| UID | title | description | helpviewer_keywords | old-location | tech.root | ms.assetid | ms.date | ms.keywords | req.header | req.include-header | req.target-type | req.target-min-winverclnt | req.target-min-winversvr | req.kmdf-ver | req.umdf-ver | req.ddi-compliance | req.unicode-ansi | req.idl | req.max-support | req.namespace | req.assembly | req.type-library | req.lib | req.dll | req.irql | targetos | req.typenames | req.redist | ms.custom | f1_keywords | dev_langs | topic_type | api_type | api_location | api_name | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
NS:winnt._TOKEN_GROUPS_AND_PRIVILEGES |
TOKEN_GROUPS_AND_PRIVILEGES (winnt.h) |
Contains information about the group security identifiers (SIDs) and privileges in an access token. |
|
security\token_groups_and_privileges.htm |
security |
085ccd0a-d6c2-48ca-ad2a-933f22831b14 |
12/05/2018 |
*PTOKEN_GROUPS_AND_PRIVILEGES, PTOKEN_GROUPS_AND_PRIVILEGES, PTOKEN_GROUPS_AND_PRIVILEGES structure pointer [Security], SE_GROUP_ENABLED, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_INTEGRITY, SE_GROUP_INTEGRITY_ENABLED, SE_GROUP_LOGON_ID, SE_GROUP_MANDATORY, SE_GROUP_OWNER, SE_GROUP_RESOURCE, SE_GROUP_USE_FOR_DENY_ONLY, TOKEN_GROUPS_AND_PRIVILEGES, TOKEN_GROUPS_AND_PRIVILEGES structure [Security], _TOKEN_GROUPS_AND_PRIVILEGES, _win32_token_groups_and_privileges, security.token_groups_and_privileges, winnt/PTOKEN_GROUPS_AND_PRIVILEGES, winnt/TOKEN_GROUPS_AND_PRIVILEGES |
winnt.h |
Windows.h |
Windows |
Windows XP [desktop apps only] |
Windows Server 2003 [desktop apps only] |
Windows |
TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES |
19H1 |
|
|
|
|
|
|
The TOKEN_GROUPS_AND_PRIVILEGES structure contains information about the group security identifiers (SIDs) and privileges in an access token.
Number of SIDs in the access token.
Length, in bytes, required to hold all of the user SIDs and the account SID for the group.
A pointer to an array of SID_AND_ATTRIBUTES structures that contain a set of SIDs and corresponding attributes.
The Attributes members of the SID_AND_ATTRIBUTES structures can have the following values.
| Value | Meaning |
|---|---|
|
The SID is enabled for access checks. When the system performs an access check, it checks for access-allowed and access-denied access control entries (ACEs) that apply to the SID.
A SID without this attribute is ignored during an access check unless the SE_GROUP_USE_FOR_DENY_ONLY attribute is set. |
|
The SID is enabled by default. |
|
The SID is a mandatory integrity SID.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported. |
|
The mandatory integrity SID is evaluated during access check.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported. |
|
The SID is a logon SID that identifies the logon session associated with an access token. |
|
The SID cannot have the SE_GROUP_ENABLED attribute cleared by a call to the AdjustTokenGroups function. However, you can use the CreateRestrictedToken function to convert a mandatory SID to a deny-only SID. |
|
The SID identifies a group account for which the user of the token is the owner of the group, or the SID can be assigned as the owner of the token or objects. |
|
The SID identifies a domain-local group. |
|
The SID is a deny-only SID in a
restricted token. When the system performs an access check, it checks for access-denied ACEs that apply to the SID; it ignores access-allowed ACEs for the SID.
If this attribute is set, SE_GROUP_ENABLED is not set, and the SID cannot be reenabled. |
Number of restricted SIDs.
Length, in bytes, required to hold all of the restricted SIDs.
A pointer to an array of SID_AND_ATTRIBUTES structures that contain a set of restricted SIDs and corresponding attributes.
The Attributes members of the SID_AND_ATTRIBUTES structures can have the same values as those listed for the preceding Sids member.
Number of privileges.
Length, in bytes, needed to hold the privilege array.
Array of privileges.
Locally unique identifier (LUID) of the authenticator of the token.