SeTokenSetNoChildProcessRestricted function (ntifs.h)
The SeTokenSetNoChildProcessRestricted routine sets the TOKEN_NO_CHILD_PROCESS_UNLESS_SECURE or TOKEN_AUDIT_NO_CHILD_PROCESS flags in the token.
Syntax
void SeTokenSetNoChildProcessRestricted(
[in] PACCESS_TOKEN Token,
[in] BOOLEAN UnlessSecure,
[in] BOOLEAN AuditOnly
);
Parameters
[in] Token
Specifies a pointer to the access token.
[in] UnlessSecure
A pointer to a boolean that indicates that secure process creation should always be enabled.
[in] AuditOnly
A pointer to a boolean that indicates if the mitigation should be enabled in audit-only mode.
Return value
None
Remarks
Note that both flags cannot be set at the same time and it is possible to upgrade from audit-only mode to enforcement mode but not vice-versa.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 10, version 1709. |
| Target Platform | Windows |
| Header | ntifs.h (include Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |