Security and Identity

Overview of the Security and Identity technology.

To develop Security and Identity, you need these headers:

For programming guidance for this technology, see:

Enumerations

 
ACCESS_MODE

Contains values that indicate how the access rights in an EXPLICIT_ACCESS structure apply to the trustee.
ACL_INFORMATION_CLASS

Contains values that specify the type of information being assigned to or retrieved from an access control list (ACL).
AlgorithmFlags

Contains flags that can be used to refine the search for a cryptographic algorithm.
AlgorithmOperationFlags

Specifies the operations that an algorithm can perform.
AlgorithmType

Specifies the intended purpose of a cryptographic algorithm supported by a cryptographic provider.
AlternativeNameType

Specifies the alternative name types that can be specified when initializing an IAlternativeName object.
AUDIT_EVENT_TYPE

Defines values that indicate the type of object being audited. The AccessCheckByTypeAndAuditAlarm and AccessCheckByTypeResultListAndAuditAlarm functions use these values.
AUDIT_PARAM_TYPE

Defines the type of audit parameters that are available.
AUTHZ_CONTEXT_INFORMATION_CLASS

Specifies the type of information to be retrieved from an existing AuthzClientContext. This enumeration is used by the AuthzGetInformationFromContext function.
AUTHZ_SECURITY_ATTRIBUTE_OPERATION

Indicates the type of modification to be made to security attributes by a call to the AuthzModifySecurityAttributes function.
AUTHZ_SID_OPERATION

Indicates the type of SID operations that can be made by a call to the AuthzModifySids function.
AZ_PROP_CONSTANTS

Defines constants used by Authorization Manager.
BCRYPT_HASH_OPERATION_TYPE

The BCRYPT_HASH_OPERATION_TYPE enumeration specifies the hash operation type.
BCRYPT_MULTI_OPERATION_TYPE

The BCRYPT_MULTI_OPERATION_TYPE enumeration specifies type of multi-operation that is passed to the BCryptProcessMultiOperations function.
CASetupProperty

Specifies a property type for setup and configuration of a certification authority (CA) role when using the ICertSrvSetup interface.
CEPSetupProperty

Used by the GetProperty and SetProperty methods on the ICertificateEnrollmentPolicyServerSetup interface to specify the type of property information to retrieve or set.
CERTENROLL_OBJECTID

Contains the predefined object identifiers (OIDs) supported by Certificate Enrollment API.
CERTENROLL_PROPERTYID

Contains predefined object identifiers for external properties that can be associated with a certificate in the certificate store.
CESSetupProperty

Used by the GetProperty and SetProperty methods on the ICertificateEnrollmentServerSetup interface to specify the type of property information to retrieve or set.
CommitTemplateFlags

Specifies options for saving and deleting templates.
CRED_MARSHAL_TYPE

Specifies the types of credential to be marshaled by CredMarshalCredential or unmarshaled by CredUnmarshalCredential.
CRED_PROTECTION_TYPE

Specifies the security context in which credentials are encrypted when using the CredProtect function.
CREDSPP_SUBMIT_TYPE

Specifies the type of credentials specified by a CREDSSP_CRED structure.
CRYPT_XML_CHARSET

Used to specify the character set used in the XML.
CRYPT_XML_KEYINFO_SPEC

Specifies values for the dwKeyInfoSpec parameter in the CryptXmlSign function.
CRYPT_XML_PROPERTY_ID

Specifies the type and usage of the XML property.
DdqAccessLevel

This resource represents the privilege level for a Diagnostic Data Query session
DSAFIPSVERSION_ENUM

Contains FIPS version information.
EncodingType

Specifies the type of encoding applied to a byte array for display purposes.
EnrollmentCAProperty

Specifies certification authority property values.
EnrollmentDisplayStatus

Specifies whether to display enrollment status information in a user interface.
EnrollmentEnrollStatus

Specifies the enrollment status of a certificate request.
EnrollmentPolicyFlags

Specifies group policy flags.
EnrollmentPolicyServerPropertyFlags

Specifies the default policy server.
EnrollmentSelectionStatus

Specifies whether the enrollment status of an object will be monitored during the enrollment process.
EnrollmentTemplateProperty

Contains property values for a given template.
ENUM_CATYPES

Specifies a certification authority (CA) type.
ENUM_PERIOD

Specifies the units of a time span.
eTlsAlgorithmUsage

Specifies the algorithm being used to disable cryptographic settings.
HASHALGORITHM_ENUM

Specifies signing and hashing algorithms.
IDENTITY_TYPE

Specifies the type of identities to enumerate.
ImportPFXFlags

Flags to use when importing a PFX certificate.
InnerRequestLevel

Specifies the containment level of a certificate request within a PKCS
InstallResponseRestrictionFlags

Contains flags that identify the restrictions placed on the local installation of a certificate chain.
KERB_CERTIFICATE_INFO_TYPE

Specifies the type of certificate information that is provided.
KERB_LOGON_SUBMIT_TYPE

Identifies the type of logon being requested.
KERB_PROFILE_BUFFER_TYPE

Lists the type of logon profile returned.
KERB_PROTOCOL_MESSAGE_TYPE

Lists the types of messages that can be sent to the Kerberos authentication package by calling the LsaCallAuthenticationPackage function.
KeyCredentialManagerOperationErrorStates

Enumeration of Error states returned by the function KeyCredentialManagerGetOperationErrorStates as flags.
KeyCredentialManagerOperationType

These are the operational enum values that are passed to KeyCredentialManagerShowUIOperation.
KeyIdentifierHashAlgorithm

Specifies the algorithm used to hash the public key in a certificate request.
LSA_FOREST_TRUST_COLLISION_RECORD_TYPE

Defines the types of collision that can occur between Local Security Authority forest trust records.
LSA_FOREST_TRUST_RECORD_TYPE

Defines the type of a Local Security Authority forest trust record.
LSA_TOKEN_INFORMATION_TYPE

Specifies the levels of information that can be included in a logon token.
MANDATORY_LEVEL

Lists the possible security levels.
MSA_INFO_LEVEL

Indicates the level of a managed service account.
MSA_INFO_STATE

Indicates the state of a managed service account.
MSCEPSetupProperty

Specifies a property type for setup and configuration of a Microsoft Simple Certificate Enrollment Protocol (SCEP) role using IMSCEPSetup.
MSV1_0_LOGON_SUBMIT_TYPE

Indicates the kind of logon being requested.
MSV1_0_PROFILE_BUFFER_TYPE

Lists the kind of logon profile returned.
MSV1_0_PROTOCOL_MESSAGE_TYPE

Lists the types of messages that can be sent to the MSV1_0 Authentication Package by calling the LsaCallAuthenticationPackage function.
MULTIPLE_TRUSTEE_OPERATION

Contains values that indicate whether a TRUSTEE structure is an impersonation trustee.
ObjectIdGroupId

Specifies the category or group to which an object identifier (OID) belongs.
ObjectIdPublicKeyFlags

Specifies whether a public key algorithm is used for signing or for encryption.
PFXExportOptions

Specifies how much of a certificate chain is included when creating a Personal Information Exchange (PFX) message.
Pkcs10AllowedSignatureTypes

Specifies the type of signature permitted when signing a certificate request.
PKU2U_LOGON_SUBMIT_TYPE

Indicates the type of logon message passed in a PKU2U_CERTIFICATE_S4U_LOGON structure.
POLICY_AUDIT_EVENT_TYPE

The POLICY_AUDIT_EVENT_TYPE enumeration defines values that indicate the types of events the system can audit.
POLICY_DOMAIN_INFORMATION_CLASS

Defines the type of policy domain information.
POLICY_INFORMATION_CLASS

Defines values that indicate the type of information to set or query in a Policy object.
POLICY_LSA_SERVER_ROLE

Defines values that indicate the role of an LSA server.
POLICY_NOTIFICATION_INFORMATION_CLASS

The POLICY_NOTIFICATION_INFORMATION_CLASS enumeration defines the types of policy information and policy domain information for which your application can request notification of changes.
POLICY_SERVER_ENABLE_STATE

The POLICY_SERVER_ENABLE_STATE enumeration represents the state of the LSA server�that is, whether it is enabled or disabled. Some operations may only be performed on an enabled LSA server.
PolicyQualifierType

Specifies the type of qualifier applied to a certificate policy.
PolicyServerUrlFlags

Contains certificate enrollment policy (CEP) server flags.
PolicyServerUrlPropertyID

Contains values that specify the type of property value to be returned by the GetStringProperty method or set by the SetStringProperty method on the IX509PolicyServerUrl interface.
PROG_INVOKE_SETTING

Indicates the initial setting of the function used to track the progress of a call to the TreeSetNamedSecurityInfo or TreeResetNamedSecurityInfo function.
RequestClientInfoClientId

Specifies the type of application that created a certificate request.
SAFER_IDENTIFICATION_TYPES

Defines the possible types of identification rule structures that can be identified by the SAFER_IDENTIFICATION_HEADER structure.
SAFER_OBJECT_INFO_CLASS

Defines the type of information requested about a Safer object.
SAFER_POLICY_INFO_CLASS

Defines the ways in which a policy may be queried.
SCESVC_INFO_TYPE

The SCESVC_INFO_TYPE enumeration is used by PFSCE_QUERY_INFO and PFSCE_SET_INFO to indicate the type of information requested from or passed to the security database. It can be one of the following values.
SE_OBJECT_TYPE

Contains values that correspond to the types of Windows objects that support security.
SEC_APPLICATION_PROTOCOL_NEGOTIATION_EXT

Indicates the application protocol extension that is negotiated.
SEC_APPLICATION_PROTOCOL_NEGOTIATION_STATUS

Describes the status of the SEC application protocol negotiation.
SEC_TRAFFIC_SECRET_TYPE

Indicates the traffic secret type used.
SecDelegationType

The type of delegation used.
SECPKG_ATTR_LCT_STATUS

Indicates whether the token from the most recent call to the InitializeSecurityContext function is the last token from the client.
SECPKG_CRED_CLASS

Indicates the type of credential used in a client context. The SECPKG_CRED_CLASS enumeration is used in the SecPkgContext_CredInfo structure.
SECPKG_EXTENDED_INFORMATION_CLASS

The SECPKG_EXTENDED_INFORMATION_CLASS enumeration describes the type of information to set or get for a security package.This enumeration is used by the SpGetExtendedInformation and SpSetExtendedInformation functions.
SECPKG_NAME_TYPE

The SECPKG_NAME_TYPE enumeration is used to describe the type of name specified for an account.The SECPKG_NAME_TYPE enumeration is used by the GetAuthDataForUser and OpenSamUser functions.
SECPKG_SESSIONINFO_TYPE

Specifies the format of session information.
SECURITY_IMPERSONATION_LEVEL

Contains values that specify security impersonation levels. Security impersonation levels govern the degree to which a server process can act on behalf of a client process.
SECURITY_LOGON_TYPE

Indicates the type of logon requested by a logon process.
SERVICE_DIRECTORY_TYPE

Specifies the type of a per-service directory path.
SERVICE_REGISTRY_STATE_TYPE

Specifies a state type for a service registry key. (SERVICE_REGISTRY_STATE_TYPE)
SERVICE_SHARED_DIRECTORY_TYPE

Specifies the type of a per-service shared directory path.
SERVICE_SHARED_REGISTRY_STATE_TYPE

Specifies a state type for a service registry key. (SERVICE_SHARED_REGISTRY_STATE_TYPE)
SI_PAGE_TYPE

Contains values that indicate the types of property pages in an access control editor property sheet.
SID_NAME_USE

Contains values that specify the type of a security identifier (SID).
SL_ACTIVATION_TYPE

Represents the type of offline activation for a license.
SL_GENUINE_STATE

Specifies the state of an application installation.
SLDATATYPE

Specifies the data type of the buffer returned by the SLGetWindowsInformation function.
SLIDTYPE

Represents the type of Software Licensing ID.
SLLICENSINGSTATUS

Represents the licensing status. (SLLICENSINGSTATUS)
SLREFERRALTYPE

Represents the types of information that can be queried with the SLGetReferralInformation function.
TOKEN_ELEVATION_TYPE

Indicates the elevation type of token being queried by the GetTokenInformation function or set by the SetTokenInformation function.
TOKEN_INFORMATION_CLASS

Contains values that specify the type of information being assigned to or retrieved from an access token.
TOKEN_TYPE

Contains values that differentiate between a primary token and an impersonation token.
TOKENBINDING_EXTENSION_FORMAT

Specifies the formats that are available to interpret extension data.
TOKENBINDING_TYPE

Specifies the possible types for a token binding.
TPMVSCMGR_ERROR

Provides predefined error codes to represent the contexts of errors from the TPM virtual smart card manager.
TPMVSCMGR_STATUS

Provides predefined status codes to represent the progress of the TPM virtual smart card manager.
TRUSTED_INFORMATION_CLASS

The TRUSTED_INFORMATION_CLASS enumeration type defines values that indicate the type of information to set or query for a trusted domain.
TRUSTEE_FORM

Values that indicate the type of data pointed to by the ptstrName member of the TRUSTEE structure.
TRUSTEE_TYPE

Values that indicate the type of trustee identified by a TRUSTEE structure.
WebEnrollmentFlags

Specifies web enrollment behavior.
WebSecurityLevel

Specifies whether a web-enabled method or property is safe for scripting.
WELL_KNOWN_SID_TYPE

A list of commonly used security identifiers (SIDs). Programs can pass these values to the CreateWellKnownSid function to create a SID from this list.
X500NameFlags

Specifies the display and encoding characteristics of a distinguished name or relative distinguished name (RDN).
X509CertificateEnrollmentContext

Specifies the nature of the end entity for which the certificate is intended.
X509CertificateTemplateEnrollmentFlag

Contains values that specify server and client actions during enrollment.
X509CertificateTemplateGeneralFlag

Contains use and modification information about templates and associated certificates.
X509CertificateTemplatePrivateKeyFlag

Contains values that specify client actions regarding a private key.
X509CertificateTemplateSubjectNameFlag

Contains values that specify server and client actions concerning subject names.
X509EnrollmentAuthFlags

Specifies the authentication type.
X509EnrollmentPolicyExportFlags

Is used by the Export method on the IX509EnrollmentPolicyServer interface to specify what items to export from the policy server.
X509EnrollmentPolicyLoadOption

Is used by the LoadPolicy method on the IX509EnrollmentPolicyServer interface to specify how to retrieve policy from the policy server.
X509KeySpec

Specifies the intended use of a key for a legacy cryptographic service provider (CSP).
X509KeyUsageFlags

Specifies the purpose of a key contained in a certificate.
X509PrivateKeyExportFlags

Specifies the export policy for a private key.
X509PrivateKeyProtection

Specifies the level of private key protection supported by a cryptographic provider.
X509PrivateKeyUsageFlags

Specifies the permitted uses of a private key.
X509PrivateKeyVerify

Specifies whether a user interface is displayed during private key verification and whether verification can proceed if the cryptographic provider is a smart card provider.
X509ProviderType

Specifies the type of cryptographic provider.
X509RequestInheritOptions

Specifies how keys, extension values, and external properties are inherited when a new request is created from an existing certificate.
X509RequestType

Specifies the certificate request type.
X509SCEPDisposition

Describes the resulting disposition of a request to process a response message.
X509SCEPFailInfo

Describes the nature of an SCEP certificate enrollment failure.

Functions

 
acceptFilePKCS7

Accepts and processes a file that contains a PKCS
acceptFilePKCS7WStr

Accepts and processes a PKCS (IEnroll.acceptFilePKCS7WStr)
acceptFileResponse

Accepts delivery of the credentials issued in response to an earlier call to createFileRequest, and it places the credentials in the appropriate store.
acceptFileResponseWStr

Accepts delivery of the credentials issued in response to an earlier call to createFileRequestWStr, and it places the credentials in the appropriate store.
acceptPKCS7

Accepts and processes a PKCS (ICEnroll.acceptPKCS7)
acceptPKCS7Blob

Accepts and processes a PKCS (IEnroll.acceptPKCS7Blob)
acceptResponse

Accepts delivery of the credentials issued in response to an earlier call to createRequest and places the credentials in the appropriate store.
acceptResponseBlob

Accepts delivery of the credentials issued in response to an earlier call to createRequestWStr and places the credentials in the appropriate store.
AcceptSecurityContext

Lets the server component of a transport application establish a security context between the server and a remote client.
AccessCheck

Determines whether a security descriptor grants a specified set of access rights to the client identified by an access token. (AccessCheck)
AccessCheck

Determines whether the current client context is allowed to perform the specified operations.
AccessCheck2

Returns a value that specifies whether the principal represented by the current client context is allowed to perform the specified operation.
AccessCheckAndAuditAlarmA

Determines whether a security descriptor grants a specified set of access rights to the client being impersonated by the calling thread. (AccessCheckAndAuditAlarmA)
AccessCheckAndAuditAlarmW

Determines whether a security descriptor grants a specified set of access rights to the client being impersonated by the calling thread.
AccessCheckByType

Determines whether a security descriptor grants a specified set of access rights to the client identified by an access token. (AccessCheckByType)
AccessCheckByTypeAndAuditAlarmA

Determines whether a security descriptor grants a specified set of access rights to the client being impersonated by the calling thread. (AccessCheckByTypeAndAuditAlarmA)
AccessCheckByTypeAndAuditAlarmW

Determines whether a security descriptor grants a specified set of access rights to the client being impersonated by the calling thread. (AccessCheckByTypeAndAuditAlarmW)
AccessCheckByTypeResultList

Determines whether a security descriptor grants a specified set of access rights to the client identified by an access token. (AccessCheckByTypeResultList)
AccessCheckByTypeResultListAndAuditAlarmA

Determines whether a security descriptor grants a specified set of access rights to the client being impersonated by the calling thread. (AccessCheckByTypeResultListAndAuditAlarmA)
AccessCheckByTypeResultListAndAuditAlarmByHandleA

The AccessCheckByTypeResultListAndAuditAlarmByHandleA (ANSI) function (winbase.h) determines whether a security descriptor grants a specified set of access rights to the client that the calling thread is impersonating.
AccessCheckByTypeResultListAndAuditAlarmByHandleW

The AccessCheckByTypeResultListAndAuditAlarmByHandleW (Unicode) function (securitybaseapi.h) determines whether a security descriptor grants access rights to the client that the calling thread is impersonating.
AccessCheckByTypeResultListAndAuditAlarmW

Determines whether a security descriptor grants a specified set of access rights to the client being impersonated by the calling thread. (AccessCheckByTypeResultListAndAuditAlarmW)
AcquireCredentialsHandleA

The AcquireCredentialsHandle (CredSSP) function acquires a handle to preexisting credentials of a security principal. (ANSI)
AcquireCredentialsHandleW

The AcquireCredentialsHandle (CredSSP) function acquires a handle to preexisting credentials of a security principal. (Unicode)
Add

Adds an object to the collection. (IAlternativeNames.Add)
Add

Adds an object to the collection. (ICertificatePolicies.Add)
Add

Adds an ICertificationAuthority object to the collection.
Add

Adds a property to the collection.
Add

Adds an ICryptAttribute object to the collection.
Add

Adds an ICspAlgorithm object to the collection.
Add

Adds an ICspInformation object to the collection.
Add

Adds an ICspStatus object to the collection.
Add

Adds an IObjectId object to the collection.
Add

Adds an object to the collection. (IPolicyQualifiers.Add)
Add

Adds an ISignerCertificate object to the collection.
Add

Adds an ISmimeCapability object to the collection.
Add

Adds an IX509Attribute object to the collection.
Add

Adds an IX509CertificateTemplate object to the collection.
Add

Adds an IX509Extension object to the collection.
Add

Adds an IX509NameValuePair object to the collection.
Add

Adds an IX509PolicyServerUrl object to the collection.
Add

Adds an ICertSrvSetupKeyInformation object to the collection.
AddAccessAllowedAce

Adds an access-allowed access control entry (ACE) to an access control list (ACL). The access is granted to a specified security identifier (SID).
AddAccessAllowedAceEx

Adds an access-allowed access control entry (ACE) to the end of a discretionary access control list (DACL). (AddAccessAllowedAceEx)
AddAccessAllowedObjectAce

Adds an access-allowed access control entry (ACE) to the end of a discretionary access control list (DACL). (AddAccessAllowedObjectAce)
AddAccessDeniedAce

