Function Reference

_Security__GetTokenInformation

Retrieves a specified type of information about an access token

#include <Security.au3>
_Security__GetTokenInformation ( $hToken, $iClass )

Parameters

$hToken A handle to an access token from which information is retrieved.
If $iClass specifies $sTokenSource, the handle must have $TOKEN_QUERY_SOURCE access.
For all other $iClass values, the handle must have $TOKEN_QUERY access.
$iClass Specifies a value to identify the type of information the function retrieves

Return Value

Success: a byte structure filled with the requested information.
Failure: 0.

Related

_Security__OpenProcessToken, _Security__OpenThreadToken, _Security__OpenThreadTokenEx

See Also

Search GetTokenInformation in MSDN Library.

Example

#RequireAdmin ; for this example to have sense

#include <MsgBoxConstants.au3>
#include <Security.au3>
#include <WinAPIHObj.au3>

Example_GetTokInfo()

Example_SetTokInfo()

Func Example_GetTokInfo()
    Local $hProcess = _WinAPI_GetCurrentProcess()
    If @error Then Return ; check for possible errors

    Local $hToken = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
    ; If token is get...
    If $hToken Then
        ; Get information about the type of this token:
        Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENTYPE)
        ; The result will be raw binary data. For $TOKENTYPE it's TOKEN_TYPE value (enum value). Reinterpreting as "int" type therefore:
        Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)

        MsgBox($MB_SYSTEMMODAL, "GetTokenInformation", "Token type is " & $iTokenType) ; Can be value of either $TOKENPRIMARY = 1 or $TOKENIMPERSONATION = 2

        ; Close the token handle
        _WinAPI_CloseHandle($hToken)
    EndIf
EndFunc   ;==>Example_GetTokInfo

Func Example_SetTokInfo()
    Local $hProcess = _WinAPI_GetCurrentProcess()
    If @error Then Return ; check for possible errors

    Local $hToken = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)

    ; If token is get...
    If $hToken Then
        ; Set Medium Integrity Level for this token.
        Local $tSID = _Security__StringSidToSid($SID_MEDIUM_MANDATORY_LEVEL)
        ; Define TOKEN_MANDATORY_LABEL structure
        Local Const $tTOKEN_MANDATORY_LABEL = DllStructCreate("ptr Sid; dword Attributes")
        ; Fill it with wanted data
        DllStructSetData($tTOKEN_MANDATORY_LABEL, "Sid", DllStructGetPtr($tSID, 1))
        DllStructSetData($tTOKEN_MANDATORY_LABEL, "Attributes", $SE_GROUP_INTEGRITY)

        If _Security__SetTokenInformation($hToken, $TOKENINTEGRITYLEVEL, $tTOKEN_MANDATORY_LABEL, DllStructGetSize($tTOKEN_MANDATORY_LABEL)) Then

            ; Default IL is $SID_HIGH_MANDATORY_LEVEL, however...
            MsgBox($MB_SYSTEMMODAL, "SetTokenInformation", "$hToken = " & $hToken & @CRLF & "This token have non-default Medium Integrity Level")

            ; ... Do something with token here ...

        EndIf
        ; Close the token handle when no longer needed
        _WinAPI_CloseHandle($hToken)
    EndIf
EndFunc   ;==>Example_SetTokInfo