CAccessToken::CreateRestrictedToken
Call this method to create a new, restricted CAccessToken object.
bool CreateRestrictedToken(
CAccessToken* pRestrictedToken,
const CTokenGroups& SidsToDisable,
const CTokenGroups& SidsToRestrict,
const CTokenPrivileges& PrivilegesToDelete = CTokenPrivileges( )
) const throw(...);
Parameters
pRestrictedToken
The new, restricted CAccessToken object.SidsToDisable
A CTokenGroups object that specifies the deny-only SIDs.SidsToRestrict
A CTokenGroups object that specifies the restricting SIDs.PrivilegesToDelete
A CTokenPrivileges object that specifies the privileges to delete in the restricted token. The default creates an empty object.
Return Value
Returns true on success, false on failure.
Remarks
CreateRestrictedToken uses the CreateRestrictedToken Win32 function to create a new CAccessToken object, with restrictions.
Notes
This method is only available on Windows 2000 or later.
Security Note |
---|
When using CreateRestrictedToken, ensure the following: the existing token is valid (and not entered by the user) and SidsToDisable and PrivilegesToDelete are both valid (and not entered by the user). If the method returns false, deny functionality. |
Requirements
Header: atlsecurity.h
See Also
Reference
CAccessToken::CreatePrimaryToken
CAccessToken::CreateImpersonationToken