TOKEN_INFORMATION_CLASS enumeration (ntifs.h)

  • Article

The TOKEN_INFORMATION_CLASS enumeration type contains values that specify the type of information being assigned to or retrieved from an access token.

SeQueryInformationToken and ZwQueryInformationToken use TOKEN_INFORMATION_CLASS values to indicate the type of token information to retrieve.

Syntax

typedef enum _TOKEN_INFORMATION_CLASS {
  TokenUser,
  TokenGroups,
  TokenPrivileges,
  TokenOwner,
  TokenPrimaryGroup,
  TokenDefaultDacl,
  TokenSource,
  TokenType,
  TokenImpersonationLevel,
  TokenStatistics,
  TokenRestrictedSids,
  TokenSessionId,
  TokenGroupsAndPrivileges,
  TokenSessionReference,
  TokenSandBoxInert,
  TokenAuditPolicy,
  TokenOrigin,
  TokenElevationType,
  TokenLinkedToken,
  TokenElevation,
  TokenHasRestrictions,
  TokenAccessInformation,
  TokenVirtualizationAllowed,
  TokenVirtualizationEnabled,
  TokenIntegrityLevel,
  TokenUIAccess,
  TokenMandatoryPolicy,
  TokenLogonSid,
  TokenIsAppContainer,
  TokenCapabilities,
  TokenAppContainerSid,
  TokenAppContainerNumber,
  TokenUserClaimAttributes,
  TokenDeviceClaimAttributes,
  TokenRestrictedUserClaimAttributes,
  TokenRestrictedDeviceClaimAttributes,
  TokenDeviceGroups,
  TokenRestrictedDeviceGroups,
  TokenSecurityAttributes,
  TokenIsRestricted,
  TokenProcessTrustLevel,
  TokenPrivateNameSpace,
  TokenSingletonAttributes,
  TokenBnoIsolation,
  TokenChildProcessFlags,
  TokenIsLessPrivilegedAppContainer,
  TokenIsSandboxed,
  TokenIsAppSilo,
  TokenLoggingInformation,
  MaxTokenInfoClass
} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;

Constants

 
TokenUser
The buffer receives a TOKEN_USER structure containing the token's user account.
TokenGroups
The buffer receives a TOKEN_GROUPS structure containing the group accounts associated with the token.
TokenPrivileges
The buffer receives a TOKEN_PRIVILEGES structure containing the token's privileges.
TokenOwner
The buffer receives a TOKEN_OWNER structure containing the default owner SID for newly created objects.
TokenPrimaryGroup
The buffer receives a TOKEN_PRIMARY_GROUP structure containing the default primary group SID for newly created objects.
TokenDefaultDacl
The buffer receives a TOKEN_DEFAULT_DACL structure containing the default discretionary ACL (DACL) for newly created objects.
TokenSource
The buffer receives a TOKEN_SOURCE structure containing the source of the token. TOKEN_QUERY_SOURCE access is needed to retrieve this information.
TokenType
The buffer receives a TOKEN_TYPE value indicating whether the token is a primary or impersonation token.
TokenImpersonationLevel
The buffer receives a SECURITY_IMPERSONATION_LEVEL value indicating the impersonation level of the token. If the access token is not an impersonation token, the call to SeQueryInformationToken or ZwQueryInformationToken fails.
TokenStatistics
The buffer receives a TOKEN_STATISTICS structure containing various token statistics.
TokenRestrictedSids
The buffer receives a TOKEN_GROUPS structure containing the list of restricting SIDs in a restricted token. This value is valid starting with Windows Vista.
TokenSessionId
The buffer receives a DWORD value that indicates the Terminal Services session identifier associated with the token. If the token is associated with the Terminal Server console session, the session identifier is zero. A nonzero session identifier indicates a Terminal Services client session. In a non-Terminal Services environment, the session identifier is zero. This value is valid starting with Windows Vista.
TokenGroupsAndPrivileges
The buffer receives a TOKEN_GROUPS_AND_PRIVILEGES structure that contains the user SID, the group accounts, the restricted SIDs, and the authentication ID associated with the token. This value is valid starting with Windows Vista.
TokenSessionReference
Reserved for system use.
TokenSandBoxInert
The buffer receives a DWORD value that is nonzero if the token includes the SANDBOX_INERT flag. This value is valid starting with Windows Vista.
TokenAuditPolicy
Reserved for system use.
TokenOrigin
The buffer receives a TOKEN_ORIGIN value.

If the token resulted from a logon that used explicit credentials, such as passing a name, domain, and password to the user-mode LogonUser function, then the TOKEN_ORIGIN structure will contain the ID of the logon session that created it.

If the token resulted from network authentication, such as a call to user-mode AcceptSecurityContext function or a call to user-mode LogonUser function with dwLogonType set to LOGON32_LOGON_NETWORK or LOGON32_LOGON_NETWORK_CLEARTEXT, then this value will be zero.