Adds an access-denied access control entry (ACE) to an access control list (ACL). The access is denied to a specified security identifier (SID).
AddAccessDeniedAceEx

Adds an access-denied access control entry (ACE) to the end of a discretionary access control list (DACL).
AddAccessDeniedObjectAce

Adds an access-denied access control entry (ACE) to the end of a discretionary access control list (DACL). The new ACE can deny access to an object, or to a property set or property on an object.
AddAce

Adds one or more access control entries (ACEs) to a specified access control list (ACL).
AddApplicationGroups

Adds the specified array of existing IAzApplicationGroup objects to the client context object.
AddAppMember

Adds the specified IAzApplicationGroup object to the list of application groups that belong to this application group.
AddAppMember

Adds the specified IAzApplicationGroup object to the list of application groups that belong to this role.
AddAppNonMember

Adds the specified IAzApplicationGroup object to the list of application groups that are refused membership in this application group.
addAttributeToRequest

Adds an attribute to the certificate request. This method was first defined in the ICEnroll4 interface.
addAttributeToRequestWStr

Adds an attribute to the certificate request.
AddAuditAccessAce

Adds a system-audit access control entry (ACE) to a system access control list (ACL). The access of a specified security identifier (SID) is audited.
AddAuditAccessAceEx

Adds a system-audit access control entry (ACE) to the end of a system access control list (SACL). (AddAuditAccessAceEx)
AddAuditAccessObjectAce

Adds a system-audit access control entry (ACE) to the end of a system access control list (SACL). (AddAuditAccessObjectAce)
AddAuthenticatedAttributesToPKCS7Request

The AddAuthenticatedAttributesToPKCS7Request method adds authenticated attributes to a PKCS
AddAvailableCsps

Adds the providers installed on the computer to the collection.
AddAvailableSmimeCapabilities

Adds ISmimeCapability objects to the collection by identifying the encryption algorithms supported by the default RSA cryptographic provider.
addBlobPropertyToCertificate

Adds a BLOB property to a certificate.
addBlobPropertyToCertificateWStr

The IEnroll4::addBlobPropertyToCertificateWStr method adds a BLOB property to a certificate.
AddCertificate

Add an endorsement key certificate to the key storage provider (KSP) that supports endorsement keys.
addCertTypeToRequest

Adds a certificate template to a request (used to support the enterprise certification authority (CA)). This method was first defined by the ICEnroll2 interface.
addCertTypeToRequestEx

Adds a certificate template (or "certificate type") to a request.
AddCertTypeToRequestWStr

Adds a certificate template to a request (used to support the enterprise certification authority (CA)).
AddCertTypeToRequestWStrEx

Adds a certificate template (also known as certificate type) to a request.
AddConditionalAce

Adds a conditional access control entry (ACE) to the specified access control list (ACL).
AddConnectNotify

Called before and after each add connection operation (WNetAddConnection, WNetAddConnection2, and WNetAddConnection3) is attempted by the Multiple Provider Router (MPR).
AddCredentialsA

AddCredentialsA (ANSI) adds a credential to the list of credentials.
AddCredentialsW

AddCredentialsW (Unicode) adds a credential to the list of credentials.
AddDelegatedPolicyUser

Adds the specified security identifier (SID) in text form to the list of principals that act as delegated policy users. (IAzApplication.AddDelegatedPolicyUser)
AddDelegatedPolicyUser

Adds the specified security identifier (SID) in text form to the list of principals that act as delegated policy users. (IAzAuthorizationStore.AddDelegatedPolicyUser)
AddDelegatedPolicyUserName

Adds the specified account name to the list of principals that act as delegated policy users. (IAzApplication.AddDelegatedPolicyUserName)
AddDelegatedPolicyUserName

Adds the specified account name to the list of principals that act as delegated policy users. (IAzAuthorizationStore.AddDelegatedPolicyUserName)
AddEnrollmentServer

Saves certificate enrollment server (CES) access credentials in the credential cache.
AddExtensionsToRequest

The AddExtensionsToRequest method adds extensions to the certificate request. This method was first defined in the IEnroll interface.
addExtensionToRequest

The ICEnroll4::addExtensionToRequest method adds an extension to the request.
addExtensionToRequestWStr

Adds an extension to the request.
AddFromCsp

Adds objects to the collection by identifying the encryption algorithms supported by a specific cryptographic provider.
AddInterface

Adds the specified interface to the list of IDispatch interfaces that can be called by business rule (BizRule) scripts.
AddInterfaces

Adds the specified interfaces to the list of IDispatch interfaces that can be called by business rule (BizRule) scripts.
AddMandatoryAce

Adds a SYSTEM_MANDATORY_LABEL_ACE access control entry (ACE) to the specified system access control list (SACL).
AddMember

Adds the specified security identifier (SID) in text form to the list of accounts that belong to the application group.
AddMember

Adds the specified security identifier (SID) in text form to the list of Windows accounts that belong to the role.
AddMemberName

Adds the specified account name to the list of accounts that belong to the application group.
AddMemberName

Adds the specified account name to the list of accounts that belong to the role.
addNameValuePairToRequest

Adds an unauthenticated name-value string pair to the request. This method was first defined in the ICEnroll4 interface.
addNameValuePairToRequestWStr

Adds an unauthenticated name-value string pair to the request.
addNameValuePairToSignature

Adds the authenticated name-value pair of an attribute to the request. It is up to the certification authority (CA) to interpret the meaning of the name-value pair.
AddNameValuePairToSignatureWStr

Adds the authenticated name-value pair of an attribute to the request. The certification authority (CA) interprets the meaning of the name-value pair.
AddNonMember

Adds the specified security identifier (SID) in text form to the list of accounts that are refused membership in the application group.
AddNonMemberName

Adds the specified account name to the list of accounts that are refused membership in the application group.
AddOperation

Adds the IAzOperation object with the specified name to the role.
AddOperation

Adds the IAzOperation object with the specified name to the task.
AddParameter

Adds a parameter to the list of parameters available to business rule (BizRule) scripts.
AddParameters

Adds parameters to the list of parameters available to business rule (BizRule) scripts.
AddPolicyAdministrator

Adds the specified security identifier (SID) in text form to the list of principals that act as policy administrators. (IAzApplication.AddPolicyAdministrator)
AddPolicyAdministrator

Adds the specified security identifier (SID) in text form to the list of principals that act as policy administrators. (IAzAuthorizationStore.AddPolicyAdministrator)
AddPolicyAdministrator

The AddPolicyAdministrator method of IAzScope adds the specified security identifier in text form to the list of principals that act as policy administrators.
AddPolicyAdministratorName

Adds the specified account name to the list of principals that act as policy administrators. (IAzApplication.AddPolicyAdministratorName)
AddPolicyAdministratorName

Adds the specified account name to the list of principals that act as policy administrators. (IAzAuthorizationStore.AddPolicyAdministratorName)
AddPolicyAdministratorName

The AddPolicyAdministratorName method of IAzScope adds the specified account name to the list of principals that act as policy administrators.
AddPolicyReader

Adds the specified security identifier (SID) in text form to the list of principals that act as policy readers. (IAzApplication.AddPolicyReader)
AddPolicyReader

Adds the specified security identifier (SID) in text form to the list of principals that act as policy readers. (IAzAuthorizationStore.AddPolicyReader)
AddPolicyReader

The AddPolicyReader method of IAzScope adds the specified security identifier in text form to the list of principals that act as policy readers.
AddPolicyReaderName

Adds the specified account name to the list of principals that act as policy readers. (IAzApplication.AddPolicyReaderName)
AddPolicyReaderName

Adds the specified account name to the list of principals that act as policy readers. (IAzAuthorizationStore.AddPolicyReaderName)
AddPolicyReaderName

The AddPolicyReaderName method of IAzScope adds the specified account name to the list of principals that act as policy readers.
AddPolicyServer

Registers a certificate enrollment policy (CEP) server and saves CEP access credentials in the credential cache.
AddPropertyItem

Adds the specified principal to the specified list of principals. (IAzApplication.AddPropertyItem)
AddPropertyItem

Adds the specified entity to the specified list. (IAzApplicationGroup.AddPropertyItem)
AddPropertyItem

Adds the specified principal to the specified list of principals. (IAzAuthorizationStore.AddPropertyItem)
AddPropertyItem

Adds the specified entity to the specified list. (IAzRole.AddPropertyItem)
AddPropertyItem

Adds the specified principal to the specified list of principals. (IAzScope.AddPropertyItem)
AddPropertyItem

Adds the specified entity to the specified list. (IAzTask.AddPropertyItem)
AddRange

Adds a range of ICryptAttribute objects to the collection. The attributes are contained in another ICryptAttributes collection.
AddRange

Adds a range of IObjectId objects to the collection.
AddRange

Adds a range of IX509Extension objects to the collection.
AddResourceAttributeAce

Adds a SYSTEM_RESOURCE_ATTRIBUTE_ACEaccess control entry (ACE) to the end of a system access control list (SACL).
AddRoleDefinition

Adds the specified IAzRoleDefinition object to this IAzRoleAssignment object.
AddRoleDefinition

Adds the specified IAzRoleDefinition object to this IAzRoleDefinition object.
AddRoles

Adds the specified array of existing IAzRole objects to the client context.
AddScopedPolicyIDAce

Adds a SYSTEM_SCOPED_POLICY_ID_ACEaccess control entry (ACE) to the end of a system access control list (SACL).
AddSecurityPackageA

Adds a security support provider to the list of providers supported by Microsoft Negotiate. (ANSI)
AddSecurityPackageW

Adds a security support provider to the list of providers supported by Microsoft Negotiate. (Unicode)
AddStringSids

Adds an array of string representations of security identifiers (SIDs) to the client context.
AddTask

Adds the IAzTask object with the specified name to the role.
AddTask

Adds the IAzTask object with the specified name to the task.
AddToCache

Caches the specified identity in the registry.
AdjustTokenGroups

Enables or disables groups already present in the specified access token. Access to TOKEN_ADJUST_GROUPS is required to enable or disable groups in an access token.
AdjustTokenPrivileges

Enables or disables privileges in the specified access token. Enabling or disabling privileges in an access token requires TOKEN_ADJUST_PRIVILEGES access.
Advise

Allows a calling application to specify the list of identity events for which the application is to be notified.
AllocateAndInitializeSid

Allocates and initializes a security identifier (SID) with up to eight subauthorities.
AllocateLocallyUniqueId

Allocates a locally unique identifier (LUID).
AppendText

Appends a string to the status information contained in the Text property.
ApplyControlToken

Provides a way to apply a control token to a security context.
AreAllAccessesGranted

Checks whether a set of requested access rights has been granted. The access rights are represented as bit flags in an access mask.
AreAnyAccessesGranted

Tests whether any of a set of requested access rights has been granted. The access rights are represented as bit flags in an access mask.
AssociateIdentity

Associates an identity with a local user account.
AuditComputeEffectivePolicyBySid

Computes the effective audit policy for one or more subcategories for the specified security principal. The function computes effective audit policy by combining system audit policy with per-user policy.
AuditComputeEffectivePolicyByToken

Computes the effective audit policy for one or more subcategories for the security principal associated with the specified token. The function computes effective audit policy by combining system audit policy with per-user policy.
AuditEnumerateCategories

Enumerates the available audit-policy categories.
AuditEnumeratePerUserPolicy

Enumerates users for whom per-user auditing policy is specified.
AuditEnumerateSubCategories

Enumerates the available audit-policy subcategories.
AuditFree

Frees the memory allocated by audit functions for the specified buffer.
AuditLookupCategoryGuidFromCategoryId

Retrieves a GUID structure that represents the specified audit-policy category.
AuditLookupCategoryIdFromCategoryGuid

Retrieves an element of the POLICY_AUDIT_EVENT_TYPE enumeration that represents the specified audit-policy category.
AuditLookupCategoryNameA

Retrieves the display name of the specified audit-policy category. (ANSI)
AuditLookupCategoryNameW

Retrieves the display name of the specified audit-policy category. (Unicode)
AuditLookupSubCategoryNameA

Retrieves the display name of the specified audit-policy subcategory. (ANSI)
AuditLookupSubCategoryNameW

Retrieves the display name of the specified audit-policy subcategory. (Unicode)
AuditQueryGlobalSaclA

Retrieves a global system access control list (SACL) that delegates access to the audit messages. (ANSI)
AuditQueryGlobalSaclW

Retrieves a global system access control list (SACL) that delegates access to the audit messages. (Unicode)
AuditQueryPerUserPolicy

Retrieves per-user audit policy in one or more audit-policy subcategories for the specified principal.
AuditQuerySecurity

Retrieves security descriptor that delegates access to audit policy.
AuditQuerySystemPolicy

Retrieves system audit policy for one or more audit-policy subcategories.
AuditSetGlobalSaclA

Sets a global system access control list (SACL) that delegates access to the audit messages. (ANSI)
AuditSetGlobalSaclW

Sets a global system access control list (SACL) that delegates access to the audit messages. (Unicode)
AuditSetPerUserPolicy

Sets per-user audit policy in one or more audit subcategories for the specified principal.
AuditSetSecurity

Sets a security descriptor that delegates access to audit policy.
AuditSetSystemPolicy

Sets system audit policy for one or more audit-policy subcategories.
AuthzAccessCheck

Determines which access bits can be granted to a client for a given set of security descriptors.
AuthzAddSidsToContext

Creates a copy of an existing context and appends a given set of security identifiers (SIDs) and restricted SIDs.
AuthzCachedAccessCheck

Performs a fast access check based on a cached handle containing the static granted bits from a previous AuthzAccessCheck call.
AuthzEnumerateSecurityEventSources

Retrieves the registered security event sources that are not installed by default.
AuthzFreeAuditEvent

Frees the structure allocated by the AuthzInitializeObjectAccessAuditEvent function.
AuthzFreeCentralAccessPolicyCache

Decreases the CAP cache reference count by one so that the CAP cache can be deallocated.
AuthzFreeContext

Frees all structures and memory associated with the client context. The list of handles for a client is freed in this call.
AuthzFreeHandle

Finds and deletes a handle from the handle list.
AuthzFreeResourceManager

Frees a resource manager object.
AuthzGetInformationFromContext

Returns information about an Authz context.
AuthzInitializeCompoundContext

Creates a user-mode context from the given user and device security contexts.
AuthzInitializeContextFromAuthzContext

Creates a new client context based on an existing client context.
AuthzInitializeContextFromSid

Creates a user-mode client context from a user security identifier (SID).
AuthzInitializeContextFromToken

Initializes a client authorization context from a kernel token. The kernel token must have been opened for TOKEN_QUERY.
AuthzInitializeObjectAccessAuditEvent

Initializes auditing for an object.
AuthzInitializeObjectAccessAuditEvent2

Allocates and initializes an AUTHZ_AUDIT_EVENT_HANDLE handle for use with the AuthzAccessCheck function.
AuthzInitializeRemoteResourceManager

Allocates and initializes a remote resource manager. The caller can use the resulting handle to make RPC calls to a remote instance of the resource manager configured on a server.
AuthzInitializeResourceManager

Uses Authz to verify that clients have access to various resources.
AuthzInitializeResourceManagerEx

Allocates and initializes a resource manager structure.
AuthzInstallSecurityEventSource

Installs the specified source as a security event source.
AuthzModifyClaims

Adds, deletes, or modifies user and device claims in the Authz client context.
AuthzModifySecurityAttributes

Modifies the security attribute information in the specified client context.
AuthzModifySids

Adds, deletes, or modifies user and device groups in the Authz client context.
AuthzOpenObjectAudit

Reads the system access control list (SACL) of the specified security descriptor and generates any appropriate audits specified by that SACL.
AuthzRegisterCapChangeNotification

Registers a CAP update notification callback.
AuthzRegisterSecurityEventSource

Registers a security event source with the Local Security Authority (LSA).
AuthzReportSecurityEvent

Generates a security audit for a registered security event source.
AuthzReportSecurityEventFromParams

Generates a security audit for a registered security event source by using the specified array of audit parameters.
AuthzSetAppContainerInformation

Sets the app container and capability information in a current Authz context.
AuthzUninstallSecurityEventSource

Removes the specified source from the list of valid security event sources.
AuthzUnregisterCapChangeNotification

Removes a previously registered CAP update notification callback.
AuthzUnregisterSecurityEventSource

Unregisters a security event source with the Local Security Authority (LSA).
BCRYPT_INIT_AUTH_MODE_INFO

Initializes a BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO structure for use in calls to BCryptEncrypt and BCryptDecrypt functions.
BCryptAddContextFunction

Adds a cryptographic function to the list of functions that are supported by an existing CNG context.
BCryptCloseAlgorithmProvider

Closes an algorithm provider.
BCryptConfigureContext

Sets the configuration information for an existing CNG context.
BCryptConfigureContextFunction

Sets the configuration information for the cryptographic function of an existing CNG context.
BCryptCreateContext

Creates a new CNG configuration context.
BCryptCreateHash

Called to create a hash or Message Authentication Code (MAC) object.
BCryptCreateMultiHash

The BCryptCreateMultiHash function creates a multi-hash state that allows for the parallel computation of multiple hash operations.
BCryptDecrypt

Decrypts a block of data.
BCryptDeleteContext

Deletes an existing CNG configuration context.
BCryptDeriveKey

Derives a key from a secret agreement value. (BCryptDeriveKey)
BCryptDeriveKeyCapi

Derives a key from a hash value.
BCryptDeriveKeyPBKDF2

Derives a key from a hash value by using the PBKDF2 key derivation algorithm as defined by RFC 2898.
BCryptDestroyHash

Destroys a hash or Message Authentication Code (MAC) object.
BCryptDestroyKey

Destroys a key.
BCryptDestroySecret

Destroys a secret agreement handle that was created by using the BCryptSecretAgreement function.
BCryptDuplicateHash

Duplicates an existing hash or Message Authentication Code (MAC) object.
BCryptDuplicateKey

Creates a duplicate of a symmetric key.
BCryptEncrypt

Encrypts a block of data. (BCryptEncrypt)
BCryptEnumAlgorithms

Gets a list of the registered algorithm identifiers.
BCryptEnumContextFunctionProviders

Obtains the providers for the cryptographic functions for a context in the specified configuration table.
BCryptEnumContextFunctions

Obtains the cryptographic functions for a context in the specified configuration table.
BCryptEnumContexts

Obtains the identifiers of the contexts in the specified configuration table.
BCryptEnumProviders

Obtains all of the CNG providers that support a specified algorithm.
BCryptEnumRegisteredProviders

Retrieves information about the registered providers.
BCryptExportKey

Exports a key to a memory BLOB that can be persisted for later use.
BCryptFinalizeKeyPair

Completes a public/private key pair.
BCryptFinishHash

Retrieves the hash or Message Authentication Code (MAC) value for the data accumulated from prior calls to BCryptHashData.
BCryptFreeBuffer

Used to free memory that was allocated by one of the CNG functions.
BCryptGenerateKeyPair

Creates an empty public/private key pair.
BCryptGenerateSymmetricKey

Creates a key object for use with a symmetrical key encryption algorithm from a supplied key.
BCryptGenRandom

Generates a random number.
BCryptGetFipsAlgorithmMode

Determines whether Federal Information Processing Standard (FIPS) compliance is enabled.
BCryptGetProperty

Retrieves the value of a named property for a CNG object.
BCryptHash

Performs a single hash computation. This is a convenience function that wraps calls to BCryptCreateHash, BCryptHashData, BCryptFinishHash, and BCryptDestroyHash.
BCryptHashData

Performs a one way hash or Message Authentication Code (MAC) on a data buffer.
BCryptImportKey

Imports a symmetric key from a key BLOB.
BCryptImportKeyPair

Imports a public/private key pair from a key BLOB.
BCryptKeyDerivation

Derives a key without requiring a secret agreement.
BCryptOpenAlgorithmProvider

Loads and initializes a CNG provider.
BCryptProcessMultiOperations

The BCryptProcessMultiOperations function processes a sequence of operations on a multi-object state.
BCryptQueryContextConfiguration

Retrieves the current configuration for the specified CNG context.
BCryptQueryContextFunctionConfiguration

Obtains the cryptographic function configuration information for an existing CNG context.
BCryptQueryContextFunctionProperty

Obtains the value of a named property for a cryptographic function in an existing CNG context.
BCryptQueryProviderRegistration

Retrieves information about a CNG provider.
BCryptRegisterConfigChangeNotify

Creates a user mode CNG configuration change event handler.
BCryptRemoveContextFunction

