| Previous | Main | Next | Site Index | Download | Disclaimer | Privacy |
SUPPLEMENTARY NOTE
This supplementary note provides information for structure, enumeration, macro and type used in program examples of Module J, Module K and Module L.
Struct, enum, macro and type are dumped HERE. The information compiled for NT 5 (Windows 2000 and above).
IndexEnumerationsACCESS_MODEACL_INFORMATION_CLASSWELL_KNOWN_SID_TYPEMULTIPLE_TRUSTEE_OPERATIONTRUSTEE_FORMTRUSTEE_TYPESE_OBJECT_TYPETOKEN_TYPETOKEN_INFORMATION_CLASSSECURITY_IMPERSONATION_LEVELMacrosZeroMemory()TEXTTypesSECURITY_INFORMATIOSECURITY_DESCRIPTOR_CONTROLACEStructuresSECURITY_ATTRIBUTESSIDSECURITY_DESCRIPTOROBJECTS_AND_NAMETRUSTEEOBJECTS_AND_SIDEXPLICIT_ACCESSACE_HEADERTOKEN_GROUPS_AND_PRIVILEGESTOKEN_PRIVILEGESTOKEN_ORIGINTOKEN_SOURCETOKEN_STATISTICSTOKEN_USERTOKEN_CONTROLTOKEN_DEFAULT_DACLTOKEN_GROUPSTOKEN_OWNERTOKEN_PRIMARY_GROUPACL_REVISION_INFORMATIONACL_SIZE_INFORMATIONLUIDLUID_AND_ATTRIBUTESPRIVILEGE_SETSECURITY_ATTRIBUTESGENERIC_MAPPINGSYSTEM_AUDIT_OBJECT_ACESYSTEM_AUDIT_ACEACE_HEADERACL |
|
Enumeration
ACCESS_MODE
|
Item |
Description |
|
Enumeration type |
ACCESS_MODE. |
|
Info |
The ACCESS_MODE enumeration type contains values that indicate how the access rights in an EXPLICIT_ACCESS structure apply to the trustee. Functions such as SetEntriesInAcl() and GetExplicitEntriesFromAcl() use these values to set or retrieve information in an access control entry (ACE). |
|
Definition |
typedef enum _ACCESS_MODE { NOT_USED_ACCESS = 0, GRANT_ACCESS, SET_ACCESS, DENY_ACCESS, REVOKE_ACCESS, SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE } ACCESS_MODE; |
|
Constants |
NOT_USED_ACCESS - Value not used. GRANT_ACCESS - An input flag that creates an ACCESS_ALLOWED_ACE structure. The new ACE combines the specified rights with any existing allowed or denied rights of the trustee. SET_ACCESS - Indicates an ACCESS_ALLOWED_ACE structure that allows the specified rights. On input, this flag discards any existing access control information for the trustee. DENY_ACCESS - Indicates an ACCESS_DENIED_ACE structure that denies the specified rights. On input, this flag denies the specified rights in addition to any currently denied rights of the trustee. REVOKE_ACCESS - An input flag that removes all existing ACCESS_ALLOWED_ACE or SYSTEM_AUDIT_ACE structures for the specified trustee. SET_AUDIT_SUCCESS - Indicates a SYSTEM_AUDIT_ACE structure that generates audit messages for successful attempts to use the specified access rights. You can combine this value with the SET_AUDIT_FAILURE member. On input, this flag combines the specified rights with any existing audited access rights for the trustee. SET_AUDIT_FAILURE - Indicates a SYSTEM_AUDIT_ACE structure that generates audit messages for failed attempts to use the specified access rights. You can combine this value with the SET_AUDIT_SUCCESS member. On input, this flag combines the specified rights with any existing audited access rights for the trustee. |
|
Header file |
<accctrl.h> |
|
Remark |
- |
|
Table 1 |
|
ACL_INFORMATION_CLASS
|
Item |
Description |
|
Enumeration type |
ACL_INFORMATION_CLASS. |
|
Info |
