DeriveCapabilitySidsFromName function (securitybaseapi.h)
This function constructs two arrays of SIDs out of a capability name. One is an array group SID with NT Authority, and the other is an array of capability SIDs with AppAuthority.
Syntax
BOOL DeriveCapabilitySidsFromName(
[in] LPCWSTR CapName,
[out] PSID **CapabilityGroupSids,
[out] DWORD *CapabilityGroupSidCount,
[out] PSID **CapabilitySids,
[out] DWORD *CapabilitySidCount
);
Parameters
[in] CapName
Name of the capability in string form.
[out] CapabilityGroupSids
The GroupSids with NTAuthority.
[out] CapabilityGroupSidCount
The count of GroupSids in the array.
[out] CapabilitySids
CapabilitySids with AppAuthority.
[out] CapabilitySidCount
The count of CapabilitySid with AppAuthority.
Return value
If the function succeeds, it returns TRUE.
If the function fails, it returns FALSE. To get extended error information, call GetLastError.
Remarks
The caller is expected to free the individual SIDs returned in each array by calling LocalFree, as well as memory allocated for the array itself.
The SID computed for the application capability of legacy capabilities (published prior to Win10) will be the same as the published SIDs but the SID for the service group capability SID will be hash based.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps | UWP apps] |
| Minimum supported server | Windows Server 2003 [desktop apps | UWP apps] |
| Target Platform | Windows |
| Header | securitybaseapi.h (include Windows.h) |
| Library | Advapi32.lib |
| DLL | Kernel32.dll |