Removes a cryptographic function from the list of functions that are supported by an existing CNG context.
BCryptResolveProviders

Obtains a collection of all of the providers that meet the specified criteria.
BCryptSecretAgreement

Creates a secret agreement value from a private and a public key. (BCryptSecretAgreement)
BCryptSetContextFunctionProperty

Sets the value of a named property for a cryptographic function in an existing CNG context.
BCryptSetProperty

Sets the value of a named property for a CNG object.
BCryptSignHash

Creates a signature of a hash value. (BCryptSignHash)
BCryptUnregisterConfigChangeNotify

Removes a user mode CNG configuration change event handler that was created by using the BCryptRegisterConfigChangeNotify(HANDLE*) function.
BCryptVerifySignature

Verifies that the specified signature matches the specified hash. (BCryptVerifySignature)
binaryBlobToString

Converts a binary data BLOB to a string. This method uses the CryptBinaryToString function to perform the conversion. This method was first defined in the IEnroll4 interface.
binaryToString

Converts a binary data BLOB to a string. This method was first defined in the ICEnroll4 interface.
BizruleGroupSupported

Returns a Boolean value that specifies whether this IAzAuthorizationStore3 object supports application groups that use business rule (BizRule) scripts.
BuildExplicitAccessWithNameA

Initializes an EXPLICIT_ACCESS structure with data specified by the caller. The trustee is identified by a name string. (ANSI)
BuildExplicitAccessWithNameW

Initializes an EXPLICIT_ACCESS structure with data specified by the caller. The trustee is identified by a name string. (Unicode)
BuildSecurityDescriptorA

Allocates and initializes a new security descriptor. (ANSI)
BuildSecurityDescriptorW

Allocates and initializes a new security descriptor. (Unicode)
BuildTrusteeWithNameA

Initializes a TRUSTEE structure. The caller specifies the trustee name. The function sets other members of the structure to default values. (ANSI)
BuildTrusteeWithNameW

Initializes a TRUSTEE structure. The caller specifies the trustee name. The function sets other members of the structure to default values. (Unicode)
BuildTrusteeWithObjectsAndNameA

Initializes a TRUSTEE structure with the object-specific access control entry (ACE) information and initializes the remaining members of the structure to default values. The caller also specifies the name of the trustee. (ANSI)
BuildTrusteeWithObjectsAndNameW

Initializes a TRUSTEE structure with the object-specific access control entry (ACE) information and initializes the remaining members of the structure to default values. The caller also specifies the name of the trustee. (Unicode)
BuildTrusteeWithObjectsAndSidA

Initializes a TRUSTEE structure with the object-specific access control entry (ACE) information and initializes the remaining members of the structure to default values. (ANSI)
BuildTrusteeWithObjectsAndSidW

Initializes a TRUSTEE structure with the object-specific access control entry (ACE) information and initializes the remaining members of the structure to default values. (Unicode)
BuildTrusteeWithSidA

Initializes a TRUSTEE structure. The caller specifies the security identifier (SID) of the trustee. The function sets other members of the structure to default values and does not look up the name associated with the SID. (ANSI)
BuildTrusteeWithSidW

Initializes a TRUSTEE structure. The caller specifies the security identifier (SID) of the trustee. The function sets other members of the structure to default values and does not look up the name associated with the SID. (Unicode)
CAImportPFX

Imports a certification authority (CA) certificate and its associated private key into the local computer store.
CancelConnectNotify

Calls CancelConnectNotify before and after each cancel connection operation (WNetCancelConnection and WNetCancelConnection2).
CertAddCertificateContextToStore

Adds a certificate context to the certificate store.
CertAddCertificateLinkToStore

Adds a link in a certificate store to a certificate context in a different store.
CertAddCRLContextToStore

Adds a certificate revocation list (CRL) context to the specified certificate store.
CertAddCRLLinkToStore

Adds a link in a store to a certificate revocation list (CRL) context in a different store.
CertAddCTLContextToStore

Adds a certificate trust list (CTL) context to a certificate store.
CertAddCTLLinkToStore

The CertAddCTLLinkToStore function adds a link in a store to a certificate trust list (CTL) context in a different store. Instead of creating and adding a duplicate of a CTL context, this function adds a link to the original CTL context.
CertAddEncodedCertificateToStore

Creates a certificate context from an encoded certificate and adds it to the certificate store.
CertAddEncodedCertificateToSystemStoreA

Opens the specified system store and adds the encoded certificate to it. (ANSI)
CertAddEncodedCertificateToSystemStoreW

Opens the specified system store and adds the encoded certificate to it. (Unicode)
CertAddEncodedCRLToStore

Creates a certificate revocation list (CRL) context from an encoded CRL and adds it to the certificate store.
CertAddEncodedCTLToStore

Creates a certificate trust list (CTL) context from an encoded CTL and adds it to the certificate store.
CertAddEnhancedKeyUsageIdentifier

The CertAddEnhancedKeyUsageIdentifier function adds a usage identifier object identifier (OID) to the enhanced key usage (EKU) extended property of the certificate.
CertAddRefServerOcspResponse

Increments the reference count for an HCERT_SERVER_OCSP_RESPONSE handle.
CertAddRefServerOcspResponseContext

Increments the reference count for a CERT_SERVER_OCSP_RESPONSE_CONTEXT structure.
CertAddSerializedElementToStore

Adds a serialized certificate, certificate revocation list (CRL), or certificate trust list (CTL) element to the store.
CertAddStoreToCollection

The CertAddStoreToCollection function adds a sibling certificate store to a collection certificate store.
CertAlgIdToOID

Converts a CryptoAPI algorithm identifier (ALG_ID) to an Abstract Syntax Notation One (ASN.1) object identifier (OID) string.
CertCloseServerOcspResponse

Closes an online certificate status protocol (OCSP) server response handle.
CertCloseStore

Closes a certificate store handle and reduces the reference count on the store.
CertCompareCertificate

Determines whether two certificates are identical by comparing the issuer name and serial number of the certificates.
CertCompareCertificateName

The CertCompareCertificateName function compares two certificate CERT_NAME_BLOB structures to determine whether they are identical. The CERT_NAME_BLOB structures are used for the subject and the issuer of certificates.
CertCompareIntegerBlob

The CertCompareIntegerBlob function compares two integer BLOBs to determine whether they represent equal numeric values.
CertComparePublicKeyInfo

The CertComparePublicKeyInfo function compares two encoded public keys to determine whether they are identical.
CertControlStore

Allows an application to be notified when there is a difference between the contents of a cached store in use and the contents of that store as it is persisted to storage.
CertCreateCertificateChainEngine

The CertCreateCertificateChainEngine function creates a new, nondefault chain engine for an application.
CertCreateCertificateContext

Creates a certificate context from an encoded certificate. The created context is not persisted to a certificate store. The function makes a copy of the encoded certificate within the created context.
CertCreateContext

Creates the specified context from the encoded bytes. The context created does not include any extended properties.
CertCreateCRLContext

The CertCreateCRLContext function creates a certificate revocation list (CRL) context from an encoded CRL. The created context is not persisted to a certificate store. It makes a copy of the encoded CRL within the created context.
CertCreateCTLContext

The CertCreateCTLContext function creates a certificate trust list (CTL) context from an encoded CTL. The created context is not persisted to a certificate store. The function makes a copy of the encoded CTL within the created context.
CertCreateCTLEntryFromCertificateContextProperties

The CertCreateCTLEntryFromCertificateContextProperties function creates a certificate trust list (CTL) entry whose attributes are the properties of the certificate context. The SubjectIdentifier in the CTL entry is the SHA1 hash of the certificate.
CertCreateSelfSignCertificate

Builds a self-signed certificate and returns a pointer to a CERT_CONTEXT structure that represents the certificate.
CertDeleteCertificateFromStore

The CertDeleteCertificateFromStore function deletes the specified certificate context from the certificate store.
CertDeleteCRLFromStore

The CertDeleteCRLFromStore function deletes the specified certificate revocation list (CRL) context from the certificate store.
CertDeleteCTLFromStore

The CertDeleteCTLFromStore function deletes the specified certificate trust list (CTL) context from a certificate store.
CertDuplicateCertificateChain

The CertDuplicateCertificateChain function duplicates a pointer to a certificate chain by incrementing the chain's reference count.
CertDuplicateCertificateContext

Duplicates a certificate context by incrementing its reference count.
CertDuplicateCRLContext

The CertDuplicateCRLContext function duplicates a certificate revocation list (CRL) context by incrementing its reference count.
CertDuplicateCTLContext

The CertDuplicateCTLContext function duplicates a certificate trust list (CTL) context by incrementing its reference count.
CertDuplicateStore

Duplicates a store handle by incrementing the store's reference count.
CertEnumCertificateContextProperties

The CertEnumCertificateContextProperties function retrieves the first or next extended property associated with a certificate context.
CertEnumCertificatesInStore

Retrieves the first or next certificate in a certificate store. Used in a loop, this function can retrieve in sequence all certificates in a certificate store.
CertEnumCRLContextProperties

The CertEnumCRLContextProperties function retrieves the first or next extended property associated with a certificate revocation list (CRL) context.
CertEnumCRLsInStore

The CertEnumCRLsInStore function retrieves the first or next certificate revocation list (CRL) context in a certificate store. Used in a loop, this function can retrieve in sequence all CRL contexts in a certificate store.
CertEnumCTLContextProperties

The CertEnumCTLContextProperties function retrieves the first or next extended property associated with a certificate trust list (CTL) context. Used in a loop, this function can retrieve in sequence all extended properties associated with a CTL context.
CertEnumCTLsInStore

The CertEnumCTLsInStore function retrieves the first or next certificate trust list (CTL) context in a certificate store. Used in a loop, this function can retrieve in sequence all CTL contexts in a certificate store.
CertEnumPhysicalStore

The CertEnumPhysicalStore function retrieves the physical stores on a computer. The function calls the provided callback function for each physical store found.
CertEnumSubjectInSortedCTL

Retrieves the first or next TrustedSubject in a sorted certificate trust list (CTL).
CertEnumSystemStore

The CertEnumSystemStore function retrieves the system stores available. The function calls the provided callback function for each system store found.
CertEnumSystemStoreLocation

The CertEnumSystemStoreLocation function retrieves all of the system store locations. The function calls the provided callback function for each system store location found.
CertFindAttribute

The CertFindAttribute function finds the first attribute in the CRYPT_ATTRIBUTE array, as identified by its object identifier (OID).
CertFindCertificateInCRL

The CertFindCertificateInCRL function searches the certificate revocation list (CRL) for the specified certificate.
CertFindCertificateInStore

Finds the first or next certificate context in a certificate store that matches a search criteria established by the dwFindType and its associated pvFindPara.
CertFindChainInStore

Finds the first or next certificate in a store that meets the specified criteria.
CertFindCRLInStore

Finds the first or next certificate revocation list (CRL) context in a certificate store that matches a search criterion established by the dwFindType parameter and the associated pvFindPara parameter.
CertFindCTLInStore

Finds the first or next certificate trust list (CTL) context that matches search criteria established by the dwFindType and its associated pvFindPara.
CertFindExtension

The CertFindExtension function finds the first extension in the CERT_EXTENSION array, as identified by its object identifier (OID).
CertFindRDNAttr

The CertFindRDNAttr function finds the first RDN attribute identified by its object identifier (OID) in a list of the Relative Distinguished Names (RDN).
CertFindSubjectInCTL

The CertFindSubjectInCTL function attempts to find the specified subject in a certificate trust list (CTL).
CertFindSubjectInSortedCTL

The CertFindSubjectInSortedCTL function attempts to find the specified subject in a sorted certificate trust list (CTL).
CertFreeCertificateChain

The CertFreeCertificateChain function frees a certificate chain by reducing its reference count. If the reference count becomes zero, memory allocated for the chain is released.
CertFreeCertificateChainEngine

The CertFreeCertificateChainEngine function frees a certificate trust engine.
CertFreeCertificateChainList

Frees the array of pointers to chain contexts.
CertFreeCertificateContext

Frees a certificate context by decrementing its reference count. When the reference count goes to zero, CertFreeCertificateContext frees the memory used by a certificate context.
CertFreeCRLContext

Frees a certificate revocation list (CRL) context by decrementing its reference count.
CertFreeCTLContext

Frees a certificate trust list (CTL) context by decrementing its reference count.
CertFreeServerOcspResponseContext

Decrements the reference count for a CERT_SERVER_OCSP_RESPONSE_CONTEXT structure.
CertGetCertificateChain

Builds a certificate chain context starting from an end certificate and going back, if possible, to a trusted root certificate.
CertGetCertificateContextProperty

Retrieves the information contained in an extended property of a certificate context.
CertGetCRLContextProperty

Gets an extended property for the specified certificate revocation list (CRL) context.
CertGetCRLFromStore

Gets the first or next certificate revocation list (CRL) context from the certificate store for the specified issuer.
CertGetCTLContextProperty

Retrieves an extended property of a certificate trust list (CTL) context.
CertGetEnhancedKeyUsage

Returns information from the enhanced key usage (EKU) extension or the EKU extended property of a certificate.
CertGetIntendedKeyUsage

Acquires the intended key usage bytes from a certificate.
CertGetIssuerCertificateFromStore

Retrieves the certificate context from the certificate store for the first or next issuer of the specified subject certificate. The new Certificate Chain Verification Functions are recommended instead of the use of this function.
CertGetNameStringA

Obtains the subject or issuer name from a certificate CERT_CONTEXT structure and converts it to a null-terminated character string. (ANSI)
CertGetNameStringW

Obtains the subject or issuer name from a certificate CERT_CONTEXT structure and converts it to a null-terminated character string. (Unicode)
CertGetPublicKeyLength

The CertGetPublicKeyLength function acquires the bit length of public/private keys from a public key BLOB.
CertGetServerOcspResponseContext

Retrieves a non-blocking, time valid online certificate status protocol (OCSP) response context for the specified handle.
CertGetStoreProperty

Retrieves a store property.
CertGetSubjectCertificateFromStore

Returns from a certificate store a subject certificate context uniquely identified by its issuer and serial number.
CertGetValidUsages

Returns an array of usages that consist of the intersection of the valid usages for all certificates in an array of certificates.
CertIsRDNAttrsInCertificateName

The CertIsRDNAttrsInCertificateName function compares the attributes in the certificate name with the specified CERT_RDN to determine whether all attributes are included there.
CertIsStrongHashToSign

Determines whether the specified hash algorithm and the public key in the signing certificate can be used to perform strong signing.
CertIsValidCRLForCertificate

The CertIsValidCRLForCertificate function checks a CRL to find out if it is a CRL that would include a specific certificate if that certificate were revoked.
CertModifyCertificatesToTrust

Modifies the set of certificates in a certificate trust list (CTL) for a given purpose.
CertNameToStrA

Converts an encoded name in a CERT_NAME_BLOB structure to a null-terminated character string. (ANSI)
CertNameToStrW

Converts an encoded name in a CERT_NAME_BLOB structure to a null-terminated character string. (Unicode)
CertOIDToAlgId

Use the CryptFindOIDInfo function instead of this function because ALG_ID identifiers are no longer supported in CNG.
CertOpenServerOcspResponse

Opens a handle to an online certificate status protocol (OCSP) response associated with a server certificate chain.
CertOpenStore

Opens a certificate store by using a specified store provider type.
CertOpenSystemStoreA

Opens the most common system certificate store. To open certificate stores with more complex requirements, such as file-based or memory-based stores, use CertOpenStore. (ANSI)
CertOpenSystemStoreW

Opens the most common system certificate store. To open certificate stores with more complex requirements, such as file-based or memory-based stores, use CertOpenStore. (Unicode)
CertRDNValueToStrA

The CertRDNValueToStr function converts a name in a CERT_RDN_VALUE_BLOB to a null-terminated character string. (ANSI)
CertRDNValueToStrW

The CertRDNValueToStr function converts a name in a CERT_RDN_VALUE_BLOB to a null-terminated character string. (Unicode)
CertRegisterPhysicalStore

Adds a physical store to a registry system store collection.
CertRegisterSystemStore

Registers a system store.
CertRemoveEnhancedKeyUsageIdentifier

The CertRemoveEnhancedKeyUsageIdentifier function removes a usage identifier object identifier (OID) from the enhanced key usage (EKU) extended property of the certificate.
CertRemoveStoreFromCollection

Removes a sibling certificate store from a collection store.
CertResyncCertificateChainEngine

Resyncs the certificate chain engine, which resynchronizes the stores the store's engine and updates the engine caches.
CertRetrieveLogoOrBiometricInfo

Performs a URL retrieval of logo or biometric information specified in either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT certificate extension.
CertSaveStore

Saves the certificate store to a file or to a memory BLOB.
CertSelectCertificateA

Presents a dialog box that allows the user to select certificates from a set of certificates that match the given criteria. (ANSI)
CertSelectCertificateChains

Retrieves certificate chains based on specified selection criteria.
CertSelectCertificateW

Presents a dialog box that allows the user to select certificates from a set of certificates that match the given criteria. (Unicode)
CertSelectionGetSerializedBlob

A helper function used to retrieve a serialized certificate BLOB from a CERT_SELECTUI_INPUT structure.
CertSerializeCertificateStoreElement

The CertSerializeCertificateStoreElement function serializes a certificate context's encoded certificate and its encoded properties. The result can be persisted to storage so that the certificate and properties can be retrieved at a later time.
CertSerializeCRLStoreElement

The CertSerializeCRLStoreElement function serializes an encoded certificate revocation list (CRL) context and the encoded representation of its properties.
CertSerializeCTLStoreElement

The CertSerializeCTLStoreElement function serializes an encoded certificate trust list (CTL) context and the encoded representation of its properties. The result can be persisted to storage so that the CTL and properties can be retrieved later.
CertSetCertificateContextPropertiesFromCTLEntry

Sets the properties on the certificate context by using the attributes in the specified certificate trust list (CTL) entry.
CertSetCertificateContextProperty

Sets an extended property for a specified certificate context.
CertSetCRLContextProperty

Sets an extended property for the specified certificate revocation list (CRL) context.
CertSetCTLContextProperty

Sets an extended property for the specified certificate trust list (CTL) context.
CertSetEnhancedKeyUsage

The CertSetEnhancedKeyUsage function sets the enhanced key usage (EKU) property for the certificate.
CertSetStoreProperty

The CertSetStoreProperty function sets a store property.
CertSrvBackupClose

Closes the file opened by the CertSrvBackupOpenFile function.
CertSrvBackupEnd

Ends a Certificate Services backup session.
CertSrvBackupFree

Used to free memory allocated from certain Certificate Services Backup APIs.
CertSrvBackupGetBackupLogsW

Retrieves the list of Certificate Services log file names that need to be backed up for the given backup context.
CertSrvBackupGetDatabaseNamesW

Retrieves the list of Certificate Services database file names that need to be backed up for the given backup context.
CertSrvBackupGetDynamicFileListW

Retrieves the list of Certificate Services dynamic file names that need to be backed up for the given backup context.
CertSrvBackupOpenFileW

Opens a file for backup.
CertSrvBackupPrepareW

Used to prepare a Certificate Services server for backup operations.
CertSrvBackupRead

Reads bytes from a Certificate Services file.
CertSrvBackupTruncateLogs

Eliminates redundant records and reduces the disk storage space used by log files.
CertSrvIsServerOnlineW

Determines if a Certificate Services server is online; if the Certificate Services server is not online, backup operations will not be successful.
CertSrvRestoreEnd

Ends a Certificate Services restore session.
CertSrvRestoreGetDatabaseLocationsW

Used both in backup and restore scenarios and retrieves the list of Certificate Services database location names for all the files being backed up or restored.
CertSrvRestorePrepareW

Prepares a Certificate Services instance for restore operations.
CertSrvRestoreRegisterComplete

Completes a registered Certificate Services restore operation.
CertSrvRestoreRegisterThroughFile

Registers a Certificate Services restore. (CertSrvRestoreRegisterThroughFile)
CertSrvRestoreRegisterW

Registers a Certificate Services restore. (CertSrvRestoreRegisterW)
CertSrvServerControlW

Issues a service control command to programmatically stop Certificate Services.
CertStrToNameA

Converts a null-terminated X.500 string to an encoded certificate name. (ANSI)
CertStrToNameW

Converts a null-terminated X.500 string to an encoded certificate name. (Unicode)
CertUnregisterPhysicalStore

