NTSTATUS NTAPI NtCompareTokens( _In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal );
A handle to the first access token to compare. The token must be open for TOKEN_QUERY access.
A handle to the second access token to compare. The token must be open for TOKEN_QUERY access.
A pointer to a variable that receives a value that indicates whether the tokens represented by the FirstTokenHandle and SecondTokenHandle parameters are equivalent.
If the function succeeds, the function returns STATUS_SUCCESS.
If the function fails, it returns an NTSTATUS error code.
Two access control tokens are considered to be equivalent if all of the following conditions are true:
- Every security identifier (SID) that is present in either token is also present in the other token.
- Neither or both of the tokens are restricted.
- If both tokens are restricted, every SID that is restricted in one token is also restricted in the other token.
- Every privilege present in either token is also present in the other token.
|Minimum supported client
||Windows XP [desktop apps only]
|Minimum supported server
||Windows Server 2003 [desktop apps only]