Contains values that specify the type of information being assigned to or retrieved from an ACL. |
|
Definition |
typedef enum _ACL_INFORMATION_CLASS { AclRevisionInformation = 1, AclSizeInformation } ACL_INFORMATION_CLASS; |
|
Constants |
AclRevisionInformation - Indicates ACL revision information. AclSizeInformation - Indicates ACL size information. |
|
Header file |
<windows.h> |
|
Remark |
- |
|
Table 2 |
|
WELL_KNOWN_SID_TYPE
|
Item |
Description |
|
Enumeration type |
WELL_KNOWN_SID_TYPE. |
|
Info |
Is a list of commonly used SIDs. Programs can pass these values to the CreateWellKnownSid() function to create a SID from this list. |
|
Definition |
typedef enum { WinNullSid = 0, WinWorldSid = 1, WinLocalSid = 2, WinCreatorOwnerSid = 3, WinCreatorGroupSid = 4, WinCreatorOwnerServerSid = 5, WinCreatorGroupServerSid = 6, WinNtAuthoritySid = 7, WinDialupSid = 8, WinNetworkSid = 9, WinBatchSid = 10, WinInteractiveSid = 11, WinServiceSid = 12, WinAnonymousSid = 13, WinProxySid = 14, WinEnterpriseControllersSid = 15, WinSelfSid = 16, WinAuthenticatedUserSid = 17, WinRestrictedCodeSid = 18, WinTerminalServerSid = 19, WinRemoteLogonIdSid = 20, WinLogonIdsSid = 21, WinLocalSystemSid = 22, WinLocalServiceSid = 23, WinNetworkServiceSid = 24, WinBuiltinDomainSid = 25, WinBuiltinAdministratorsSid = 26, WinBuiltinUsersSid = 27, WinBuiltinGuestsSid = 28, WinBuiltinPowerUsersSid = 29, WinBuiltinAccountOperatorsSid = 30, WinBuiltinSystemOperatorsSid = 31, WinBuiltinPrintOperatorsSid = 32, WinBuiltinBackupOperatorsSid = 33, WinBuiltinReplicatorSid = 34, WinBuiltinPreWindows2000CompatibleAccessSid = 35, WinBuiltinRemoteDesktopUsersSid = 36, WinBuiltinNetworkConfigurationOperatorsSid = 37, WinAccountAdministratorSid = 38, WinAccountGuestSid = 39, WinAccountKrbtgtSid = 40, WinAccountDomainAdminsSid = 41, WinAccountDomainUsersSid = 42, WinAccountDomainGuestsSid = 43, WinAccountComputersSid = 44, WinAccountControllersSid = 45, WinAccountCertAdminsSid = 46, WinAccountSchemaAdminsSid = 47, WinAccountEnterpriseAdminsSid = 48, WinAccountPolicyAdminsSid = 49, WinAccountRasAndIasServersSid = 50, WinNTLMAuthenticationSid = 51, WinDigestAuthenticationSid = 52, WinSChannelAuthenticationSid = 53, WinThisOrganizationSid = 54, WinOtherOrganizationSid = 55, WinBuiltinIncomingForestTrustBuildersSid = 56, WinBuiltinPerfMonitoringUsersSid = 57, WinBuiltinPerfLoggingUsersSid = 58, WinBuiltinAuthorizationAccessSid = 59, WinBuiltinTerminalServerLicenseServersSid = 60 } WELL_KNOWN_SID_TYPE; |
|
Constants |
WinNullSid -Indicates a null SID. WinWorldSid - Indicates a SID that matches everyone. WinLocalSid - Indicates a local SID. WinCreatorOwnerSid - Indicates a SID that matches the owner or creator of an object. WinCreatorGroupSid - Indicates a SID that matches the creator group of an object. WinCreatorOwnerServerSid - Indicates a creator owner server SID. WinCreatorGroupServerSid - Indicates a creator group server SID. WinNtAuthoritySid - Indicates a SID for the Windows NT authority. WinDialupSid - Indicates a SID for a dial-up account. WinNetworkSid - Indicates a SID for a network account. This SID is added to the process of a token when it logs on across a network. The corresponding logon type is LOGON32_LOGON_NETWORK.