The CertUnregisterPhysicalStore function removes a physical store from a specified system store collection. CertUnregisterPhysicalStore can also be used to delete the physical store.
CertUnregisterSystemStore

The CertUnregisterSystemStore function unregisters a specified system store.
CertVerifyCertificateChainPolicy

Checks a certificate chain to verify its validity, including its compliance with any specified validity policy criteria.
CertVerifyCRLRevocation

Check a certificate revocation list (CRL) to determine whether a subject's certificate has or has not been revoked.
CertVerifyCRLTimeValidity

The CertVerifyCRLTimeValidity function verifies the time validity of a CRL.
CertVerifyCTLUsage

Verifies that a subject is trusted for a specified usage by finding a signed and time-valid certificate trust list (CTL) with the usage identifiers that contain the subject.
CertVerifyRevocation

Checks the revocation status of the certificates contained in the rgpvContext array. If a certificate in the list is found to be revoked, no further checking is done.
CertVerifySubjectCertificateContext

The CertVerifySubjectCertificateContext function performs the enabled verification checks on a certificate by checking the validity of the certificate's issuer. The new Certificate Chain Verification Functions are recommended instead of this function.
CertVerifyTimeValidity

The CertVerifyTimeValidity function verifies the time validity of a certificate.
CertVerifyValidityNesting

The CertVerifyValidityNesting function verifies that a subject certificate's time validity nests correctly within its issuer's time validity.
CertViewPropertiesA

The CertViewProperties function displays the properties for a certificate in a user interface (UI) dialog box. This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to CryptDlg.dll. (ANSI)
CertViewPropertiesW

The CertViewProperties function displays the properties for a certificate in a user interface (UI) dialog box. This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to CryptDlg.dll. (Unicode)
ChangeAccountPasswordA

Changes the password for a Windows domain account by using the specified Security Support Provider. (ANSI)
ChangeAccountPasswordW

Changes the password for a Windows domain account by using the specified Security Support Provider. (Unicode)
ChangeCredential

Changes the credentials associated with the specified identity.
ChangeServiceConfig2A

Changes the optional configuration parameters of a service. (ANSI)
ChangeServiceConfig2W

Changes the optional configuration parameters of a service. (Unicode)
CheckCertificateSignature

Verifies the signature for a specified signer.
CheckCertificateSignature

Verifies the certificate signature.
CheckPublicKeySignature

Verifies the certificate signature by using the public key of the signing certificate.
CheckSignature

Verifies that the certificate request has been signed and that the signature is valid. (IX509CertificateRequestCmc2.CheckSignature)
CheckSignature

Verifies that the certificate request has been signed and that the signature is valid. (IX509CertificateRequestPkcs10.CheckSignature)
CheckTokenCapability

Checks the capabilities of a given token.
CheckTokenMembership

Determines whether a specified security identifier (SID) is enabled in an access token.
CheckTokenMembershipEx

Determines whether the specified SID is enabled in the specified token.
Clear

Removes all objects from the collection. (IAlternativeNames.Clear)
Clear

Removes all objects from the collection. (ICertificatePolicies.Clear)
Clear

Removes all ICertificationAuthority objects from the collection.
Clear

Removes all properties from the collection.
Clear

Removes all ICryptAttribute objects from the collection.
Clear

Removes all ICspAlgorithm objects from the collection.
Clear

Removes all ICspInformation objects from the collection.
Clear

Removes all ICspStatus objects from the collection.
Clear

Removes all IObjectId objects from the collection.
Clear

Removes all objects from the collection. (IPolicyQualifiers.Clear)
Clear

Removes all ISignerCertificate objects from the collection.
Clear

Removes all objects from the collection. (ISmimeCapabilities.Clear)
Clear

Removes all IX509Attribute objects from the collection.
Clear

Removes all IX509CertificateTemplate objects from the collection.
Clear

Removes all IX509Extension objects from the collection.
Clear

Removes all IX509NameValuePair objects from the collection.
Clear

Removes all IX509PolicyServerUrl objects from the collection.
Clone

Creates a copy of the attribute-enumeration sequence object in its current state.
Clone

Creates a copy of the column-enumeration sequence.
Clone

Creates a copy of the extension-enumeration sequence.
Close

Closes the endorsement key. You can only call the Close method after the Open method has been successfully called.
Close

Releases the handle of the cryptographic service provider (CSP) or the handle of the Cryptography API:_Next Generation (CNG) key storage provider (KSP).
CloseApplication

Unloads a specified IAzApplication object from the cache.
CloseHandle

The CloseHandle method closes a handle opened during a previous call to ISceSvcAttachmentData::Initialize.
CloseServiceHandle

Closes a handle to a service control manager or service object.
Commit

Deletes a template from or saves it to Active Directory.
CompleteAuthToken

Completes an authentication token. (CompleteAuthToken)
ComputeEffectivePermissionWithSecondarySecurity

Computes the effective permissions by using the secondary security for an object.
ComputeKeyIdentifier

Creates an identifier from a 160-bit SHA-1 hash of the public key.
ComputeSiteCosts

Is not currently used.
Configure

Displays the module user interface.
ConnectIdentity

Connects an identity to a domain user.
ControlService

Sends a control code to a service. (ControlService)
ControlServiceExA

Sends a control code to a service. (ControlServiceExA)
ControlServiceExW

Sends a control code to a service. (ControlServiceExW)
ConvertSecurityDescriptorToStringSecurityDescriptorA

Converts a security descriptor to a string format. You can use the string format to store or transmit the security descriptor. (ANSI)
ConvertSecurityDescriptorToStringSecurityDescriptorW

Converts a security descriptor to a string format. You can use the string format to store or transmit the security descriptor. (Unicode)
ConvertSidToStringSidA

Converts a security identifier (SID) to a string format suitable for display, storage, or transmission. (ANSI)
ConvertSidToStringSidW

Converts a security identifier (SID) to a string format suitable for display, storage, or transmission. (Unicode)
ConvertStringSecurityDescriptorToSecurityDescriptorA

Converts a string-format security descriptor into a valid, functional security descriptor. (ANSI)
ConvertStringSecurityDescriptorToSecurityDescriptorW

Converts a string-format security descriptor into a valid, functional security descriptor. (Unicode)
ConvertStringSidToSidA

Converts a string-format security identifier (SID) into a valid, functional SID. You can use this function to retrieve a SID that the ConvertSidToStringSid function converted to string format. (ANSI)
ConvertStringSidToSidW

Converts a string-format security identifier (SID) into a valid, functional SID. You can use this function to retrieve a SID that the ConvertSidToStringSid function converted to string format. (Unicode)
ConvertToAutoInheritPrivateObjectSecurity

Converts a security descriptor and its access control lists (ACLs) to a format that supports automatic propagation of inheritable access control entries (ACEs).
ConvertToSid

Retrieves the security identifier (SID) associated with the specified identity and identity provider.
CopySid

Copies a security identifier (SID) to a buffer.
Create

Creates a new identity associated with the specified user name.
Create

Creates an asymmetric private key.
CreateApplication

Creates an IAzApplication object with the specified name.
CreateApplication2

Creates an IAzApplication2 object by using the specified name.
CreateApplicationGroup

Creates an IAzApplicationGroup object with the specified name. (IAzApplication.CreateApplicationGroup)
CreateApplicationGroup

Creates an IAzApplicationGroup object with the specified name. (IAzAuthorizationStore.CreateApplicationGroup)
CreateApplicationGroup

Creates an IAzApplicationGroup object with the specified name. (IAzScope.CreateApplicationGroup)
CreateCAConfiguration

Creates a new certification authority (CA) configuration and adds it to the configuration set.
createFilePFX

Saves the accepted certificate chain and private key in a file in Personal Information Exchange (PFX) format. This method was first defined in the ICEnroll4 interface.
createFilePFXWStr

Saves the accepted certificate chain and private key in a file in Personal Information Exchange (PFX) format.
createFilePKCS10

Creates a base64-encoded PKCS (ICEnroll.createFilePKCS10)
createFilePKCS10WStr

Creates a base64-encoded PKCS (IEnroll.createFilePKCS10WStr)
createFileRequest

Creates a PKCS (ICEnroll4.createFileRequest)
createFileRequestWStr

Creates a PKCS (IEnroll4.createFileRequestWStr)
CreateObject

Can be used to create an object in the user context on a webpage.
CreateObject

Creates an IX509EnrollmentHelper object on a webpage.
CreateOperation

Creates an IAzOperation object with the specified name.
createPFX

Saves the accepted certificate chain and private key in a Personal Information Exchange (PFX) format string. The PFX format is also known as PKCS (ICEnroll4.createPFX)
CreatePFX

Creates a Personal Information Exchange (PFX) message.
createPFXWStr

Saves the accepted certificate chain and private key in a Personal Information Exchange (PFX) format string. The PFX format is also known as PKCS (IEnroll4.createPFXWStr)
createPKCS10

Creates a base64-encoded PKCS (ICEnroll.createPKCS10)
createPKCS10WStr

Creates a base64-encoded PKCS (IEnroll.createPKCS10WStr)
CreatePKCS7RequestFromRequest

The CreatePKCS7RequestFromRequest method creates a PKCS
CreatePrivateObjectSecurity

Allocates and initializes a self-relative security descriptor for a new private object. A protected server calls this function when it creates a new private object.
CreatePrivateObjectSecurityEx

Allocates and initializes a self-relative security descriptor for a new private object created by the resource manager calling this function. (CreatePrivateObjectSecurityEx)
CreatePrivateObjectSecurityWithMultipleInheritance

Allocates and initializes a self-relative security descriptor for a new private object created by the resource manager calling this function. (CreatePrivateObjectSecurityWithMultipleInheritance)
CreateProperty

Creates a new property and adds it to a property set.
createRequest

Creates a PKCS (ICEnroll4.createRequest)
CreateRequest

Retrieves an encoded certificate request.
CreateRequestMessage

Create a PKCS10 request message with a challenge password. The request message is in an enveloped PKCS7 encrypted with the SCEP server encryption certificate and signed by the server signing certificate.
createRequestWStr

Creates a PKCS (IEnroll4.createRequestWStr)
CreateRestrictedToken

Creates a new access token that is a restricted version of an existing access token. The restricted token can have disabled security identifiers (SIDs), deleted privileges, and a list of restricting SIDs.
CreateRetrieveCertificateMessage

Retrieve a previously issued certificate.
CreateRetrievePendingMessage

Create a message for certificate polling (manual enrollment).
CreateRole

Creates an IAzRole object with the specified name. (IAzApplication.CreateRole)
CreateRole

Creates an IAzRole object with the specified name. (IAzScope.CreateRole)
CreateRoleAssignment

Creates a new IAzRoleAssignment object with the specified name.
CreateRoleAssignment

Creates a new IAzRoleAssignment object with the specified name in this scope.
CreateRoleDefinition

Creates a new IAzRoleDefinition object with the specified name.
CreateRoleDefinition

Creates a new IAzRoleDefinition object with the specified name in this scope.
CreateScope

Creates an IAzScope object with the specified name.
CreateScope2

Creates a new IAzScope2 object with the specified name.
CreateSecurityPage

Creates a basic security property page that enables the user to view and edit the access rights allowed or denied by the access control entries (ACEs) in an object's discretionary access control list (DACL).
CreateTask

Creates an IAzTask object with the specified name. (IAzApplication.CreateTask)
CreateTask

Creates an IAzTask object with the specified name. (IAzScope.CreateTask)
CreateVirtualSmartCard

Creates a TPM virtual smart card with the given parameters.
CreateWellKnownSid

Creates a SID for predefined aliases.
CredDeleteA

Deletes a credential from the user's credential set. (ANSI)
CredDeleteW

Deletes a credential from the user's credential set. (Unicode)
CredEnumerateA

Enumerates the credentials from the user's credential set. (ANSI)
CredEnumerateW

Enumerates the credentials from the user's credential set. (Unicode)
CredFindBestCredentialA

Searches the Credentials Management (CredMan) database for the set of generic credentials that are associated with the current logon session and that best match the specified target resource. (ANSI)
CredFindBestCredentialW

Searches the Credentials Management (CredMan) database for the set of generic credentials that are associated with the current logon session and that best match the specified target resource. (Unicode)
CredFree

The CredFree function frees a buffer returned by any of the credentials management functions.
CredFreeCredentialsFn

Frees memory used to store credentials used by a security package.
CredGetSessionTypes

The CredGetSessionTypes function returns the maximum persistence supported by the current logon session. A separate maximum persistence is returned for each credential type.
CredGetTargetInfoA

The CredGetTargetInfo function retrieves all known target name information for the named target computer. (ANSI)
CredGetTargetInfoW

The CredGetTargetInfo function retrieves all known target name information for the named target computer. (Unicode)
CredIsMarshaledCredentialA

Determines whether a specified user name string is a marshaled credential previously marshaled by CredMarshalCredential. (ANSI)
CredIsMarshaledCredentialW

Determines whether a specified user name string is a marshaled credential previously marshaled by CredMarshalCredential. (Unicode)
CredIsProtectedA

Specifies whether the specified credentials are encrypted by a previous call to the CredProtect function. (ANSI)
CredIsProtectedW

Specifies whether the specified credentials are encrypted by a previous call to the CredProtect function. (Unicode)
CrediUnmarshalandDecodeStringFn

Transforms a marshaled string back into its original form, and decrypts the unmarshaled string.
CredMarshalCredentialA

The CredMarshalCredential function transforms a credential into a text string. (ANSI)
CredMarshalCredentialW

The CredMarshalCredential function transforms a credential into a text string. (Unicode)
CredMarshalTargetInfo

Serializes the specified target into an array of byte values.
CredPackAuthenticationBufferA

Converts a string user name and password into an authentication buffer. (ANSI)
CredPackAuthenticationBufferW

Converts a string user name and password into an authentication buffer. (Unicode)
CredProtectA

Encrypts the specified credentials so that only the current security context can decrypt them. (ANSI)
CredProtectW

Encrypts the specified credentials so that only the current security context can decrypt them. (Unicode)
CredReadA

Reads a credential from the user's credential set. (ANSI)
CredReadDomainCredentialsA

Reads the domain credentials from the user's credential set. (ANSI)
CredReadDomainCredentialsFn

Reads a domain credential from the Credential Manager.
CredReadDomainCredentialsW

Reads the domain credentials from the user's credential set. (Unicode)
CredReadFn

Reads a credential from the Credential Manager.
CredReadW

Reads a credential from the user's credential set. (Unicode)
CredRenameA

CredRename is no longer supported. (ANSI)
CredRenameW

CredRename is no longer supported. (Unicode)
CredUICmdLinePromptForCredentialsA

Prompts for and accepts credential information from a user working in a command-line (console) application. The name and password typed by the user are passed back to the calling application for verification. (ANSI)
CredUICmdLinePromptForCredentialsW

Prompts for and accepts credential information from a user working in a command-line (console) application. The name and password typed by the user are passed back to the calling application for verification. (Unicode)
CredUIConfirmCredentialsA

Is called after CredUIPromptForCredentials or CredUICmdLinePromptForCredentials, to confirm the validity of the credential harvested. (ANSI)
CredUIConfirmCredentialsW

Is called after CredUIPromptForCredentials or CredUICmdLinePromptForCredentials, to confirm the validity of the credential harvested. (Unicode)
CredUIParseUserNameA

The CredUIParseUserName function extracts the domain and user account name from a fully qualified user name. (ANSI)
CredUIParseUserNameW

The CredUIParseUserName function extracts the domain and user account name from a fully qualified user name. (Unicode)
CredUIPromptForCredentialsA

Creates and displays a configurable dialog box that accepts credentials information from a user. (ANSI)
CredUIPromptForWindowsCredentialsA

Creates and displays a configurable dialog box that allows users to supply credential information by using any credential provider installed on the local computer. (ANSI)
CredUIPromptForWindowsCredentialsW

Creates and displays a configurable dialog box that allows users to supply credential information by using any credential provider installed on the local computer. (Unicode)
CredUIReadSSOCredW

The CredUIReadSSOCredW function retrieves the user name for a single logon credential.
CredUIStoreSSOCredW

The CredUIStoreSSOCredW function stores a single logon credential.
CredUnmarshalCredentialA

The CredUnmarshalCredential function transforms a marshaled credential back into its original form. (ANSI)
CredUnmarshalCredentialW

The CredUnmarshalCredential function transforms a marshaled credential back into its original form. (Unicode)
CredUnPackAuthenticationBufferA

Converts an authentication buffer returned by a call to the CredUIPromptForWindowsCredentials function into a string user name and password. (ANSI)
CredUnPackAuthenticationBufferW

Converts an authentication buffer returned by a call to the CredUIPromptForWindowsCredentials function into a string user name and password. (Unicode)
CredUnprotectA

Decrypts credentials that were previously encrypted by using the CredProtect function. (ANSI)
CredUnprotectW

Decrypts credentials that were previously encrypted by using the CredProtect function. (Unicode)
CredWriteA

Creates a new credential or modifies an existing credential in the user's credential set. (ANSI)
CredWriteDomainCredentialsA

Writes domain credentials to the user's credential set. (ANSI)
CredWriteDomainCredentialsW

Writes domain credentials to the user's credential set. (Unicode)
CredWriteFn

Writes the specified credential to the Credential Manager.
CredWriteW

Creates a new credential or modifies an existing credential in the user's credential set. (Unicode)
CryptAcquireCertificatePrivateKey

Obtains the private key for a certificate.
CryptAcquireContextA

Used to acquire a handle to a particular key container within a particular cryptographic service provider (CSP). This returned handle is used in calls to CryptoAPI functions that use the selected CSP. (ANSI)
CryptAcquireContextW

Used to acquire a handle to a particular key container within a particular cryptographic service provider (CSP). This returned handle is used in calls to CryptoAPI functions that use the selected CSP. (Unicode)
CryptBinaryToStringA

Converts an array of bytes into a formatted string. (ANSI)
CryptBinaryToStringW

Converts an array of bytes into a formatted string. (Unicode)
CryptCATAdminAcquireContext

Acquires a handle to a catalog administrator context.
CryptCATAdminAcquireContext2

Acquires a handle to a catalog administrator context for a given hash algorithm and hash policy.
CryptCATAdminAddCatalog

Adds a catalog to the catalog database.
CryptCATAdminCalcHashFromFileHandle

Calculates the hash for a file.
CryptCATAdminCalcHashFromFileHandle2

Calculates the hash for a file by using the specified algorithm.
CryptCATAdminEnumCatalogFromHash

Enumerates the catalogs that contain a specified hash.
CryptCATAdminReleaseCatalogContext

Releases a handle to a catalog context previously returned by the CryptCATAdminAddCatalog function.
CryptCATAdminReleaseContext

Releases the handle previously assigned by the CryptCATAdminAcquireContext function.
CryptCATAdminRemoveCatalog

Deletes a catalog file and removes that catalog's entry from the Windows catalog database.
CryptCATAdminResolveCatalogPath

Retrieves the fully qualified path of the specified catalog.
CryptCATCatalogInfoFromContext

Retrieves catalog information from a specified catalog context.
CryptCATCDFClose

Closes a catalog definition file (CDF) and frees the memory for the corresponding CRYPTCATCDF structure.
CryptCATCDFEnumCatAttributes

Enumerates catalog-level attributes within the CatalogHeader section of a catalog definition file (CDF).
CryptCATCDFOpen

Opens an existing catalog definition file (CDF) for reading and initializes a CRYPTCATCDF structure.
CryptCATClose

Closes a catalog handle opened previously by the CryptCATOpen function.
CryptCATEnumerateAttr

Enumerates the attributes associated with a member of a catalog. This function has no associated import library.
CryptCATEnumerateCatAttr

Enumerates the attributes associated with a catalog. This function has no associated import library.
CryptCATEnumerateMember

Enumerates the members of a catalog.
CryptCATGetAttrInfo

Retrieves information about an attribute of a member of a catalog.
CryptCATGetMemberInfo

Retrieves member information from the catalog's PKCS
CryptCATHandleFromStore

Retrieves a catalog handle from memory.
CryptCATOpen

Opens a catalog and returns a context handle to the open catalog.
CryptCATPersistStore

Saves the information in the specified catalog store to an unsigned catalog file.
CryptCATPutAttrInfo

Allocates memory for an attribute and adds it to a catalog member.
CryptCATPutCatAttrInfo

Allocates memory for a catalog file attribute and adds it to the catalog.
CryptCATPutMemberInfo

Allocates memory for a catalog member and adds it to the catalog.
CryptCATStoreFromHandle

Retrieves a CRYPTCATSTORE structure from a catalog handle.
CryptContextAddRef

Adds one to the reference count of an HCRYPTPROV cryptographic service provider (CSP) handle.
CryptCreateHash

Initiates the hashing of a stream of data. It creates and returns to the calling application a handle to a cryptographic service provider (CSP) hash object.
CryptCreateKeyIdentifierFromCSP

Important  This API is deprecated. (CryptCreateKeyIdentifierFromCSP)
CryptDecodeMessage

Decodes, decrypts, and verifies a cryptographic message.
CryptDecodeObject

The CryptDecodeObject function decodes a structure of the type indicated by the lpszStructType parameter. The use of CryptDecodeObjectEx is recommended as an API that performs the same function with significant performance improvements.
CryptDecodeObjectEx

Decodes a structure of the type indicated by the lpszStructType parameter.
CryptDecrypt

Decrypts data previously encrypted by using the CryptEncrypt function.
CryptDecryptAndVerifyMessageSignature

The CryptDecryptAndVerifyMessageSignature function decrypts a message and verifies its signature.
CryptDecryptMessage

The CryptDecryptMessage function decodes and decrypts a message.
CryptDeriveKey

Generates cryptographic session keys derived from a base data value.
CryptDestroyHash

Destroys the hash object referenced by the hHash parameter.
CryptDestroyKey

Releases the handle referenced by the hKey parameter.
CryptDuplicateHash

Makes an exact copy of a hash to the point when the duplication is done.
CryptDuplicateKey

Makes an exact copy of a key and the state of the key.
CryptEncodeObject

The CryptEncodeObject function encodes a structure of the type indicated by the value of the lpszStructType parameter. The use of CryptEncodeObjectEx is recommended as an API that performs the same function with significant performance improvements.
CryptEncodeObjectEx

Encodes a structure of the type indicated by the value of the lpszStructType parameter.
CryptEncrypt

Encrypts data. The algorithm used to encrypt the data is designated by the key held by the CSP module and is referenced by the hKey parameter.
CryptEncryptMessage

The CryptEncryptMessage function encrypts and encodes a message.
CryptEnumKeyIdentifierProperties

The CryptEnumKeyIdentifierProperties function enumerates key identifiers and their properties.
CryptEnumOIDFunction

The CryptEnumOIDFunction function enumerates the registered object identifier (OID) functions.
CryptEnumOIDInfo

Enumerates predefined and registered object identifier (OID) CRYPT_OID_INFO structures. This function enumerates either all of the predefined and registered structures or only structures identified by a selected OID group.
CryptEnumProvidersA

Important  This API is deprecated. (CryptEnumProvidersA)
CryptEnumProvidersW

Important  This API is deprecated. (CryptEnumProvidersW)
CryptEnumProviderTypesA

Retrieves the first or next types of cryptographic service provider (CSP) supported on the computer. (ANSI)
CryptEnumProviderTypesW

Retrieves the first or next types of cryptographic service provider (CSP) supported on the computer. (Unicode)
CryptExportKey

Exports a cryptographic key or a key pair from a cryptographic service provider (CSP) in a secure manner.
CryptExportPKCS8

Exports the private key in PKCS (CryptExportPKCS8)
CryptExportPKCS8Ex

Exports the private key in PKCS (CryptExportPKCS8Ex)
CryptExportPublicKeyInfo

The CryptExportPublicKeyInfo function exports the public key information associated with the corresponding private key of the provider. For an updated version of this function, see CryptExportPublicKeyInfoEx.
CryptExportPublicKeyInfoEx

Exports the public key information associated with the provider's corresponding private key.
CryptExportPublicKeyInfoFromBCryptKeyHandle

Exports the public key information associated with a provider's corresponding private key.
CryptFindCertificateKeyProvInfo

Enumerates the cryptographic providers and their containers to find the private key that corresponds to the certificate's public key.
CryptFindLocalizedName

Finds the localized name for the specified name, such as the localize name of the "Root" system store.
CryptFindOIDInfo

Retrieves the first predefined or registered CRYPT_OID_INFO structure that matches a specified key type and key. The search can be limited to object identifiers (OIDs) within a specified OID group.
CryptFormatObject

The CryptFormatObject function formats the encoded data and returns a Unicode string in the allocated buffer according to the certificate encoding type.
CryptFreeOIDFunctionAddress

The CryptFreeOIDFunctionAddress function releases a handle returned by CryptGetOIDFunctionAddress or CryptGetDefaultOIDFunctionAddress by decrementing the reference count on the function handle.
CryptGenKey

Generates a random cryptographic session key or a public/private key pair. A handle to the key or key pair is returned in phKey. This handle can then be used as needed with any CryptoAPI function that requires a key handle.
CryptGenRandom

Fills a buffer with cryptographically random bytes.
CryptGetDefaultOIDDllList

The CryptGetDefaultOIDDllList function acquires the list of the names of DLL files that contain registered default object identifier (OID) functions for a specified function set and encoding type.
CryptGetDefaultOIDFunctionAddress

The CryptGetDefaultOIDFunctionAddress function loads the DLL that contains a default function address.
CryptGetDefaultProviderA

Finds the default cryptographic service provider (CSP) of a specified provider type for the local computer or current user. (ANSI)
CryptGetDefaultProviderW

Finds the default cryptographic service provider (CSP) of a specified provider type for the local computer or current user. (Unicode)
CryptGetHashParam

Retrieves data that governs the operations of a hash object.
CryptGetKeyIdentifierProperty

The CryptGetKeyIdentifierProperty acquires a specific property from a specified key identifier.
CryptGetKeyParam

Retrieves data that governs the operations of a key.
CryptGetMessageCertificates

The CryptGetMessageCertificates function returns the handle of an open certificate store containing the message's certificates and CRLs. This function calls CertOpenStore using provider type CERT_STORE_PROV_PKCS7 as its lpszStoreProvider parameter.
CryptGetMessageSignerCount

The CryptGetMessageSignerCount function returns the number of signers of a signed message.
CryptGetObjectUrl

Acquires the URL of the remote object from a certificate, certificate trust list (CTL), or certificate revocation list (CRL).
CryptGetOIDFunctionAddress

Searches the list of registered and installed functions for an encoding type and object identifier (OID) match.
CryptGetOIDFunctionValue

The CryptGetOIDFunctionValue function queries a value associated with an OID.
CryptGetProvParam

Retrieves parameters that govern the operations of a cryptographic service provider (CSP).
CryptGetTimeValidObject

Retrieves a CRL, an OCSP response, or CTL object that is valid within a given context and time.
CryptGetUserKey

Retrieves a handle of one of a user's two public/private key pairs.
CryptHashCertificate

The CryptHashCertificate function hashes the entire encoded content of a certificate including its signature.
CryptHashCertificate2

Hashes a block of data by using a CNG hash provider.
CryptHashData

Adds data to a specified hash object.
CryptHashMessage

Creates a hash of the message.
CryptHashPublicKeyInfo

Encodes the public key information in a CERT_PUBLIC_KEY_INFO structure and computes the hash of the encoded bytes.
CryptHashSessionKey

Computes the cryptographic hash of a session key object.
CryptHashToBeSigned

Important  This API is deprecated. (CryptHashToBeSigned)
CryptImportKey

Transfers a cryptographic key from a key BLOB into a cryptographic service provider (CSP).
CryptImportPKCS8

Imports the private key in PKCS
CryptImportPublicKeyInfo

Converts and imports the public key information into the provider and returns a handle of the public key.
CryptImportPublicKeyInfoEx

Important  This API is deprecated. (CryptImportPublicKeyInfoEx)
CryptImportPublicKeyInfoEx2

Imports a public key into the CNG asymmetric provider that corresponds to the public key object identifier (OID) and returns a CNG handle to the key.
CryptInitOIDFunctionSet

The CryptInitOIDFunctionSet initializes and returns the handle of the OID function set identified by a supplied function set name.
CryptInstallDefaultContext

Installs a specific provider to be the default context provider for the specified algorithm.
CryptInstallOIDFunctionAddress

The CryptInstallOIDFunctionAddress function installs a set of callable object identifier (OID) function addresses.
CryptMemAlloc

The CryptMemAlloc function allocates memory for a buffer. It is used by all Crypt32.lib functions that return allocated buffers.
CryptMemFree

The CryptMemFree function frees memory allocated by CryptMemAlloc or CryptMemRealloc.
CryptMemRealloc

The CryptMemRealloc function frees the memory currently allocated for a buffer and allocates memory for a new buffer.
CryptMsgCalculateEncodedLength

Calculates the maximum number of bytes needed for an encoded cryptographic message given the message type, encoding parameters, and total length of the data to be encoded.
CryptMsgClose

The CryptMsgClose function closes a cryptographic message handle. At each call to this function, the reference count on the message is reduced by one. When the reference count reaches zero, the message is fully released.
CryptMsgControl

Performs a control operation after a message has been decoded by a final call to the CryptMsgUpdate function.
CryptMsgCountersign

Countersigns an existing signature in a message.
CryptMsgCountersignEncoded

Countersigns an existing PKCS
CryptMsgDuplicate

The CryptMsgDuplicate function duplicates a cryptographic message handle by incrementing its reference count.
CryptMsgEncodeAndSignCTL

The CryptMsgEncodeAndSignCTL function encodes a CTL and creates a signed message containing the encoded CTL.This function first encodes the CTL pointed to by pCtlInfo and then calls CryptMsgSignCTL to sign the encoded message.
CryptMsgGetAndVerifySigner

The CryptMsgGetAndVerifySigner function verifies a cryptographic message's signature.
CryptMsgGetParam

Acquires a message parameter after a cryptographic message has been encoded or decoded.
CryptMsgOpenToDecode

Opens a cryptographic message for decoding and returns a handle of the opened message.
CryptMsgOpenToEncode

Opens a cryptographic message for encoding and returns a handle of the opened message.
CryptMsgSignCTL

The CryptMsgSignCTL function creates a signed message containing an encoded CTL.
CryptMsgUpdate

Adds contents to a cryptographic message.
CryptMsgVerifyCountersignatureEncoded

Verifies a countersignature in terms of the SignerInfo structure (as defined by PKCS
CryptMsgVerifyCountersignatureEncodedEx

Verifies that the pbSignerInfoCounterSignature parameter contains the encrypted hash of the encryptedDigest field of the pbSignerInfo parameter structure.
CryptProtectData

Performs encryption on the data in a DATA_BLOB structure.
CryptProtectMemory

encrypts memory to prevent others from viewing sensitive information in your process.
CryptQueryObject

Retrieves information about the contents of a cryptography API object, such as a certificate, a certificate revocation list, or a certificate trust list.
CryptRegisterDefaultOIDFunction

The CryptRegisterDefaultOIDFunction registers a DLL containing the default function to be called for the specified encoding type and function name. Unlike CryptRegisterOIDFunction, the function name to be exported by the DLL cannot be overridden.
CryptRegisterOIDFunction

Registers a DLL that contains the function to be called for the specified encoding type, function name, and object identifier (OID).
CryptRegisterOIDInfo

The CryptRegisterOIDInfo function registers the OID information specified in the CRYPT_OID_INFO structure, persisting it to the registry.
CryptReleaseContext

Releases the handle of a cryptographic service provider (CSP) and a key container.
CryptRetrieveObjectByUrlA

Retrieves the public key infrastructure (PKI) object from a location specified by a URL. (ANSI)
CryptRetrieveObjectByUrlW

Retrieves the public key infrastructure (PKI) object from a location specified by a URL. (Unicode)
CryptRetrieveTimeStamp

Encodes a time stamp request and retrieves the time stamp token from a location specified by a URL to a Time Stamping Authority (TSA).
CryptSetHashParam

Customizes the operations of a hash object, including setting up initial hash contents and selecting a specific hashing algorithm.
CryptSetKeyIdentifierProperty

The CryptSetKeyIdentifierProperty function sets the property of a specified key identifier. This function can set the property on the computer identified in pwszComputerName.
CryptSetKeyParam

Customizes various aspects of a session key's operations.
CryptSetOIDFunctionValue

The CryptSetOIDFunctionValue function sets a value for the specified encoding type, function name, OID, and value name.
CryptSetProviderA

Specifies the current user's default cryptographic service provider (CSP). (ANSI)
CryptSetProviderExA

Specifies the default cryptographic service provider (CSP) of a specified provider type for the local computer or current user. (ANSI)
CryptSetProviderExW

Specifies the default cryptographic service provider (CSP) of a specified provider type for the local computer or current user. (Unicode)
CryptSetProviderW

Specifies the current user's default cryptographic service provider (CSP). (Unicode)
CryptSetProvParam

Customizes the operations of a cryptographic service provider (CSP). This function is commonly used to set a security descriptor on the key container associated with a CSP to control access to the private keys in that key container.
CryptSignAndEncodeCertificate

Encodes and signs a certificate, certificate revocation list (CRL), certificate trust list (CTL), or certificate request.
CryptSignAndEncryptMessage

The CryptSignAndEncryptMessage function creates a hash of the specified content, signs the hash, encrypts the content, hashes the encrypted contents and the signed hash, and then encodes both the encrypted content and the signed hash.
CryptSignCertificate

The CryptSignCertificate function signs the "to be signed" information in the encoded signed content.
CryptSignHashA

Signs data. (CryptSignHashA)
CryptSignHashW

Signs data. (CryptSignHashW)
CryptSignMessage

The CryptSignMessage function creates a hash of the specified content, signs the hash, and then encodes both the original message content and the signed hash.
CryptSignMessageWithKey

Signs a message by using a CSP's private key specified in the parameters.
CryptSIPAddProvider

The CryptSIPAddProvider function registers functions that are exported by a given DLL file that implements a Subject Interface Package (SIP).
CryptSIPCreateIndirectData

Returns a SIP_INDIRECT_DATA structure that contains a hash of the supplied SIP_SUBJECTINFO structure, the digest algorithm, and an encoding attribute. The hash can be used as an indirect reference to the data.
CryptSIPGetCaps

Retrieves the capabilities of a subject interface package (SIP).
CryptSIPGetSignedDataMsg

Retrieves an Authenticode signature from the file.
CryptSIPLoad

Loads the dynamic-link library (DLL) that implements a subject interface package (SIP) and assigns appropriate library export functions to a SIP_DISPATCH_INFO structure.
CryptSIPPutSignedDataMsg

Stores an Authenticode signature in the target file.
CryptSIPRemoveProvider

Removes registry details of a Subject Interface Package (SIP) DLL file added by a previous call to the CryptSIPAddProvider function.
CryptSIPRemoveSignedDataMsg

Removes a specified Authenticode signature.
CryptSIPRetrieveSubjectGuid

Retrieves a GUID based on the header information in a specified file.
CryptSIPRetrieveSubjectGuidForCatalogFile

Retrieves the subject GUID associated with the specified file.
CryptSIPVerifyIndirectData

Validates the indirect hashed data against the supplied subject.
CryptStringToBinaryA

Converts a formatted string into an array of bytes. (ANSI)
CryptStringToBinaryW

Converts a formatted string into an array of bytes. (Unicode)
CryptUIDlgCertMgr

Displays a dialog box that allows the user to manage certificates.
CryptUIDlgSelectCertificateFromStore

Displays a dialog box that allows the selection of a certificate from a specified store.
CryptUIDlgViewCertificateA

Presents a dialog box that displays a specified certificate. (ANSI)
CryptUIDlgViewCertificateW

Presents a dialog box that displays a specified certificate. (Unicode)
CryptUIDlgViewContext

Displays a certificate, CTL, or CRL context.
CryptUIWizDigitalSign

Digitally signs a document or BLOB.
CryptUIWizExport

Exports a certificate, a certificate trust list (CTL), a certificate revocation list (CRL), or a certificate store to a file.
CryptUIWizFreeDigitalSignContext

Frees the CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT structure allocated by the CryptUIWizDigitalSign function.
CryptUIWizImport

Imports a certificate, a certificate trust list (CTL), a certificate revocation list (CRL), or a certificate store to a certificate store.
CryptUninstallDefaultContext

Important  This API is deprecated. (CryptUninstallDefaultContext)
CryptUnprotectData

Decrypts and does an integrity check of the data in a DATA_BLOB structure.
CryptUnprotectMemory

Decrypts memory that was encrypted using the CryptProtectMemory function.
CryptUnregisterDefaultOIDFunction

The CryptUnregisterDefaultOIDFunction removes the registration of a DLL containing the default function to be called for the specified encoding type and function name.
CryptUnregisterOIDFunction

Removes the registration of a DLL that contains the function to be called for the specified encoding type, function name, and OID.
CryptUnregisterOIDInfo

The CryptUnregisterOIDInfo function removes the registration of a specified CRYPT_OID_INFO OID information structure. The structure to be unregistered is identified by the structure's pszOID and dwGroupId members.
CryptUpdateProtectedState

Migrates the current user's master keys after the user's security identifier (SID) has changed.
CryptVerifyCertificateSignature

Verifies the signature of a certificate, certificate revocation list (CRL), or certificate request by using the public key in a CERT_PUBLIC_KEY_INFO structure.
CryptVerifyCertificateSignatureEx

Verifies the signature of a subject certificate, certificate revocation list, certificate request, or keygen request by using the issuer's public key.
CryptVerifyDetachedMessageHash

The CryptVerifyDetachedMessageHash function verifies a detached hash.
CryptVerifyDetachedMessageSignature

The CryptVerifyDetachedMessageSignature function verifies a signed message containing a detached signature or signatures.
CryptVerifyMessageHash

The CryptVerifyMessageHash function verifies the hash of specified content.
CryptVerifyMessageSignature

Verifies a signed message's signature.
CryptVerifyMessageSignatureWithKey

Verifies a signed message's signature by using specified public key information.
CryptVerifySignatureA

Verifies the signature of a hash object. (ANSI)
CryptVerifySignatureW

Verifies the signature of a hash object. (Unicode)
CryptVerifyTimeStampSignature

Validates the time stamp signature on a specified array of bytes.
CryptXmlAddObject

Adds the Object element to the Signature in the Document Context opened for encoding.
CryptXmlClose

Closes a cryptographic XML object handle.
CryptXmlCreateReference

Creates a reference to an XML signature.
CryptXmlDigestReference

Is used by an application to digest the resolved reference. This function applies transforms before updating the digest.
CryptXmlDllCloseDigest

Frees the CRYPT_XML_DIGEST allocated by the CryptXmlDllCreateDigest function.
CryptXmlDllCreateDigest

Creates a digest object for the specified method.
CryptXmlDllCreateKey

Parses the KeyValue element and creates a Cryptography API:_Next Generation (CNG) BCrypt key handle to verify a signature.
CryptXmlDllDigestData

Puts data into the digest.
CryptXmlDllEncodeAlgorithm

Encodes SignatureMethod or DigestMethod elements for agile algorithms with default parameters.
CryptXmlDllEncodeKeyValue

Encodes a KeyValue element.
CryptXmlDllFinalizeDigest

Retrieves the digest value.
CryptXmlDllGetAlgorithmInfo

Decodes the XML algorithm and returns information about the algorithm.
CryptXmlDllGetInterface

Retrieves a pointer to the cryptographic extension functions for the specified algorithm.
CryptXmlDllSignData

Signs data. (CryptXmlDllSignData)
CryptXmlDllVerifySignature

Verifies a signature.
CryptXmlEncode

Encodes signature data by using the supplied XML writer callback function.
CryptXmlGetAlgorithmInfo

Decodes the CRYPT_XML_ALGORITHM structure and returns information about the algorithm.
CryptXmlGetDocContext

Returns the document context specified by the supplied handle.
CryptXmlGetReference

Returns the Reference element specified by the supplied handle.
CryptXmlGetSignature

Returns an XML Signature element.
CryptXmlGetStatus

Returns a CRYPT_XML_STATUS structure that contains status information about the object specified by the supplied handle.
CryptXmlGetTransforms

Returns information about the default transform chain engine.
CryptXmlImportPublicKey

Imports the public key specified by the supplied handle.
CryptXmlOpenToDecode

Opens an XML digital signature to decode and returns the handle of the document context that encapsulates a CRYPT_XML_SIGNATURE structure. The document context can include one or more Signature elements.
CryptXmlOpenToEncode

Opens an XML digital signature to encode and returns a handle of the opened Signature element. The handle encapsulates a document context with a single CRYPT_XML_SIGNATURE structure and remains open until the CryptXmlClose function is called.
CryptXmlSetHMACSecret

Sets the HMAC secret on the handle before calling the CryptXmlSign or CryptXmlVerify function.
CryptXmlSign

Creates a cryptographic signature of a SignedInfo element.
CryptXmlVerifySignature

Performs a cryptographic signature validation of a SignedInfo element.
DdqCancelDiagnosticRecordOperation

Cancels all outstanding Diagnostic Data Query API internal query operations for this session. This can be called from another thread to interrupt long running Query APIs.
DdqCloseSession

Closes a Diagnostic Data Query session handle.
DdqCreateSession

Creates a Diagnostic Data Query API session handle to be used to uniquely identify a Diagnostic Data Query session.
DdqExtractDiagnosticReport

Used for retrieving Windows Error Reporting reports, this API extracts cabs to destination path specified. If the error report does not contain any cabs, no work is performed.
DdqFreeDiagnosticRecordLocaleTags

Frees memory allocated for tag information referenced by HDIAGNOSTIC_EVENT_TAG_DESCRIPTION handle.
DdqFreeDiagnosticRecordPage

Frees memory allocated for the diagnostic record page referenced by HDIAGNOSTIC_RECORD handle.
DdqFreeDiagnosticRecordProducerCategories

Frees memory allocated for set of categories and the text representation of the categories referenced by HDIAGNOSTIC_EVENT_CATEGORY_DESCRIPTION handle.
DdqFreeDiagnosticRecordProducers

Frees memory allocated for the set of producers referenced by HDIAGNOSTIC_EVENT_PRODUCER_DESCRIPTION handle.
DdqFreeDiagnosticReport

Frees memory allocated for error reports referenced by HDIAGNOSTIC_REPORT_DATA handle.
DdqGetDiagnosticDataAccessLevelAllowed

Returns the highest available data access level for the API caller. This can be NoData, CurrentUserData or AllUserData.
DdqGetDiagnosticRecordAtIndex

Fetches diagnostic data record information at the specified index in the resource pointed to by the HDIAGNOSTIC_DATA_RECORD handle.
DdqGetDiagnosticRecordBinaryDistribution

Fetches binary name and associated estimated total upload of Diagnostic Data Events volume in bytes for top N noisiest binaries based on total estimated upload size, where N is the value passed in for topNBinaries.
DdqGetDiagnosticRecordCategoryAtIndex

Fetches a diagnostic record category at the specified index in the resource pointed to by the HDIAGNOSTIC_DATA_EVENT_CATEGORY_DESCRIPTION handle.
DdqGetDiagnosticRecordCategoryCount

Fetches the number (size) of diagnostic record categories in the resource pointed by the HDIAGNOSTIC_EVENT_CATEGORY_DESCRIPTION handle.
DdqGetDiagnosticRecordCount

Fetches number (size) of elements in the resource pointed to by the HDIAGNOSTIC_DATA_RECORD handle.
DdqGetDiagnosticRecordLocaleTagAtIndex

Fetches tag description at the specified index in the resource pointed to by the HDIAGNOSTIC_DATA_EVENT_TAG_DESCRIPTION handle.
DdqGetDiagnosticRecordLocaleTagCount

Fetches the number (size) of tags in the resource pointed to by the HDIAGNOSTIC_DATA_EVENT_TAG_DESCRIPTION handle.
DdqGetDiagnosticRecordLocaleTags

Fetches information for all known tags under the specified locale and provides a handle, HDIAGNOSTIC_EVENT_TAG_DESCRIPTION, to the data. An example locale would be “en-US”. An example return value is a DIAGNOSTIC_EVENT_TAG_DESCRIPTION resource that contains the following data: tag: 11, name: “Device Connectivity and Configuration” and description: “Data that describes the connections and configuration of the devices connected to the service and the network, including device identifiers (e.g IP addresses) configuration, setting and performance”.
DdqGetDiagnosticRecordPage

Fetches a page (batch) of filtered records. The filtering on records returned is performed internally using the input parameters DIAGNOSTIC_DATA_SEARCH_CRITERIA searchCriteria, pageRecordCount, offset and baseRowId.
DdqGetDiagnosticRecordPayload

Fetches the payload text for the event record specified by rowId.
DdqGetDiagnosticRecordProducerAtIndex

Fetches the description of a producer at the specified index in the resource pointed to by the HDIAGNOSTIC_EVENT_PRODUCER_DESCRIPTION handle.
DdqGetDiagnosticRecordProducerCategories

Producers and categories have a hierarchical relationship--that is, categories belong to producers. This function fetches the available Category IDs and text representation of categories for a given diagnostic Producer Name.
DdqGetDiagnosticRecordProducerCount

Fetches the number (size) of producers in the resource pointed to by the HDIAGNOSTIC_EVENT_PRODUCER_DESCRIPTION.
DdqGetDiagnosticRecordProducers

Fetches Diagnostic Data Producers available for a Diagnostic Data Query session.
DdqGetDiagnosticRecordStats

Fetches the filtered event transcript Diagnostic Data record stats. The filtering on statistics returned is performed using the input parameter, DIAGNOSTIC_DATA_SEARCH_CRITERIA filter. The record state describes how many records matching the search criteria are available, and returns parameters used for further querying of data. One of the uses of this API is to check if there have been changes since the last time data was queried for. A change in the output parameters indicate a change in state of the event transcript record state.
DdqGetDiagnosticRecordSummary

Fetches general statistics about the diagnostic data records, filterable by producer.
DdqGetDiagnosticRecordTagDistribution

Fetches Diagnostic Data Events per privacy tag event distribution statistics based on the specified producer names.
DdqGetDiagnosticReport

Fetches error reports uploaded or enqueued for upload from this PC via HDIAGNOSTIC_REPORT_DATA handle.
DdqGetDiagnosticReportAtIndex

Fetches an error report and its information at the specified index in the resource pointed to by the HDIAGNOSTIC_REPORT_DATA handle.
DdqGetDiagnosticReportCount

Fetches the number (size) of error reports in the resource pointed to by HDIAGNOSTIC_REPORT_DATA handle.
DdqGetDiagnosticReportStoreReportCount

Fetches the number (size) of reports stored in the requested store.
DdqGetSessionAccessLevel

Returns the data access level of the current Diagnostic Data Query session.
DdqGetTranscriptConfiguration

Gets event transcript configuration, such as maximum storage size and hours of data history.
DdqIsDiagnosticRecordSampledIn

Fetches the sampled-in state of the device for an event.
DdqSetTranscriptConfiguration

Sets event transcript configuration, such as maximum storage size and hours of data history. Note that setting the configuration will fail if the user is not elevated.
Decode

Initializes the object from a Unicode-encoded distinguished name.
Decode

Decodes an Abstract Syntax Notation One (ASN.1)-encoded alternate name extension and stores the resulting array of strings in the CertEncodeAltName object.
Decode

Decodes an Abstract Syntax Notation One (ASN.1)-encoded bit string and stores the resulting bit string in this object.
Decode

Decodes an Abstract Syntax Notation One (ASN.1)-encoded certificate revocation list (CRL) distribution information extension and stores the resulting array in the COM object.
Decode

Decodes an Abstract Syntax Notation One (ASN.1)-encoded date array and stores the resulting array of date values in the CertEncodeDateArray object.
Decode

Decodes an Abstract Syntax Notation One (ASN.1)-encoded Long array and stores the resulting array of Long values in the CertEncodeLongArray object.
Decode

Decodes an Abstract Syntax Notation One (ASN.1)-encoded string array and stores the resulting array of strings in the CertEncodeStringArray object.
DecryptChallenge

Decrypts the challenge from the Certificate Management over CMS (CMC) response and creates a re-encrypted response to send to the CA.
DecryptMessage

Decrypts a message by using Digest.
DelegateSecurityContext

Delegates the security context to the specified server.
Delete

Removes the specified identity from the identity store or the specified properties from the identity.
Delete

Deletes the policy store currently in use by the AzAuthorizationStore object.
Delete

Releases the handle of the cryptographic service provider (CSP) or the handle of the Cryptography API:_Next Generation (CNG) key storage provider (KSP) and deletes the key from disk or smart card.
DeleteAce

Deletes an access control entry (ACE) from an access control list (ACL).
DeleteApplication

Removes the IAzApplication object with the specified name from the AzAuthorizationStore object.
DeleteApplicationGroup

Removes the IAzApplicationGroup object with the specified name from the IAzApplication object.
DeleteApplicationGroup

Removes the IAzApplicationGroup object with the specified name from the AzAuthorizationStore object.
DeleteApplicationGroup

Removes the IAzApplicationGroup object with the specified name from the IAzScope object.
DeleteAppMember

Removes the specified IAzApplicationGroup object from the list of application groups that belong to this application group.
DeleteAppMember

Removes the specified IAzApplicationGroup object from the list of application groups that belong to the role.
DeleteAppNonMember

Removes the specified IAzApplicationGroup object from the list of application groups that are refused membership in this application group.
DeleteCAConfiguration

Removes a named certification authority (CA) configuration from the configuration set.
DeleteDelegatedPolicyUser

The IAzApplication::DeleteDelegatedPolicyUser method removes the specified security identifier in text form from the list of principals that act as delegated policy users.
DeleteDelegatedPolicyUser

Removes the specified security identifier (SID) in text form from the list of principals that act as delegated policy users.
DeleteDelegatedPolicyUserName

Removes the specified account name from the list of principals that act as delegated policy users. (IAzApplication.DeleteDelegatedPolicyUserName)
DeleteDelegatedPolicyUserName

Removes the specified account name from the list of principals that act as delegated policy users. (IAzAuthorizationStore.DeleteDelegatedPolicyUserName)
DeleteMember

Removes the specified security identifier (SID) in text form from the list of accounts that belong to the application group.
DeleteMember

Removes the specified security identifier (SID) in text form from the list of Windows accounts that belong to the role.
DeleteMemberName

Removes the specified account name from the list of accounts that belong to the application group.
DeleteMemberName

Removes the specified account name from the list of accounts that belong to the role.
DeleteNonMember

Removes the specified security identifier (SID) in text form from the list of accounts that are refused membership in the application group.
DeleteNonMemberName

Removes the specified account name from the list of accounts that are refused membership in the application group.
DeleteOperation

Removes the IAzOperation object with the specified name from the IAzApplication object.
DeleteOperation

Removes the IAzOperation object with the specified name from the role.
DeleteOperation

Removes the IAzOperation object with the specified name from the task.
DeletePolicyAdministrator

The DeletePolicyAdministrator method of IAzApplication removes the specified security identifier in text form from the list of principals that act as policy administrators.
DeletePolicyAdministrator

Removes the specified security identifier (SID) in text form from the list of principals that act as policy administrators.
DeletePolicyAdministrator

The DeletePolicyAdministrator method of IAzScope removes the specified security identifier in text form from the list of principals that act as policy administrators.
DeletePolicyAdministratorName

Removes the specified account name from the list of principals that act as policy administrators. (IAzApplication.DeletePolicyAdministratorName)
DeletePolicyAdministratorName

Removes the specified account name from the list of principals that act as policy administrators. (IAzAuthorizationStore.DeletePolicyAdministratorName)
DeletePolicyAdministratorName

The DeletePolicyAdministratorName method of IAzScope removes the specified account name from the list of principals that act as policy administrators.
DeletePolicyReader

The DeletePolicyReader method of IAzApplication removes the specified security identifier in text form from the list of principals that act as policy readers.
DeletePolicyReader

Removes the specified security identifier (SID) in text form from the list of principals that act as policy readers.
DeletePolicyReader

The DeletePolicyReader method of IAzScope removes the specified security identifier in text form from the list of principals that act as policy readers.
DeletePolicyReaderName

Removes the specified account name from the list of principals that act as policy readers. (IAzApplication.DeletePolicyReaderName)
DeletePolicyReaderName

Removes the specified account name from the list of principals that act as policy readers. (IAzAuthorizationStore.DeletePolicyReaderName)
DeletePolicyReaderName

The DeletePolicyReaderName method of IAzScope removes the specified account name from the list of principals that act as policy readers.
DeleteProperty

Removes a named property from a property set.
DeletePropertyItem

Removes the specified principal from the specified list of principals. (IAzApplication.DeletePropertyItem)
DeletePropertyItem

Removes the specified entity from the specified list. (IAzApplicationGroup.DeletePropertyItem)
DeletePropertyItem

Removes the specified principal from the specified list of principals. (IAzAuthorizationStore.DeletePropertyItem)
DeletePropertyItem

Removes the specified entity from the specified list. (IAzRole.DeletePropertyItem)
DeletePropertyItem

Removes the specified principal from the specified list of principals. (IAzScope.DeletePropertyItem)
DeletePropertyItem

Removes the specified entity from the specified list. (IAzTask.DeletePropertyItem)
DeleteRequest

Delete any certificates or keys created for the request.
DeleteRole

Removes the IAzRole object with the specified name from the IAzApplication object.
DeleteRole

Removes the IAzRole object with the specified name from the IAzScope object.
DeleteRoleAssignment

Removes the specified IAzRoleAssignment object from the IAzApplication3 object.
DeleteRoleAssignment

Removes the specified IAzRoleAssignment object from this scope.
DeleteRoleDefinition

Removes the specified IAzRoleDefinition object from the IAzApplication3 object.
DeleteRoleDefinition

Removes the IAzRoleDefinition object with the specified name from this IAzRoleAssignment object.
DeleteRoleDefinition

Removes the IAzRoleDefinition object with the specified name from this IAzRoleDefinition object.
DeleteRoleDefinition

Removes the specified IAzRoleDefinition object from this scope.
DeleteRow

The DeleteRow method deletes a row or set of rows from a database table. The caller specifies a database table and either a row ID or an ending date.
DeleteScope

Removes the IAzScope object with the specified name from the IAzApplication object.
DeleteScope2

Removes the specified IAzScope2 object from the IAzApplication3 object.
DeleteSecurityContext

Deletes the local data structures associated with the specified security context initiated by a previous call to the InitializeSecurityContext (General) function or the AcceptSecurityContext (General) function.
DeleteSecurityPackageA

Deletes a security support provider from the list of providers supported by Microsoft Negotiate. (ANSI)
DeleteSecurityPackageW

Deletes a security support provider from the list of providers supported by Microsoft Negotiate. (Unicode)
DeleteService

Marks the specified service for deletion from the service control manager database.
DeleteTask

Removes the IAzTask object with the specified name from the IAzApplication object.
DeleteTask

Removes the IAzTask object with the specified name from the role.
DeleteTask

Removes the IAzTask object with the specified name from the IAzScope object.
DeleteTask

Removes the IAzTask object with the specified name from the task.
DenyRequest

Denies a specified certificate request that is pending.
DeriveCapabilitySidsFromName

This function constructs two arrays of SIDs out of a capability name. One is an array group SID with NT Authority, and the other is an array of capability SIDs with AppAuthority.
DestroyPrivateObjectSecurity

Deletes a private object's security descriptor.
DestroyVirtualSmartCard

Destroys the TPM virtual smart card that has the given instance ID.
DisassociateIdentity

Disassociates the specified identity from a local user account.
DisconnectIdentity

Disconnects an online identity from the current domain user.
DSCreateISecurityInfoObject

Creates an instance of the ISecurityInformation interface associated with the specified directory service (DS) object.
DSCreateISecurityInfoObjectEx

Creates an instance of the ISecurityInformation interface associated with the specified directory service (DS) object on the specified server.
DSCreateSecurityPage

Creates a security property page for an Active Directory object.
DSEditSecurity

Displays a modal dialog box for editing security on a Directory Services (DS) object.
DuplicateToken

Creates a new access token that duplicates one already in existence.
DuplicateTokenEx

Creates a new access token that duplicates an existing token. This function can create either a primary token or an impersonation token.
EditSecurity

Displays a property sheet that contains a basic security property page. This property page enables the user to view and edit the access rights allowed or denied by the ACEs in an object's DACL.
EditSecurityAdvanced

Extends the EditSecurity function to include the security page type when displaying the property sheet that contains a basic security property page.
Encode

Initializes the object from a string that contains a distinguished name.
Encode

Signs and encodes a certificate request and creates a key pair if one does not exist.
Encode

Returns an ASN.1-encoded string of the alternate name array stored in this object. The names in the object are not encoded.
Encode

Performs Abstract Syntax Notation One (ASN.1) encoding on a given bit string.
Encode

Performs Abstract Syntax Notation One (ASN.1) encoding on a certificate revocation list (CRL) distribution information array stored in the COM object and returns the ASN.1-encoded extension.
Encode

Returns an Abstract Syntax Notation One (ASN.1)-encoded string of the date array stored in this object.
Encode

Returns an ASN.1-encoded string of the LONG array stored in this object.
Encode

Returns an ASN.1-encoded string of the string array stored in this object.
EncryptMessage

Encrypts a message to provide privacy by using Digest.
Enroll

Encodes a request, submits it to an appropriate certification authority (CA), and installs the response.
Enroll

Enrolls a certificate request and retrieves the issued certificate.
EnumAlgs

The ICEnroll4::EnumAlgs method retrieves the IDs of cryptographic algorithms in a given algorithm class that are supported by the current cryptographic service provider (CSP).
EnumAlgs

Retrieves the IDs of cryptographic algorithms in a given algorithm class that are supported by the current cryptographic service provider (CSP).
EnumCertViewAttribute

Obtains an instance of an attribute-enumeration sequence for the current row of the row-enumeration sequence.
EnumCertViewColumn

Obtains an instance of a column-enumeration sequence for the database schema.
EnumCertViewColumn

Obtains an instance of a column-enumeration sequence for the current row of the row-enumeration sequence.
EnumCertViewExtension

Obtains an instance of an extension-enumeration sequence for the current row of the row-enumeration sequence.
enumContainers

Retrieves the names of containers for the cryptographic service provider (CSP) specified by the ProviderName property. This method was first defined in the ICEnroll interface.
enumContainersWStr

Retrieves the names of containers for the cryptographic service provider (CSP) specified by the ProviderNameWStr property.
EnumDependentServicesA

Retrieves the name and status of each service that depends on the specified service. (ANSI)
EnumDependentServicesW

Retrieves the name and status of each service that depends on the specified service. (Unicode)
EnumerateAttributes

Returns the name of the next request attribute within the current context, then increments the internal pointer to the following attribute.
EnumerateAttributes

Retrieves the name of the current attribute and moves the internal enumeration pointer to the next attribute.
EnumerateAttributesClose

Frees any resources connected with attribute enumeration.
EnumerateAttributesClose

Frees the resources connected with attribute enumeration.
EnumerateAttributesSetup

Initializes the internal enumeration pointer to the first request attribute associated with the current context. (ICertServerExit.EnumerateAttributesSetup)
EnumerateAttributesSetup

Initializes the internal enumeration pointer to the first request attribute associated with the current context. (ICertServerPolicy.EnumerateAttributesSetup)
EnumerateExtensions

Returns the object identifier (OID) string (also known as the extension name) of the next certificate extension to be enumerated, then increments the internal pointer to the following extension.
EnumerateExtensions

Retrieves the object identifier (OID) of the current extension and moves the internal enumeration pointer to the next extension.
EnumerateExtensionsClose

Frees any resources connected with extension enumeration.
EnumerateExtensionsClose

Frees the resources connected with extension enumeration.
EnumerateExtensionsSetup

Initializes the internal enumeration pointer to the first certificate extension associated with the current context. (ICertServerExit.EnumerateExtensionsSetup)
EnumerateExtensionsSetup

Initializes the internal enumeration pointer to the first certificate extension associated with the current context. (ICertServerPolicy.EnumerateExtensionsSetup)
EnumerateIdentities

Gets a pointer to an IEnumUnknown interface pointer that can be used to enumerate identities across identity providers.
EnumerateSecurityPackagesA

Returns an array of SecPkgInfo structures that provide information about the security packages available to the client. (ANSI)
EnumerateSecurityPackagesW

Returns an array of SecPkgInfo structures that provide information about the security packages available to the client. (Unicode)
enumPendingRequest

Enumerates pending certificate requests and retrieves a specified property from each. This method was first defined in the ICEnroll4 interface.
enumPendingRequestWStr

Enumerates pending certificate requests and retrieves a specified property from each.
enumProviders

Retrieves the names of the available cryptographic service providers (CSPs) specified by the ProviderType property. This method was first defined in the ICEnroll interface.
enumProvidersWStr

The IEnroll4::enumProvidersWStr method retrieves the names of the available cryptographic service providers (CSPs) specified by the ProviderType property.
EnumServicesStatusA

Enumerates services in the specified service control manager database. The name and status of each service are provided. (ANSI)
EnumServicesStatusExA

Enumerates services in the specified service control manager database. The name and status of each service are provided, along with additional data based on the specified information level. (ANSI)
EnumServicesStatusExW

Enumerates services in the specified service control manager database. The name and status of each service are provided, along with additional data based on the specified information level. (Unicode)
EnumServicesStatusW

Enumerates services in the specified service control manager database. The name and status of each service are provided. (Unicode)
EqualDomainSid

Determines whether two SIDs are from the same domain.
EqualPrefixSid

Tests two security-identifier (SID) prefix values for equality. A SID prefix is the entire SID except for the last subauthority value.
EqualSid

Tests two security identifier (SID) values for equality. Two SIDs must match exactly to be considered equal.
Export

Exports templates and object identifiers associated with the certificate enrollment policy (CEP) server to a buffer.
Export

Copies the private key to a byte array.
ExportPublicKey

Exports the endorsement public key.
ExportPublicKey

Exports the public key portion of the asymmetric key pair.
ExportSecurityContext

The ExportSecurityContext function creates a serialized representation of a security context that can later be imported into a different process by calling ImportSecurityContext.
Find

Retrieves the index number of an ISignerCertificate object.
FindByUniqueID

Retrieves a pointer to the IPropertyStore interface instance associated with the specified identity.
FindFirstFreeAce

Retrieves a pointer to the first free byte in an access control list (ACL).
FreeBuffer

The FreeBuffer method frees memory allocated by the Security Configuration snap-in.
FreeBuffer

The FreeBuffer method frees memory allocated by the attachment snap-in extension.
FreeContextBuffer

Enables callers of security package functions to free memory buffers allocated by the security package.
FreeCredentialsHandle

Notifies the security system that the credentials are no longer needed.
FreeInheritedFromArray

Frees memory allocated by the GetInheritanceSource function.
freeRequestInfo

Releases session identifiers when they are no longer needed.
freeRequestInfoBlob

The freeRequestInfoBlob method deletes a certificate context. This method was first defined in the IEnroll interface.
FreeSid

Frees a security identifier (SID) previously allocated by using the AllocateAndInitializeSid function.
GenerateChallenge

Performs the policy decision whether to issue a challenge password to the SCEP client.
get__NewEnum

Retrieves an IEnumVARIANT interface on an object that can be used to enumerate the collection. This property is hidden within Visual Basic and Visual Basic Scripting Edition (VBScript). (IAzApplicationGroups.get__NewEnum)
get__NewEnum

Retrieves an IEnumVARIANT interface on an object that can be used to enumerate the collection. This property is hidden within Visual Basic and Visual Basic Scripting Edition (VBScript). (IAzApplications.get__NewEnum)
get__NewEnum

The _NewEnum property of IAzOperations retrieves an IEnumVARIANT interface on an object that can be used to enumerate the collection. This property is hidden within Visual Basic and Visual Basic Scripting Edition (VBScript).
get__NewEnum

Retrieves an IEnumVARIANT interface on an object that can be used to enumerate the IAzRoleAssignments collection. This property is hidden within Visual Basic and Visual Basic Scripting Edition (VBScript).
get__NewEnum

Retrieves an IEnumVARIANT interface on an object that can be used to enumerate the IAzRoleDefinitions collection. This property is hidden within Visual Basic and Visual Basic Scripting Edition (VBScript).
get__NewEnum

The _NewEnum property of IAzRoles retrieves an IEnumVARIANT interface on an object that can be used to enumerate the collection. This property is hidden within Visual Basic and Visual Basic Scripting Edition (VBScript).
get__NewEnum

The _NewEnum property of IAzScopes retrieves an IEnumVARIANT interface on an object that can be used to enumerate the collection. This property is hidden within Visual Basic and Visual Basic Scripting Edition (VBScript).
get__NewEnum

The _NewEnum property of IAzTasks retrieves an IEnumVARIANT interface on an object that can be used to enumerate the collection. This property is hidden within Visual Basic and Visual Basic Scripting Edition (VBScript).
get__NewEnum

Retrieves the enumerator for the collection. (IAlternativeNames.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (ICertificatePolicies.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (ICertificationAuthorities.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (ICertProperties.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (ICryptAttributes.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (ICspAlgorithms.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (ICspInformations.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (ICspStatuses.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (IObjectIds.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (IPolicyQualifiers.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (ISignerCertificates.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (ISmimeCapabilities.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (IX509Attributes.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (IX509CertificateTemplates.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (IX509Extensions.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (IX509NameValuePairs.get__NewEnum)
get__NewEnum

Retrieves the enumerator for the collection. (IX509PolicyServerListManager.get__NewEnum)
get__NewEnum

Gets an enumerator for the information set.
get__NewEnum

Gets an enumerator for the configuration set.
get__NewEnum

Gets an enumerator for a property set.
get_Algorithm

Specifies or retrieves an object identifier (OID) for the public key algorithm. (Get)
get_Algorithm

Retrieves an object identifier (OID) for the public key algorithm.
get_AlternateSignatureAlgorithm

Specifies and retrieves a Boolean value that indicates whether the signature algorithm object identifier (OID) for a PKCS (Get)
get_AlternateSignatureAlgorithm

Specifies and retrieves a Boolean value that specifies whether the GetSignatureAlgorithm method should retrieve a discrete or combined algorithm object identifier (OID) for a PKCS (Get)
get_AlternateSignatureAlgorithmSet

Retrieves a Boolean value that specifies whether the AlternateSignatureAlgorithm property has been explicitly set by a caller.
get_AlternativeNames

Retrieves a collection of subject alternative names.
get_ApplicationData

Sets or retrieves an opaque field that can be used by the application to store information. (IAzApplication.get_ApplicationData)
get_ApplicationData

Sets or retrieves an opaque field that can be used by the application to store information. (IAzAuthorizationStore.get_ApplicationData)
get_ApplicationData

The ApplicationData property of IAzOperation sets or retrieves an opaque field that can be used by the application to store information. (Get)
get_ApplicationData

The ApplicationData property of IAzRole sets or retrieves an opaque field that can be used by the application to store information. (Get)
get_ApplicationData

The ApplicationData property of IAzScope sets or retrieves an opaque field that can be used by the application to store information. (Get)
get_ApplicationData

The ApplicationData property of IAzTask sets or retrieves an opaque field that can be used by the application to store information. (Get)
get_ApplicationGroups

Retrieves an IAzApplicationGroups object that is used to enumerate IAzApplicationGroup objects from the policy data. (IAzApplication.get_ApplicationGroups)
get_ApplicationGroups

Retrieves an IAzApplicationGroups object that is used to enumerate IAzApplicationGroup objects from the policy data. (IAzAuthorizationStore.get_ApplicationGroups)
get_ApplicationGroups

Retrieves an IAzApplicationGroups object that is used to enumerate IAzApplicationGroup objects from the policy data. (IAzScope.get_ApplicationGroups)
get_Applications

Retrieves an IAzApplications object that is used to enumerate IAzApplication objects from the policy store.
get_ApplyStoreSacl

Sets or retrieves a value that indicates whether policy audits should be generated when the authorization store is modified. (IAzApplication.get_ApplyStoreSacl)
get_ApplyStoreSacl

Sets or retrieves a value that indicates whether policy audits should be generated when the authorization store is modified. (IAzAuthorizationStore.get_ApplyStoreSacl)
get_AppMembers

Retrieves the application groups that belong to this application group.
get_AppMembers

Retrieves the application groups that belong to the role.
get_AppNonMembers

Retrieves the application groups that are refused membership in this application group.
get_Archived

Retrieves a Boolean value that specifies whether the certificate has been archived.
get_ArchivedKeyHash

Retrieves a SHA-1 hash of the private key.
get_ArchivePrivateKey

Specifies or retrieves a Boolean value that indicates whether to archive a private key on the certification authority (CA). (Get)
get_AttestationEncryptionCertificate

The certificate used to encrypt the EKPUB and EKCERT values from the client. This property must be set to a valid certificate that chains to a trusted machine root. (Get)
get_AttestPrivateKey

True if the created private key needs to be attested; otherwise false. If true, it is expected that the AttestationEncryptionCertificate property has been set. (Get)
get_AuthFlags

Specifies and retrieves a value that indicates the authentication type used by the client to authenticate itself to the certificate enrollment policy (CEP) server. (Get)
get_AuthorityKeyIdentifier

Retrieves a byte array that contains the extension value. (IX509ExtensionAuthorityKeyIdentifier.get_AuthorityKeyIdentifier)
get_AuthzInterfaceClsid

Sets or retrieves the class identifier (CLSID) of the interface that the user interface (UI) uses to perform application-specific operations. (Get)
get_BackedUpTime

Retrieves the date and time at which the certificate was backed up.
get_BackedUpValue

Retrieves a Boolean value that identifies whether the certificate was backed up.
get_BitCount

Retrieves the length, in bits, of the encryption key.
get_BizRule

Gets or sets the script that determines membership for this application group. (Get)
get_BizRule

Sets or retrieves the text of the script that implements the business rule (BizRule). (Get)
get_BizRuleImportedPath

Gets or sets the path of the file that contains the business rule script associated with this application group. (Get)
get_BizRuleImportedPath

Sets or retrieves the path to the file from which the business rule (BizRule) is imported. (Get)
get_BizRuleInterfaces

Gets the collection of IDispatch interfaces that can be called by the business rule (BizRule) script associated with this client context.
get_BizRuleLanguage

Gets or sets the programming language of the business rule script associated with this application group. (Get)
get_BizRuleLanguage

Sets or retrieves the scripting language in which the business rule (BizRule) is implemented. (Get)
get_BizRuleParameters

Gets the collection of parameters that can be passed by the business rule (BizRule) script associated with this client context.
get_BizRulesEnabled

Gets or sets a value that indicates whether business rules are enabled for this application. (Get)
get_BizrulesWritable

Retrieves a value that indicates whether a non-delegated scope is writable.
get_BusinessRuleString

Sets or retrieves an application-specific string for the Business Rule (BizRule). (Get)
get_CACertificate

Gets an X.509 certificate that has been encoded by using Distinguished Encoding Rules (DER) and that is for a certification authority (CA).
get_CAConfig

Gets or sets a certification authority (CA) name with which a signing certificate must be signed. (Get)
get_CAConfigString

Retrieves the configuration string that identifies the certification authority (CA) to which the certificate request was submitted.
get_CADnsName

Retrieves the Domain Naming System (DNS) name of the certification authority (CA).
get_CAErrorId

Gets the ID for additional error information related to a failed certification authority (CA) specification.
get_CAErrorString

Gets the string data for additional error information related to a failed certification authority (CA) specification.
get_CAName

Retrieves the common name (CN) of the certification authority (CA).
get_CanBeDelegated

Retrieves a value that indicates whether the scope can be delegated.
get_CAStoreFlags

Sets or retrieves a flag that controls the certification authority (CA) store when the store is opened. (Get)
get_CAStoreFlags

The CAStoreFlags property of IEnroll4 sets or retrieves a flag that controls the certification authority (CA) store when the store is opened. (Get)
get_CAStoreName

Sets or retrieves the name of the store where all non-"ROOT" and non-"MY" certificates are kept. (Get)
get_CAStoreNameWStr

The CAStoreNameWStr property of IEnroll4 sets or retrieves the name of the store where all non-"ROOT" and non-"MY" certificates are kept. (Get)
get_CAStoreType

Sets or retrieves the type of store to use for the store specified by the CAStoreName property. (Get)
get_CAStoreTypeWStr

Sets or retrieves the type of store to use for the store specified by the CAStoreNameWStr property. (Get)
get_Certificate

Retrieves a Distinguished Encoding Rules (DER) encoded byte array that contains the certificate.
get_Certificate

Retrieves the installed certificate.
get_Certificate

Specifies or retrieves a byte array that contains the certificate associated with the private key. (Get)
get_Certificate

Gets the certificate for the request.
get_CertificateDescription

Specifies or retrieves a string that contains a description of the certificate. (Get)
get_CertificateFriendlyName

Specifies or retrieves the display name of a certificate. (Get)
get_CertificateFriendlyName

Gets or sets the friendly name for the certificate. (Get)
get_ChallengePassword

The password to use when creating a request with a challenge. To create a request without a challenge, do not set the ChallengePassword property. (Get)
get_ClientId

Retrieves the type of client application that generated the request.
get_ClientId

Specifies and retrieves a value that identifies the executable that created the request. (Get)
get_ClientId

Sets or retrieves a client ID request attribute. The client ID request attribute indicates the source of the certificate request. This property was first defined in the ICEnroll4 interface. (Get)
get_ClientId

The ClientId property sets or retrieves a client ID request attribute. The client ID request attribute indicates the source of the certificate request. This property was first defined in the IEnroll4 interface. (Get)
get_ContainerName

Specifies or retrieves the name of the key container. (Get)
get_ContainerName

Gets or sets the name used by the cryptographic service provider (CSP) to generate, store, or access the key. (Get)
get_ContainerName

The ContainerName property of ICEnroll4 sets or retrieves the name of the key container to use. (Get)
get_ContainerNamePrefix

Specifies or retrieves a prefix added to the name of the key container. (Get)
get_ContainerNameWStr

Sets or retrieves the name of the key container to use. (Get)
get_Cost

Specifies and retrieves an arbitrary cost for contacting the certificate enrollment policy server. (IX509EnrollmentPolicyServer.get_Cost)
get_Cost

Specifies and retrieves an arbitrary cost for contacting the certificate enrollment policy server. (IX509PolicyServerUrl.get_Cost)
get_Count

Retrieves the number of IAzApplicationGroup objects in the collection.
get_Count

Retrieves the number of IAzApplication objects in the collection.
get_Count

Specifies the number of interfaces that can be called by business rule (BizRule) scripts.
get_Count

Gets the number of parameters available to business rule (BizRule) scripts.
get_Count

Retrieves the number of IAzOperation objects in the collection.
get_Count

Retrieves the number of IAzRoleAssignments objects in the collection.
get_Count

Retrieves the number of IAzRoleDefinitions objects in the collection.
get_Count

Retrieves the number of IAzRole objects in the collection.
get_Count

Retrieves the number of IAzScope objects in the collection.
get_Count

Retrieves the number of IAzTask objects in the collection.
get_Count

Retrieves the number of objects in the collection. (IAlternativeNames.get_Count)
get_Count

Retrieves the number of objects in the collection. (ICertificatePolicies.get_Count)
get_Count

Retrieves the number of ICertificationAuthority objects in the collection.
get_Count

Retrieves the number of properties in the collection.
get_Count

Retrieves the number of ICryptAttribute objects in the collection.
get_Count

Retrieves the number of ICspAlgorithm objects in the collection.
get_Count

Retrieves the number of ICspInformation objects in the collection.
get_Count

Retrieves the number of ICspStatus objects in the collection.
get_Count

Retrieves the number of objects in the collection. (IObjectIds.get_Count)
get_Count

Retrieves the number of objects in the collection. (IPolicyQualifiers.get_Count)
get_Count

Retrieves the number of ISignerCertificate objects in the collection.
get_Count

Retrieves the number of objects in the collection. (ISmimeCapabilities.get_Count)
get_Count

Retrieves the number of IX509Attribute objects in the collection.
get_Count

Retrieves the number of IX509CertificateTemplate objects in the collection.
get_Count

Retrieves the number of IX509Extension objects in the collection.
get_Count

Retrieves the number of IX509NameValuePair objects in the collection.
get_Count

Retrieves the number of IX509PolicyServerUrl objects in the collection.
get_Count

Gets the number of ICertSrvSetupKeyInformation objects in the collection.
get_Count

Gets the number of certification authority (CA) configurations in the configuration set.
get_Count

Gets the number of properties in a property set.
get_Critical

Specifies and retrieves a Boolean value that identifies whether the certificate extension is critical. (Get)
get_CriticalExtensions

Retrieves an IObjectIds collection that identifies the version 3 certificate extensions marked as critical. (IX509CertificateRequestCmc.get_CriticalExtensions)
get_CriticalExtensions

Retrieves an IObjectIds collection that identifies the version 3 certificate extensions marked as critical. (IX509CertificateRequestPkcs10.get_CriticalExtensions)
get_CryptAttributes

Retrieves an ICryptAttributes collection of optional certificate attributes. (IX509CertificateRequestCmc.get_CryptAttributes)
get_CryptAttributes

Retrieves an ICryptAttributes collection of optional certificate attributes. (IX509CertificateRequestPkcs10.get_CryptAttributes)
get_CspAlgorithm

Retrieves an ICspAlgorithm object that contains information about an algorithm supported by the provider.
get_CspAlgorithms

Retrieves a collection of ICspAlgorithm interfaces that contain information about the algorithms supported by the provider.
get_CspInformation

Retrieves an ICspInformation object that contains general information about the provider.
get_CspInformations

Specifies and retrieves a collection of cryptographic providers available for use by the request object. (Get)
get_CspInformations

Specifies or retrieves a collection of ICspInformation objects that contain information about the available cryptographic providers that support the public key algorithm associated with the private key. (Get)
get_CSPName

Gets a cryptographic service provider (CSP) or key storage provider (KSP) name.
get_CspStatus

Specifies or retrieves an ICspStatus object that contains information about the cryptographic provider and algorithm pair associated with the private key. (Get)
get_CspStatuses

Retrieves a collection of ICspStatus objects that matches the intended use of the private key associated with the certificate request.
get_Default

Specifies and retrieves a Boolean value that indicates whether this is the default certificate enrollment policy (CEP) server. (Get)
get_DefaultContainer

Retrieves a Boolean value that specifies whether the private key represents the default key container.
get_DefaultLength

Retrieves the default length of a key.
get_DelegatedPolicyUsers

Retrieves the security identifiers (SIDs), in text form, of principals that act as delegated policy users.
get_DelegatedPolicyUsers

Retrieves the security identifiers (SIDs) of principals that act as delegated policy users in text form.
get_DelegatedPolicyUsersName

The DelegatedPolicyUsersName property of IAzApplication retrieves the account names of principals that act as delegated policy users.
get_DelegatedPolicyUsersName

Retrieves the account names of principals that act as delegated policy users.
get_DeleteRequestCert

Sets or retrieves a Boolean value that determines whether dummy certificates in the request store are deleted. (Get)
get_DeleteRequestCert

The DeleteRequestCert property of IEnroll4 sets or retrieves a Boolean value that determines whether dummy certificates in the request store are deleted. (Get)
get_Description

Sets or retrieves a comment that describes the application. (Get)
get_Description

Sets or retrieves a comment that describes the application group. (Get)
get_Description

Sets or retrieves a comment that describes the operation. (Get)
get_Description

The Description property of IAzOperation sets or retrieves a comment that describes the operation. (Get)
get_Description

Sets or retrieves a comment that describes the role. (Get)
get_Description

Sets or retrieves a comment that describes the scope. (Get)
get_Description

Sets or retrieves a comment that describes the task. (Get)
get_Description

Retrieves a description of the certificate.
get_Description

Specifies or retrieves a string that contains a description of the private key. (Get)
get_Display

Specifies or retrieves a value that indicates whether to display the status information in a user interface. (Get)
get_DisplayName

Retrieves a string that contains the name of the provider, the algorithm name, and the operations that can be performed by the algorithm.
get_DomainTimeout

Sets or retrieves the time in milliseconds after which a domain is determined to be unreachable. (Get)
get_EnableSMIMECapabilities

The ICEnroll4::EnableSMIMECapabilities property controls whether the PKCS (Get)
get_EnableSMIMECapabilities

Controls whether the PKCS (Get)
get_EnableT61DNEncoding

The EnableT61DNEncoding property of ICEnroll4 sets or retrieves a Boolean value that determines whether the distinguished name in the request is encoded as a T61 string instead of as a Unicode string. (Get)
get_EnableT61DNEncoding

Sets or retrieves a Boolean value that determines whether the distinguished name in the request is encoded as a T61 string instead of as a Unicode string. (Get)
get_EncodedKey

Retrieves a byte array that contains the public key.
get_EncodedName

Retrieves a Unicode-encoded distinguished name.
get_EncodedParameters

Retrieves a byte array that contains the parameters associated with the public key algorithm.
get_EncryptedKeyBlob

