentials.

SECURITY_CAPABILITY_SHARED_USER_CERTIFICATES

(0x00000009L)

An account has access to the shared user certificates.

SECURITY_CAPABILITY_REMOVABLE_STORAGE

(0x0000000AL)

An account has access to removable storage.

Remarks

When constructing a capability SID, you need to include the package authority, SECURITY_APP_PACKAGE_AUTHORITY {0,0,0,0,0,15}, in the call to the AllocateAndInitializeSid function. Additionally, you need the base RID and RID count for the built-in capabilities, SECURITY_CAPABILITY_BASE_RID (0x00000003L) and SECURITY_BUILTIN_CAPABILITY_RID_COUNT (2L).

Requirements

Requirement Value
Minimum supported client
Windows 8 [desktop apps only]
Minimum supported server
Windows Server 2012 [desktop apps only]
Header
Winnt.h