WinBatchSid - Indicates a SID for a batch process. This SID is added to the process of a token when it logs on as a batch job. The corresponding logon type is LOGON32_LOGON_BATCH.
WinInteractiveSid - Indicates a SID for an interactive account. This SID is added to the process of a token when it logs on interactively. The corresponding logon type is LOGON32_LOGON_INTERACTIVE.
WinServiceSid - Indicates a SID for a service. This SID is added to the process of a token when it logs on as a service. The corresponding logon type is LOGON32_LOGON_SERVICE.
WinAnonymousSid - Indicates a SID for the anonymous account. WinProxySid - Indicates a proxy SID. WinEnterpriseControllersSid - Indicates a SID for an enterprise controller. WinSelfSid - Indicates a SID for self. WinAuthenticatedUserSid - Indicates a SID that matches any authenticated user. WinRestrictedCodeSid - Indicates a SID for restricted code. WinTerminalServerSid - Indicates a SID that matches a terminal server account. WinRemoteLogonIdSid - Indicates a SID that matches remote logons. WinLogonIdsSid - Indicates a SID that matches logon IDs. WinLocalSystemSid - Indicates a SID that matches the local system. WinLocalServiceSid - Indicates a SID that matches a local service. WinNetworkServiceSid - Indicates a SID that matches a network service. WinBuiltinDomainSid - Indicates a SID that matches the domain account. WinBuiltinAdministratorsSid - Indicates a SID that matches the administrator account. WinBuiltinUsersSid - Indicates a SID that matches built-in user accounts. WinBuiltinGuestsSid - Indicates a SID that matches the guest account. WinBuiltinPowerUsersSid - Indicates a SID that matches the power users group. WinBuiltinAccountOperatorsSid - Indicates a SID that matches the account operators account. WinBuiltinSystemOperatorsSid - Indicates a SID that matches the system operators group. WinBuiltinPrintOperatorsSid - Indicates a SID that matches the print operators group. WinBuiltinBackupOperatorsSid - Indicates a SID that matches the backup operators group. WinBuiltinReplicatorSid - Indicates a SID that matches the replicator account. WinBuiltinPreWindows2000CompatibleAccessSid - Indicates a SID that matches pre-Windows 2000 compatible accounts.
WinBuiltinRemoteDesktopUsersSid - Indicates a SID that matches remote desktop users. WinBuiltinNetworkConfigurationOperatorsSid - Indicates a SID that matches the network operators group. WinAccountAdministratorSid - Indicates a SID that matches the account administrators group. WinAccountGuestSid - Indicates a SID that matches the account guest group. WinAccountKrbtgtSid - Indicates a SID that matches account Kerberos target group. WinAccountDomainAdminsSid - Indicates a SID that matches the account domain administrator group. WinAccountDomainUsersSid - Indicates a SID that matches the account domain users group. WinAccountDomainGuestsSid - Indicates a SID that matches the account domain guests group. WinAccountComputersSid - Indicates a SID that matches the account computer group. WinAccountControllersSid - Indicates a SID that matches the account controller group. WinAccountCertAdminsSid - Indicates a SID that matches the certificate administrators group. WinAccountSchemaAdminsSid - Indicates a SID that matches the schema administrators group. WinAccountEnterpriseAdminsSid - Indicates a SID that matches the enterprise administrators group. WinAccountPolicyAdminsSid - Indicates a SID that matches the policy administrators group. WinAccountRasAndIasServersSid - Indicates a SID that matches the RAS and IAS server account. WinNTLMAuthenticationSid - Indicates a SID present when the Microsoft NTLM authentication package authenticated the client.
WinDigestAuthenticationSid - Indicates a SID present when the Microsoft Digest authentication package authenticated the client.
WinSChannelAuthenticationSid - Indicates a SID present when the Secure Channel (SSL/TLS) authentication package authenticated the client.
WinThisOrganizationSid - Indicates a SID present when the user authenticated from within the forest or across a trust that does not have the selective authentication option enabled. If this SID is present, then WinOtherOrganizationSid cannot be present.
WinOtherOrganizationSid - Indicates a SID present when the user authenticated across a forest with the selective authentication option enabled. If this SID is present, then WinThisOrganizationSid cannot be present.
WinBuiltinIncomingForestTrustBuildersSid - Indicates a SID that allows a user to create incoming forest trusts. It is added to the token of users who are a member of the Incoming Forest Trust Builders built-in group in the root domain of the forest.
WinBuiltinPerfMonitoringUsersSid - Indicates a SID that matches the performance monitor user group. WinBuiltinPerfLoggingUsersSid - Indicates a SID that matches the performance log user group. WinBuiltinAuthorizationAccessSid - Indicates a SID that matches the Windows Authorization Access group.
WinBuiltinTerminalServerLicenseServersSid - Indicates a SID is present in a server that can issue Terminal Server licenses. |
|
Header file |
<windows.h> |
|
Remark |
Require Win Xp and Win Server 2003. |
|
Table 3 |
|
MULTIPLE_TRUSTEE_OPERATION
|
Item |
Description |
|
Enumeration type |
MULTIPLE_TRUSTEE_OPERATION. |
|
Info |
Contains values that indicate whether a TRUSTEE structure is an impersonation trustee. |
|
Definition |
typedef enum _MULTIPLE_TRUSTEE_OPERATION { NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_IMPERSONATE } MULTIPLE_TRUSTEE_OPERATION; |
|
Constants |
NO_MULTIPLE_TRUSTEE The trustee is not an impersonation trustee.
TRUSTEE_IS_IMPERSONATE The trustee is an impersonation trustee. The pMultipleTrustee member of the TRUSTEE structure points to a trustee for a server that can impersonate the client trustee. |
|
Header file |
<accctrl.h> |
|
Remark |
- |
|
Table 21 |
|
TRUSTEE_FORM
|
Item |
Description |
|
Enumeration type |
TRUSTEE_FORM. |
|
Info |
Contains values that indicate the type of data pointed to by the ptstrName member of the TRUSTEE structure. |
|
Definition |
typedef enum _TRUSTEE_FORM { TRUSTEE_IS_SID, TRUSTEE_IS_NAME, TRUSTEE_BAD_FORM, TRUSTEE_IS_OBJECTS_AND_SID, TRUSTEE_IS_OBJECTS_AND_NAME } TRUSTEE_FORM; |
|
Constants |
TRUSTEE_IS_SID The ptstrName member is a pointer to a security identifier (SID) that identifies the trustee.
TRUSTEE_IS_NAME The ptstrName member is a pointer to a null-terminated string that identifies the trustee.
TRUSTEE_BAD_FORM Indicates an invalid trustee form.
TRUSTEE_IS_OBJECTS_AND_SID The ptstrName member is a pointer to an OBJECTS_AND_SID structure that contains the SID of the trustee and the GUIDs of the object types in an object-specific access control entry (ACE).
TRUSTEE_IS_OBJECTS_AND_NAME The ptstrName member is a pointer to an OBJECTS_AND_NAME structure that contains the name of the trustee and the names of the object types in an object-specific ACE. |
|
Header file |
<accctrl.h> |
|
Remark |
- |
|
Table 22 |
|
TRUSTEE_TYPE
|
Item |
Description |
|
Enumeration type |
TRUSTEE_TYPE. |
|
Info |
Contains values that indicate the type of trustee identified by a TRUSTEE structure. |
|
Definition |
typedef enum _TRUSTEE_TYPE { TRUSTEE_IS_UNKNOWN, TRUSTEE_IS_USER, TRUSTEE_IS_GROUP, TRUSTEE_IS_DOMAIN, TRUSTEE_IS_ALIAS, TRUSTEE_IS_WELL_KNOWN_GROUP, TRUSTEE_IS_DELETED, TRUSTEE_IS_INVALID, TRUSTEE_IS_COMPUTER } TRUSTEE_TYPE; |
|
Constants |
TRUSTEE_IS_UNKNOWN The trustee type is unknown, but not necessarily invalid.
TRUSTEE_IS_USER Indicates a user.
TRUSTEE_IS_GROUP Indicates a group.
TRUSTEE_IS_DOMAIN Indicates a domain.
TRUSTEE_IS_ALIAS Indicates an alias.
TRUSTEE_IS_WELL_KNOWN_GROUP Indicates a well-known group.
TRUSTEE_IS_DELETED Indicates a deleted account.
TRUSTEE_IS_INVALID Indicates an invalid trustee type.
TRUSTEE_IS_COMPUTER Indicates a computer. |
|
Header file |
<accctrl.h> |
|
Remark |
- |
|
Table 23 |
|
SE_OBJECT_TYPE
|
Item |
Description |
|
Enumeration type |
SE_OBJECT_TYPE. |
|
Info |
Contains values that correspond to the types of Windows objects that support security. The functions, such as GetSecurityInfo() and SetSecurityInfo(), that set and retrieve the security information of an object, use these values to indicate the type of object. |
|
Definition |
typedef enum _SE_OBJECT_TYPE { SE_UNKNOWN_OBJECT_TYPE = 0, SE_FILE_OBJECT, SE_SERVICE, SE_PRINTER, SE_REGISTRY_KEY, SE_LMSHARE, SE_KERNEL_OBJECT, SE_WINDOW_OBJECT, SE_DS_OBJECT, SE_DS_OBJECT_ALL, SE_PROVIDER_DEFINED_OBJECT, SE_WMIGUID_OBJECT, SE_REGISTRY_WOW64_32KEY } SE_OBJECT_TYPE; |
|
Constants |
SE_UNKNOWN_OBJECT_TYPE Unknown object type.
SE_FILE_OBJECT Indicates a file or directory. The name string that identifies a file or directory object can be in one of the following formats:
▪ A relative path, such as "abc.dat" or "..\abc.dat" ▪ An absolute path, such as "\abc.dat", "c:\dir1\abc.dat", or "g:\remote_dir\abc.dat" ▪ A UNC name, such as "\\computer_name\share_name\abc.dat". ▪ A local file system root, such as "\\\\.\\c:". Security set on a file system root does not persist when the system is restarted.
SE_SERVICE Indicates a Windows service. A service object can be a local service, such as "service_name"; or a remote service, such as "\\computer_name\service_name".
SE_PRINTER Indicates a printer. A printer object can be a local printer, such as "printer_name"; or a remote printer, such as "\\computer_name\printer_name".
SE_REGISTRY_KEY Indicates a registry key. A registry key object can be in the local registry, such as "CLASSES_ROOT\some_path"; or in a remote registry, such as "\\computer_name\CLASSES_ROOT\some_path". The names of registry keys must use the following literal strings to identify the predefined registry keys: "CLASSES_ROOT", "CURRENT_USER", "MACHINE", and "USERS".
SE_LMSHARE Indicates a network share. A share object can be local, such as "share_name"; or remote, such as "\\computer_name\share_name".