This value is valid starting with Windows Server 2003.
TokenElevationType
TokenLinkedToken
The buffer receives a TOKEN_LINKED_TOKEN structure that contains a handle to another token that is linked to this token. This value is valid starting with Windows Vista.
TokenElevation
The buffer receives a TOKEN_ELEVATION structure that specifies whether the token is elevated. This value is valid starting with Windows Vista.
TokenHasRestrictions
The buffer receives a DWORD value that is nonzero if the token has ever been filtered. This value is valid starting with Windows Vista.
TokenAccessInformation
The buffer receives a TOKEN_ACCESS_INFORMATION structure that specifies security information contained in the token. This value is valid starting with Windows Vista.
TokenVirtualizationAllowed
The buffer receives a DWORD value that is nonzero if virtualization is allowed for the token. This value is valid starting with Windows Vista.
TokenVirtualizationEnabled
The buffer receives a DWORD value that is nonzero if virtualization is enabled for the token. This value is valid starting with Windows Vista.
TokenIntegrityLevel
The buffer receives a TOKEN_MANDATORY_LABEL structure that specifies the token's integrity level. This value is valid starting with Windows Vista. For SeQueryInformationToken the output is the actual integrity level (DWORD).
TokenUIAccess
The buffer receives a DWORD value that is nonzero if the token has the UIAccess flag set. This value is valid starting with Windows Vista.
TokenMandatoryPolicy
The buffer receives a TOKEN_MANDATORY_POLICY structure that specifies the token's mandatory integrity policy. This value is valid starting with Windows Vista.
TokenLogonSid
The buffer receives a TOKEN_GROUPS structure that specifies the token's logon SID. This value is valid starting with Windows Vista.
TokenIsAppContainer
The buffer receives a DWORD value that is nonzero if the token has the application container flag set. This value is valid starting with Windows 8.
TokenCapabilities
The buffer receives a TOKEN_GROUPS structure and an array of SID_AND_ATTRIBUTES structures for each token capability. This value is valid starting with Windows 8.
TokenAppContainerSid
The buffer receives a TOKEN_APPCONTAINER_INFORMATION structure that contains the AppContainerSid associated with the token. If the token is not associated with an app container, the TokenAppContainer member of the TOKEN_APPCONTAINER_INFORMATION structure points to NULL. This value is valid starting with Windows 8.
TokenAppContainerNumber
The buffer receives a DWORD value that is the application container number. This value is valid starting with Windows 8.
TokenUserClaimAttributes
The buffer receives a CLAIM_SECURITY_ATTRIBUTES_INFORMATION structure that specifies the user's claim attributes. This value is valid starting with Windows 8.
TokenDeviceClaimAttributes
The buffer receives a CLAIM_SECURITY_ATTRIBUTES_INFORMATION structure that specifies the device's claim attributes. This value is valid starting with Windows 8.
TokenRestrictedUserClaimAttributes
Reserved for system use.
TokenRestrictedDeviceClaimAttributes
Reserved for system use.
TokenDeviceGroups
The buffer receives a TOKEN_GROUPS structure and an array of SID_AND_ATTRIBUTES structures for each device group. This value is valid starting with Windows 8.
TokenRestrictedDeviceGroups
Reserved for system use.
TokenSecurityAttributes
Reserved for system use.
TokenIsRestricted
Reserved for system use.
TokenProcessTrustLevel
Reserved for system use.
TokenPrivateNameSpace
Reserved for system use.
TokenSingletonAttributes
Reserved for system use.
TokenBnoIsolation
Reserved for system use.
TokenChildProcessFlags
Reserved for system use.
TokenIsLessPrivilegedAppContainer
Returns a DWORD value that is nonzero if the token is for a less privileged app container.
TokenIsSandboxed
Returns a DWORD value that is nonzero if the token is for a sandboxed process or app.
TokenIsAppSilo
Returns a DWORD value that is nonzero if the token is associated with an app silo.
TokenLoggingInformation
The buffer receives a TOKEN_LOGGING_INFORMATION structure with logging information associated with the token.
MaxTokenInfoClass
The maximum value for this enumeration.

Requirements

Requirement Value
Header ntifs.h (include Ntifs.h)

See also

ACL

SECURITY_IMPERSONATION_LEVEL

SID

SeFilterToken

SeQueryInformationToken

SeTokenIsRestricted

TOKEN_DEFAULT_DACL

TOKEN_GROUPS

TOKEN_ORIGIN

TOKEN_OWNER

TOKEN_PRIMARY_GROUP

TOKEN_PRIVILEGES

TOKEN_SOURCE

TOKEN_STATISTICS

TOKEN_TYPE

TOKEN_USER

ZwQueryInformationToken

ZwSetInformationToken