The ZwSetInformationToken routine modifies information in a specified token. The calling process must have appropriate access rights to set the information.
NTSTATUS ZwSetInformationToken( _In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_ PVOID TokenInformation, _In_ ULONG TokenInformationLength );
Handle for an access token in which information is to be modified.
A value from the TOKEN_INFORMATION_CLASS enumerated type identifying the type of information to be modified. The possible values for this parameter are listed in the TokenInformationClass Value column of the table shown in the description of the TokenInformation parameter.
Pointer to a caller-supplied buffer containing the information to be modified in the token. The structure of the information in this buffer depends upon the value of TokenInformationClass, as shown in the following table. All structures must be aligned on a 32-bit boundary.
|TokenInformationClass value||Effect on TokenInformation buffer|
|TokenDefaultDacl||The buffer contains a TOKEN_DEFAULT_DACL structure specifying the default DACL for newly created objects. TOKEN_ADJUST_DEFAULT access is required to set this information. The buffer contents are not validated for structural correctness or consistency.|
|TokenGroups||Not a valid information class. This information is read-only.|
|TokenOwner||The buffer contains a TOKEN_OWNER structure specifying the default owner SID for newly created objects. TOKEN_ADJUST_DEFAULT access is required to set this information. The owner values that may be specified are restricted to the user and group IDs with an attribute indicating they can be assigned as the owner of objects.|
|TokenPrimaryGroup||The buffer contains a TOKEN_PRIMARY_GROUP structure specifying the default primary group SID for newly created objects. TOKEN_ADJUST_DEFAULT access is required to set this information. Must be one of the group IDs already in the token.|
|TokenPrivileges||Not a valid information class. This information is read-only.|
|TokenSource||Not a valid information class. This information is read-only.|
|TokenStatistics||Not a valid information class. This information is read-only.|
|TokenUser||Not a valid information class. This information is read-only.|
Size, in bytes, of the structure passed in the TokenInformation buffer. Must be greater than or equal to the minimum value given in the following table.
|TokenInformationClass value||Minimum TokenInformationLength|
ZwSetInformationToken returns STATUS_SUCCESS or an appropriate error status. Possible error status codes include the following:
||TokenHandle did not have the required access.|
||The space allotted for storage of the default discretionary access control and the primary group ID is not large enough to accept the new value of one of these fields.|
||The value of TokenInformationLength was less than the required minimum.|
||The specified default owner's security information could not be captured.|
||TokenHandle was not a valid handle.|
||TokenInformationClass was not a valid token information class.|
||The caller cannot set the specified ID to be an owner (or default owner) of an object.|
||The caller cannot set the specified ID to be the primary group of an object.|
||The specified default owner's security information was not valid.|
||TokenHandle was not a token handle.|
For more information about security and access control, see the documentation on these topics in the Windows SDK.
|Windows version||Available in Windows 7 and later versions of Windows.|
|Header||ntifs.h (include Ntifs.h)|
|DDI compliance rules||PowerIrpDDis, HwStorPortProhibitedDDIs|