SE_KERNEL_OBJECT Indicates a local kernel object. The GetSecurityInfo() and SetSecurityInfo() functions support all types of kernel objects. The GetNamedSecurityInfo() and SetNamedSecurityInfo() functions work only with the following kernel objects: semaphore, event, mutex, waitable timer, and file mapping.
SE_WINDOW_OBJECT Indicates a window station or desktop object on the local computer. You cannot use GetNamedSecurityInfo() and SetNamedSecurityInfo() with these objects because the names of window stations or desktops are not unique.
SE_DS_OBJECT Indicates a directory service (DS) object or a property set or property of a directory service object. The name string for a DS object must be in X.500 form; for example: CN=someobject,OU=ou2,OU=ou1,DC=domain,DC=fabrikam,DC=com,O=internet
SE_DS_OBJECT_ALL Indicates a directory service object and all of its property sets and properties.
SE_PROVIDER_DEFINED_OBJECT Indicates a provider-defined object. Windows NT, Windows Me/98/95: This enumeration value is not supported.
SE_WMIGUID_OBJECT Indicates a WMI object. Windows NT, Windows Me/98/95: This enumeration value is not supported.
SE_REGISTRY_WOW64_32KEY Indicates an object for a registry entry under WOW64. Windows 2000, Windows NT: This enumeration value is not supported. |
|
Header file |
<accctrl.h> |
|
Remark |
- |
|
Table 24 |
|
TOKEN_TYPE
|
Item |
Description |
|
Enumeration type |
TOKEN_TYPE. |
|
Info |
Contains values that differentiate between a primary token and an impersonation token. |
|
Definition |
typedef enum tagTOKEN_TYPE { TokenPrimary= 1, TokenImpersonation } TOKEN_TYPE; |
|
Constants |
TokenPrimary - Indicates a primary token. TokenImpersonation - Indicates an impersonation token. |
|
Header file |
<windows.h> |
|
Remark |
- |
|
Table 28 |
|
TOKEN_INFORMATION_CLASS
|
Item |
Description |
|
Enumeration type |
TOKEN_INFORMATION_CLASS. |
|
Info |
Contains values that specify the type of information being assigned to or retrieved from an access token. The GetTokenInformation() function uses these values to indicate the type of token information to retrieve. |
|
Definition |
typedef enum _TOKEN_INFORMATION_CLASS { TokenUser = 1, TokenGroups, TokenPrivileges, TokenOwner, TokenPrimaryGroup, TokenDefaultDacl, TokenSource, TokenType, TokenImpersonationLevel, TokenStatistics, TokenRestrictedSids, TokenSessionId, TokenGroupsAndPrivileges, TokenSessionReference, TokenSandBoxInert, TokenAuditPolicy, TokenOrigin } TOKEN_INFORMATION_CLASS; |
|
Constants |
TokenUser The buffer receives a TOKEN_USER structure that contains the user account of the token.
TokenGroups The buffer receives a TOKEN_GROUPS structure that contains the group accounts associated with the token.
TokenPrivileges The buffer receives a TOKEN_PRIVILEGES structure that contains the privileges of the token.
TokenOwner The buffer receives a TOKEN_OWNER structure that contains the default owner security identifier (SID) for newly created objects.
TokenPrimaryGroup The buffer receives a TOKEN_PRIMARY_GROUP structure that contains the default primary group SID for newly created objects.
TokenDefaultDacl The buffer receives a TOKEN_DEFAULT_DACL structure that contains the default DACL for newly created objects.
TokenSource The buffer receives a TOKEN_SOURCE structure that contains the source of the token. TOKEN_QUERY_SOURCE access is needed to retrieve this information.
TokenType The buffer receives a TOKEN_TYPE value that indicates whether the token is a primary or impersonation token.
TokenImpersonationLevel The buffer receives a SECURITY_IMPERSONATION_LEVEL value that indicates the impersonation level of the token. If the access token is not an impersonation token, the function fails.
TokenStatistics The buffer receives a TOKEN_STATISTICS structure that contains various token statistics.
