WTSQueryUserToken function (wtsapi32.h)
Obtains the primary access token of the logged-on user specified by the session ID. To call this function successfully, the calling application must be running within the context of the LocalSystem account and have the SE_TCB_NAME privilege.
Syntax
BOOL WTSQueryUserToken(
[in] ULONG SessionId,
[out] PHANDLE phToken
);
Parameters
[in] SessionId
A Remote Desktop Services session identifier. Any program running in the context of a service will have a session identifier of zero (0). You can use the WTSEnumerateSessions function to retrieve the identifiers of all sessions on a specified RD Session Host server.
To be able to query information for another user's session, you need to have the Query Information permission. For more information, see Remote Desktop Services Permissions. To modify permissions on a session, use the Remote Desktop Services Configuration administrative tool.
[out] phToken
If the function succeeds, receives a pointer to the token handle for the logged-on user. Note that you must call the CloseHandle function to close this handle.
Return value
If the function succeeds, the return value is a nonzero value, and the phToken parameter points to the primary token of the user.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
For information about primary tokens, see Access Tokens. For more information about account privileges, see Remote Desktop Services Permissions and Authorization Constants.
See LocalSystem account for information about the privileges associated with that account.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista |
| Minimum supported server | Windows Server 2008 |
| Target Platform | Windows |
| Header | wtsapi32.h |
| Library | Wtsapi32.lib |
| DLL | Wtsapi32.dll |
| API set | ext-ms-win-session-wtsapi32-l1-1-0 (introduced in Windows 8) |