Function |
Description |
AdjustTokenGroups |
Changes the group information in an access token. |
AdjustTokenPrivileges |
Enables or disables the privileges in an access token. It does not grant new privileges or revoke existing ones. |
AuthzAccessCheck |
Determines which access bits can be granted to a client for a given set of security descriptors. |
AuthzAccessCheckCallback |
An application-defined function that handles callback ACEs during an access check. AuthzAccessCheckCallback is a placeholder for the application-defined function name. |
AuthzAddSidsToContext |
Creates a copy of an existing context and appends a given set of SIDs and restricted SIDs. |
AuthzCachedAccessCheck |
Performs a fast access check based on a cached handle containing the static granted bits from a previous
AuthzAccessCheck call. |
AuthzComputeGroupsCallback |
An application-defined function that creates a list of SIDs that apply to a client. |
AuthzFreeAuditEvent |
Frees the AUDIT_EVENT_INFO structure allocated in the
AuthzInitializeObjectAccessAuditEvent function. |
AuthzFreeContext |
Frees all structures and memory associated with the client context. |
AuthzFreeGroupsCallback |
An application-defined function that frees memory allocated by
AuthzComputeGroupsCallback. |
AuthzFreeHandle |
Finds and deletes a handle from the handle list. |
AuthzFreeResourceManager |
Frees a resource manager object. |
AuthzGetInformationFromAuditInfo |
Queries information in an AUTHZ_AUDIT_INFO_HANDLE structure. |
AuthzGetInformationFromContext |
Returns information about an Authz context. |
AuthzInitializeContextFromAuthzContext |
Creates a new client context based on an existing client context. |
AuthzInitializeContextFromSid |
Creates a user-mode client context from a user SID. |
AuthzInitializeContextFromToken |
Initializes a client authorization context from a kernel token. |
AuthzInitialzeObjectAccessAuditEvent |
Initializes auditing for an object. |
AuthzInitializeResourceManager |
Uses Authz to verify that clients have access to various resources. |
AuthzOpenObjectAudit |
Opens an object for auditing. |
BuildImpersonateExplicitAccessWithName |
Obsolete; do not use. |
BuildImpersonateTrustee |
Obsolete; do not use. |
BuildTrusteeWithName |
Sets other members of the structure to default values. |
BuildTrusteeWithObjectsAndName |
Initializes a
TRUSTEE structure with the object-specific ACE information, initializing the remaining members of the structure to default values. The caller also specifies the name of the trustee. |
BuildTrusteeWithObjectsAndSid |
Initializes a
TRUSTEE structure with the object-specific ACE information, initializing the remaining members of the structure to default values. |
BuildTrusteeWithSid |
Initializes a
TRUSTEE structure. The caller specifies the security identifier (SID) of the trustee. |
CheckTokenMembership |
Determines whether a specified SID is enabled in a specified access token. |
ConvertSecurityDescriptorToStringSecurityDescriptor |
Converts a security descriptor to a string format. |
ConvertSidToStringSid |
Converts a SID to a string format suitable for display, storage, or transmission. |
ConvertStringSecurityDescriptorToSecurityDescriptor |
Converts a string-format security descriptor into a valid, functional security descriptor. |
ConvertStringSidToSid |
Converts a string-format SID into a valid, functional SID. |
CopySid |
Copies a security identifier (SID) to a buffer. |
CreateRestrictedToken |
Creates a new token that is a restricted version of an existing token. The restricted token can have disabled SIDs, deleted privileges, and a list of restricting SIDs. |
DuplicateToken |
Creates a new impersonation token that duplicates an existing token. |
DuplicateTokenEx |
Creates a new primary token or impersonation token that duplicates an existing token. |
EqualPrefixSid |
Tests two security-identifier (SID) prefix values for equality. |
EqualSid |
Tests two security identifier (SID) values for equality. |
FreeSid |
Frees a security identifier (SID) previously allocated by using the
AllocateAndInitializeSid function. |
GetAuditedPermissionsFromAcl |
Retrieves the audited access rights for a specified trustee. |
GetEffectiveRightsFromAcl |
Retrieves the effective access rights that an
ACL grants to a specified trustee. |
GetExplicitEntriesFromAcl |
Retrieves an array of structures that describe the access control entries (ACEs) in an access control list (ACL). |
GetLengthSid |
Returns the length, in bytes, of a valid security identifier (SID). |
GetMultipleTrustee |
Obsolete; do not use. |
GetMultipleTrusteeOperation |
Obsolete; do not use. |
GetNamedSecurityInfo |
Retrieves a copy of the security descriptor for an object specified by name. |
GetSecurityDescriptorControl |
Retrieves a security descriptor control and revision information. |
GetTokenInformation |
Retrieves information about a token. |
GetTrusteeForm |
Retrieves the trustee name from the specified TRUSTEE structure. |
GetTrusteeName |
Retrieves the trustee name from the specified TRUSTEE structure. |
GetTrusteeType |
Retrieves the trustee type from the specified TRUSTEE structure. |
InitializeSid |
Initializes a security identifier (SID). |
IsTokenRestricted |
Determines whether a token has a list of restricting SIDs. |
IsValidSid |
Validates a security identifier (SID) by verifying that the revision number is within a known range, and that the number of subauthorities is less than the maximum. |
LookupAccountName |
Accepts the name of a system and an account as input. |
LookupAccountSid |
Accepts a security identifier (SID) as input. |
LookupPrivilegeDisplayName |
Retrieves a display name representing a specified privilege. |
LookupPrivilegeName |
Retrieves the name corresponding to the privilege represented on a specific system by a specified locally unique identifier (LUID). |
LookupPrivilegeValue |
Retrieves the locally unique identifier (LUID) used on a specified system to locally represent the specified privilege name. |
OpenProcessToken |
Retrieves a handle to the primary access token for a process. |
OpenThreadToken |
Retrieves a handle to the impersonation access token for a thread. |
RtlConvertSidToUnicodeString |
Converts a SID to its Unicode character representation. |
SetEntriesInAcl |
Creates a new access control list (ACL) by merging new access control or audit-control information into an existing
ACL. |
SetNamedSecurityInfo |
Sets specified security information in the security descriptor of a specified object. |
SetThreadToken |
Assigns or removes an impersonation token for a thread. |
SetTokenInformation |
Changes a token's owner, primary group, or default DACL. |
SetSecurityDescriptorControl |
Sets the control bits of a security descriptor. |
SetSecurityInfo |
Sets specified security information in the security descriptor of a specified object. |
SetThreadToken |
Assigns an impersonation token to a thread. |
SetTokenInformation |
Sets various types of information for a specified access token. |
The following functions are used with the access control editor.
The following functions are used by servers to impersonate clients.
The following low-level functions are used to manipulate security descriptors.