TokenRestrictedSids The buffer receives a TOKEN_GROUPS structure that contains the list of restricting SIDs in a restricted token.
TokenSessionId The buffer receives a DWORD value that indicates the Terminal Services session identifier that is associated with the token.
▪ If the token is associated with the Terminal Server console session, the session identifier is zero. ▪ If the token is associated with the Terminal Server client session, the session identifier is nonzero.
In a non-Terminal Services environment, the session identifier is zero. If TokenSessionId is set with SetTokenInformation, the application must have the Act As Part Of the Operating System privilege, and the application must be enabled to set the session ID in a token.
TokenGroupsAndPrivileges The buffer receives a TOKEN_GROUPS_AND_PRIVILEGES structure that contains the user SID, the group accounts, the restricted SIDs, and the authentication ID associated with the token.
TokenSessionReference Reserved for internal use.
TokenSandBoxInert The buffer receives a DWORD value that is nonzero if the token includes the SANDBOX_INERT flag.
TokenAuditPolicy Reserved for future use.
TokenOrigin The buffer receives a TOKEN_ORIGIN value. If the token resulted from a logon that used explicit credentials, such as passing a name, domain, and password to the LogonUser() function, then the TOKEN_ORIGIN structure will contain the ID of the logon session that created it. If the token resulted from network authentication, such as a call to AcceptSecurityContext() or a call to LogonUser() with dwLogonType set to LOGON32_LOGON_NETWORK or LOGON32_LOGON_NETWORK_CLEARTEXT, then this value will be zero. |
|
Header file |
<windows.h> |
|
Remark |
- |
|
Table 33 |
|
SECURITY_IMPERSONATION_LEVEL
|
Item |
Description |
|
Enumeration type |
SECURITY_IMPERSONATION_LEVEL. |
|
Info |
Enumeration type contains values that specify security impersonation levels. Security impersonation levels govern the degree to which a server process can act on behalf of a client process. |
|
Definition |
typedef enum _SECURITY_IMPERSONATION_LEVEL { SecurityAnonymous, SecurityIdentification, SecurityImpersonation, SecurityDelegation } SECURITY_IMPERSONATION_LEVEL; |
|
Constants |
SecurityAnonymous The server process cannot obtain identification information about the client, and it cannot impersonate the client. It is defined with no value given, and thus, by ANSI C rules, defaults to a value of zero.
SecurityIdentification The server process can obtain information about the client, such as security identifiers and privileges, but it cannot impersonate the client. This is useful for servers that export their own objects, for example, database products that export tables and views. Using the retrieved client-security information, the server can make access-validation decisions without being able to use other services that are using the client's security context.
SecurityImpersonation The server process can impersonate the client's security context on its local system. The server cannot impersonate the client on remote systems.
SecurityDelegation The server process can impersonate the client's security context on remote systems. |
|
Header file |
<windows.h> |
|
Remark |
Impersonation is the ability of a process to take on the security attributes of another process. |
|
Table 41 |
|
Macro
ZeroMemory()
|
Item |
Description |
|
Macro |
ZeroMemory(). |
|
Info |
Fills a block of memory with zeros. To avoid undesired effects of optimizing compilers, use the SecureZeroMemory() function. |
|
Definition |
void ZeroMemory(PVOID Destination, SIZE_T Length); |
|
Parameters |
Destination [in] Pointer to the starting address of the block of memory to fill with zeros.
Length [in] Size of the block of memory to fill with zeros, in bytes. |
|
Return value |
This function has no return value. |
|
Header file |
<windows.h> |
|
Remark |
- |
|
Table 4 |
|
TEXT
|
Item |
Description |
|
Macro |
TEXT. |
|
Info |
Identifies a string as Unicode when the UNICODE is defined during compilation. Otherwise, it identifies a string as an ANSI string. |
|
Definition |
TEXT(LPTSTR string); |