Retrieves a byte array that contains the encrypted key.
get_EncryptedKeyHash

Retrieves a hash of the private key to be archived.
get_EncryptedKeyHashBlob

Retrieves a string that contains a hash of the encrypted private key.
get_EncryptionAlgorithm

Retrieves the object identifier (OID) of the symmetric encryption algorithm used to encrypt the private key.
get_EncryptionAlgorithm

Specifies or retrieves an object identifier (OID) of the algorithm used to encrypt the private key to be archived. (Get)
get_EncryptionAlgorithm

The encryption algorithm used to encrypt the EKPUB and EKCERT values from the client. (Get)
get_EncryptionStrength

Retrieves an integer that contains the encryption strength of the symmetric algorithm used to encrypt the key.
get_EncryptionStrength

Specifies or retrieves the relative encryption level applied to the private key to be archived. (Get)
get_EncryptionStrength

Identifies the bit length for the EncryptionAlgorithm to use for encryption. If the EncryptionAlgorithm only supports one bit length, then you do not need to specify a value for the EncryptionStrength property. (Get)
get_EnhancedKeyUsage

Retrieves a collection of key usage object identifiers (OIDs).
get_EnrollmentContext

Retrieves a value that specifies whether the certificate is intended for a computer or a user.
get_EnrollmentContext

Retrieves an enrollment context that identifies whether the certificate is intended for a computer or an end-user.
get_EnrollmentStatus

Retrieves an IX509EnrollmentStatus object that contains information about the certificate enrollment.
get_Error

Specifies and retrieves a value that identifies the error status of the certificate enrollment process. (Get)
get_ErrorCode

Gets a code that identifies an error condition in a CA configuration.
get_ErrorString

Retrieves a string that contains additional information about Certificate Enrollment Policy (CEP) Web Service setup failure.
get_ErrorString

Retrieves a string that contains additional information about Certificate Enrollment Web Service (CES) setup failure.
get_ErrorText

Retrieves a string that contains the message associated with the error result code returned by the Error property.
get_Existing

Specifies or retrieves a Boolean value that indicates whether the private key has been created or imported. (Get)
get_Existing

Gets or sets a value that indicates whether the private key already exists. (Get)
get_ExistingCACertificate

Gets or sets the binary value that has been encoded by using Distinguished Encoding Rules (DER) and that is the binary value of the certification authority (CA) certificate that corresponds to an existing key. (Get)
get_ExportPolicy

Specifies or retrieves export constraints for a private key. (Get)
get_FailInfo

Gets information when the ProcessResponseMessage method detects a failed environment.
get_Flags

Specifies or retrieves a value that indicates whether the certificate enrollment policy (CEP) server policy information can be loaded from group policy, from the registry, or both. (Get)
get_FriendlyName

Retrieves the display name of the certificate. (ICertPropertyEnrollment.get_FriendlyName)
get_FriendlyName

Retrieves the display name of the certificate. (ICertPropertyFriendlyName.get_FriendlyName)
get_FriendlyName

Specifies and retrieves a display name for the object identifier. (Get)
get_FriendlyName

Specifies or retrieves a display name for the private key. (Get)
get_GenerateAudits

The GenerateAudits property of IAzApplication sets or retrieves a value that indicates whether run-time audits should be generated. (Get)
get_GenerateAudits

Sets or retrieves a value that indicates whether run-time audits should be generated. (Get)
get_GenKeyFlags

Sets or retrieves the values passed to the CryptGenKey function when the certificate request is generated. (Get)
get_GenKeyFlags

Sets or retrieves the values passed to CryptGenKey when the certificate request is generated. (Get)
get_HashAlgID

Sets or retrieves the hash algorithm used when signing a PKCS (Get)
get_HashAlgID

The HashAlgID property of IEnroll4 sets or retrieves the hash algorithm used when signing a PKCS (Get)
get_HashAlgorithm

Specifies and retrieves the object identifier (OID) of the hash algorithm used to sign the certificate request. (Get)
get_HashAlgorithm

Specifies and retrieves an object identifier (OID) for the hashing algorithm used in the GetSignatureAlgorithm method. (Get)
get_HashAlgorithm

Gets or sets the name of the hashing algorithm used to sign or verify the certification authority (CA) certificate for the key. (Get)
get_HashAlgorithm

Sets or retrieves only the signature hashing algorithm used to sign the PKCS (ICEnroll.get_HashAlgorithm)
get_HashAlgorithm

Gets or sets an identifier for the hash algorithm used to sign a certificate. (Get)
get_HashAlgorithmWStr

Sets or retrieves only the signature hashing algorithm used to sign the PKCS (IEnroll.get_HashAlgorithmWStr)
get_HasHardwareRandomNumberGenerator

Retrieves a Boolean value that specifies whether the provider supports a hardware random number generator that can be used to create random bytes for cryptographic operations.
get_Identifier

Gets a name for the certification authority (CA) configuration.
get_IncludeSubjectKeyID

Determines whether the subject key ID extension is added to the certificate request that is generated. (Get)
get_IncludeSubjectKeyID

The IncludeSubjectKeyID property of IEnroll4 determines whether the subject key ID extension is added to the certificate request that is generated. (Get)
get_IncrementLength

Retrieves a value, in bits, that can be used to determine valid incremental key lengths for algorithms that support multiple key sizes.
get_IndexByObjectId

Retrieves the index of an attribute by object identifier (OID).
get_IndexByObjectId

Retrieves the index of an ICspAlgorithm object by object identifier (OID).
get_IndexByObjectId

Retrieves the index of an extension in the collection by object identifier (OID).
get_IsCA

Retrieves a Boolean value that identifies whether the subject of the certificate is a certification authority (CA).
get_IsHardwareDevice

Retrieves a Boolean value that determines whether the provider is implemented in a hardware device.
get_IsRemovable

Retrieves a Boolean value that specifies whether the token that contains the key can be removed.
get_IsRoleDefinition

Sets or retrieves a value that indicates whether the task is a role definition. (Get)
get_IsSmartCard

Retrieves a Boolean value that specifies whether the provider is a smart card provider.
get_IsSoftwareDevice

Retrieves a Boolean value that specifies whether the provider is implemented in software.
get_Issuer

Specifies or retrieves the name of the certificate issuer. (Get)
get_Item

Retrieves the IAzApplicationGroup object at the specified index into the IAzApplicationGroups collection.
get_Item

Retrieves the IAzApplication object at the specified index into the IAzApplications collection.
get_Item

Retrieves the IAzOperation object at the specified index into the IAzOperations collection.
get_Item

Retrieves the IAzRoleAssignment object at the specified index in the IAzRoleAssignments collection.
get_Item

Retrieves the IAzRoleDefinition object at the specified index in the IAzRoleDefinitions collection.
get_Item

Retrieves the IAzRole object at the specified index into the IAzRoles collection.
get_Item

Retrieves the IAzScope object at the specified index into the IAzScopes collection.
get_Item

Retrieves the IAzTask object at the specified index into the IAzTasks collection.
get_Item

Gets an ICertSrvSetupKeyInformation object that is identified by index in the collection.
get_Item

Gets a certification authority (CA) configuration identified by index in the configuration set.
get_Item

Gets the property identified by index in a property set.
get_ItemByName

Retrieves an ICertificationAuthority object from the collection by certification authority name.
get_ItemByName

Retrieves an ICspAlgorithm object from the collection by name.
get_ItemByName

Retrieves an ICspInformation object from the collection by name.
get_ItemByName

Retrieves an ICspStatus object from the collection by provider and algorithm name.
get_ItemByName

Retrieves an IX509CertificateTemplate object from the collection by name.
get_ItemByName

Gets a certification authority (CA) configuration identified by name in the configuration set.
get_ItemByName

Gets the property identified by name in a property set.
get_ItemByOid

Retrieves an IX509CertificateTemplate object from the collection by object identifier.
get_ItemByOperations

Retrieves an ICspStatus object that has the same name as the provider specified on input and the same algorithm but identifies a different cryptographic operation.
get_ItemByOrdinal

Retrieves an ICspStatus object from the collection by ordinal number.
get_ItemByProvider

Retrieves an ICspStatus object that has the same name as the provider specified on input but identifies an algorithm that supports a different intended key use.
get_KeyArchivalCertificate

Specifies or retrieves a certification authority (CA) encryption certificate. (Get)
get_KeyContainerNamePrefix

Specifies or retrieves a prefix used to create the container name for a new private key. (Get)
get_KeyProtection

Specifies or retrieves a value that indicates how a private key is protected before use. (Get)
get_KeySpec

Retrieves a value that specifies the intended use of the algorithms supported by the provider.
get_KeySpec

Retrieves a value that identifies whether the key pair stored by the provider or key container is used for encryption or for signing content.
get_KeySpec

Specifies or retrieves a value that identifies whether a private key can be used for signing, or encryption, or both. (Get)
get_KeySpec

The KeySpec property of ICEnroll4 sets or retrieves the type of key generated. (Get)
get_KeySpec

Sets or retrieves the type of key generated. (Get)
get_KeySpec

Gets a value that indicates whether the key bound to the configuration is used for encryption or for signing content.
get_KeyUsage

Retrieves the restrictions placed on the public key.
get_KeyUsage

Specifies or retrieves a value that identifies the specific purpose for which a private key can be used. (Get)
get_LdapQuery

Sets or retrieves the Lightweight Directory Access Protocol (LDAP) query used to define membership for an LDAP query application group. (Get)
get_LDAPQueryDN

Retrieves or sets the domain name of the directory object to be used during evaluation of LDAP query groups. (Get)
get_LegacyCsp

Retrieves a Boolean value that specifies whether the provider is a Cryptography API:_Next Generation (CNG) provider or a CryptoAPI (legacy) CSP.
get_LegacyCsp

Specifies or retrieves a Boolean value that indicates whether the provider is a CryptoAPI (legacy) cryptographic service provider (CSP). (Get)
get_Length

The bit length of the endorsement key. You can only access this property after the Open method has been called.
get_Length

Specifies or retrieves the length, in bits, of the private key. (Get)
get_Length

Retrieves the length of the public key.
get_Length

Gets or sets the strength of the key to one of the values supported by the cryptographic service provider (CSP). (Get)
get_LimitExchangeKeyToEncipherment

Sets or retrieves a Boolean value that determines whether an AT_KEYEXCHANGE request contains digital signature and nonrepudiation key usages. (Get)
get_LimitExchangeKeyToEncipherment

The LimitExchangeKeyToEncipherment property of IEnroll4 sets or retrieves a Boolean value that determines whether an AT_KEYEXCHANGE request contains digital signature and nonrepudiation key usages. (Get)
get_LocalRevocationInformation

Gets or sets the certificate revocation list (CRL) of the local machine. (Get)
get_LongName

Retrieves the full name of the algorithm.
get_MachineContext

Specifies or retrieves a Boolean value that identifies the local certificate store context. (Get)
get_MachineDnsName

Retrieves the Domain Name System (DNS) name of the computer that generated the request.
get_MajorVersion

Retrieves the minimum major version number of the certificate template.
get_MaxKeyContainerNameLength

Retrieves the maximum supported length for the name of the private key container associated with the provider.
get_MaxLength

Retrieves the maximum permitted length for a key.
get_MaxScriptEngines

Sets or retrieves the maximum number of Business Rule (BizRule) script engines that will be cached. (Get)
get_Members

Retrieves the security identifiers (SIDs), in text form, of accounts that belong to the application group.
get_Members

Retrieves the security identifiers (SIDs), in text form, of Windows accounts that belong to the role.
get_MembersName

Retrieves the account names of accounts that belong to the application group.
get_MembersName

Retrieves the account names of accounts that belong to the role.
get_MinLength

Retrieves the minimum permitted length for a key.
get_MinorVersion

Retrieves the minimum minor version number of the certificate template.
get_Modified

Gets a value that indicates whether an OCSPCAConfiguration object has been modified since it was created.
get_Modified

Gets a value that indicates whether an OCSPProperty object has been modified since it was instantiated.
get_MSCEPErrorId

Gets the ID for additional error information related to a failed Network Device Enrollment Service (NDES) specification. Any method call on the parent object resets this property.
get_MSCEPErrorString

Contains the string data for additional error information related to a failed Network Device Enrollment Service (NDES) specification. Any method call on the parent object resets this property.
get_MyStoreFlags

Sets or retrieves the registry location used for MY store. (Get)
get_MyStoreFlags

Sets or retrieves the registry location used for the MY store. (Get)
get_MyStoreName

Sets or retrieves the name of the store where certificates with linked private keys are kept. (Get)
get_MyStoreNameWStr

The MyStoreNameWStr property of IEnroll4 sets or retrieves the name of the store where certificates with linked private keys are kept. (Get)
get_MyStoreType

Sets or retrieves the type of store specified by the MyStoreName property. (Get)
get_MyStoreTypeWStr

Sets or retrieves the type of store specified by the MyStoreTypeWStr property. (Get)
get_Name

Sets or retrieves the name of the application. (Get)
get_Name

Sets or retrieves the name of the application group. (Get)
get_Name

Gets the name of the IAzObjectPicker object.
get_Name

Sets or retrieves the name of the operation. (Get)
get_Name

Sets or retrieves the name of the role. (Get)
get_Name

Sets or retrieves the name of the scope. (Get)
get_Name

Sets or retrieves the name of the task. (Get)
get_Name

Retrieves the abbreviated algorithm name.
get_Name

Retrieves the name.
get_Name

Retrieves a CERTENROLL_OBJECTID value that contains an object identifier.
get_Name

Retrieves a distinguished name.
get_Name

Retrieves the name portion of the name-value pair.
get_Name

Gets the identifier part of the name-value pair represented by an OCSPProperty object.
get_NameResolver

Gets a pointer to the IAzNameResolver interface associated with this IAzPrincipalLocator object.
get_NameValuePairs

Retrieves an IX509NameValuePairs collection associated with a certificate request.
get_NameValuePairs

A collection of name/value pairs of additional certificate property values.
get_NameValuePairs

Retrieves a collection of name-value pairs associated with the enrollment object.
get_NonMembers

Retrieves the security identifiers (SIDs), in text form, of accounts that are refused membership in the application group.
get_NonMembersName

Retrieves the account names of accounts that are refused membership in the application group.
get_NotAfter

Specifies or retrieves the date and time after which the certificate is no longer valid. (Get)
get_NotBefore

Specifies or retrieves the date and time before which the certificate is not valid. (Get)
get_NullSigned

Retrieves a Boolean value that specifies whether the primary signature on the certificate request is null-signed.
get_NullSigned

Retrieves a Boolean value that indicates whether the certificate request is null-signed.
get_NullSigned

Specifies and retrieves a Boolean value that indicates whether the certificate request is null-signed. (Get)
get_ObjectId

Retrieves the object identifier (OID), if any, associated with the name.
get_ObjectId

Retrieves an object identifier (OID) for the policy object.
get_ObjectId

Retrieves the object identifier (OID) for the attribute. (ICryptAttribute.get_ObjectId)
get_ObjectId

Retrieves the object identifier (OID) for the qualifier.
get_ObjectId

Retrieves the object identifier (OID) of the symmetric encryption algorithm.
get_ObjectId

Retrieves the object identifier (OID) for the attribute. (IX509Attribute.get_ObjectId)
get_ObjectId

Retrieves the object identifier (OID) for the extension.
get_ObjectPicker

Gets a pointer to the IAzObjectPicker interface associated with this IAzPrincipalLocator object.
get_OCSPCAConfigurationCollection

Gets an instance of an OCSPCAConfigurationCollection object. This object represents the set of certification authority (CA) certificates for which an Online Certificate Status Protocol (OCSP) responder service can handle status requests.
get_OCSPServiceProperties

Gets an instance of an OCSPPropertyCollection object. This object represents the attributes of an Online Certificate Status Protocol (OCSP) responder service.
get_OldCertificate

Retrieves the certificate passed to the InitializeFromCertificate method.
get_OldCertificate

Gets or sets an old certificate that a request is intended to replace. (Get)
get_Opened

Indicates whether the Open method has been successfully called.
get_Opened

Retrieves a Boolean value that specifies whether the private key is open.
get_OperationID

Sets or retrieves an application-specific value that uniquely identifies the operation within the application. (Get)
get_Operations

Retrieves an IAzOperations object that is used to enumerate IAzOperation objects from the policy data.
get_Operations

Retrieves the operations associated with the role.
get_Operations

Retrieves the operations associated with the task.
get_Operations

Retrieves the operations that can be performed by the algorithm.
get_Ordinal

Specifies or retrieves the position of the ICspStatus object in the ICspStatuses collection. (Get)
get_OSVersion

Retrieves the client operating system version information.
get_Parameters

Retrieves a byte array that contains the parameters associated with the signature algorithm. (Get)
get_ParentWindow

Specifies or retrieves the ID of the window used to display signing certificate information. (Get)
get_ParentWindow

Specifies and retrieves the ID of the window used by key-related user interface dialogs. (Get)
get_ParentWindow

Specifies or retrieves the ID of the window used to display the enrollment information. (Get)
get_ParentWindow

Specifies or retrieves the ID of the window used to display key information. (Get)
get_PathLenConstraint

Retrieves the depth of the subordinate certification authority chain.
get_Policies

Retrieves a collection of certificate policies.
get_Policies

Retrieves a collection of application policies.
get_PolicyAdministrators

Retrieves the security identifiers (SIDs), in text form, of principals that act as policy administrators.
get_PolicyAdministrators

Retrieves the security identifiers (SIDs) of principals that act as policy administrators in text form.
get_PolicyAdministrators

The PolicyAdministrators property of IAzScope retrieves the security identifiers (SIDs), in text form, of principals that act as policy administrators.
get_PolicyAdministratorsName

The IAzApplication::PolicyAdministratorsName property retrieves the account names of principals that act as policy administrators.
get_PolicyAdministratorsName

Retrieves the account names of principals that act as policy administrators. (IAzAuthorizationStore.get_PolicyAdministratorsName)
get_PolicyAdministratorsName

Retrieves the account names of principals that act as policy administrators. (IAzScope.get_PolicyAdministratorsName)
get_PolicyQualifiers

Retrieves a collection of optional policy qualifiers that can be applied to a certificate policy.
get_PolicyReaders

Retrieves the security identifiers (SIDs), in text form, of principals that act as policy readers.
get_PolicyReaders

Retrieves the security identifiers (SIDs) of principals that act as policy readers in text form.
get_PolicyReaders

The PolicyReaders property of IAzScope retrieves the security identifiers (SIDs), in text form, of principals that act as policy readers.
get_PolicyReadersName

The IAzApplication::PolicyReadersName property retrieves the account names of principals that act as policy readers.
get_PolicyReadersName

Retrieves the account names of principals that act as policy readers. (IAzAuthorizationStore.get_PolicyReadersName)
get_PolicyReadersName

Retrieves the account names of principals that act as policy readers. (IAzScope.get_PolicyReadersName)
get_PolicyServer

Retrieves the certificate enrollment policy (CEP) server that contains the template used during initialization. (IX509CertificateRequestCertificate2.get_PolicyServer)
get_PolicyServer

Retrieves the certificate enrollment policy (CEP) server that contains the template used during initialization. (IX509CertificateRequestCmc2.get_PolicyServer)
get_PolicyServer

Retrieves the certificate enrollment policy (CEP) server that contains the template used during initialization. (IX509CertificateRequestPkcs10V2.get_PolicyServer)
get_PolicyServer

Retrieves the certificate enrollment policy (CEP) server that contains the template used during initialization. (IX509CertificateRequestPkcs7V2.get_PolicyServer)
get_PolicyServer

Retrieves the certificate enrollment policy (CEP) server that contains the template used during initialization. (IX509Enrollment2.get_PolicyServer)
get_PrivateKey

Retrieves the private key associated with the certificate.
get_PrivateKey

Retrieves the private key associated with the ISignerCertificate object.
get_PrivateKey

Retrieves an IX509PrivateKey object that contains the private key used to sign the certificate request.
get_PrivateKeyArchiveCertificate

Sets or retrieves the certificate that is used to archive a private key with a PKCS (Get)
get_ProcessName

Retrieves the name of the application that generated the request.
get_Property

Retrieves a certification authority property value.
get_Property

Retrieves a template property value.
get_Property

Specifies or retrieves a property value for the IX509CertificateTemplateWritable object. (Get)
get_PropertyId

Specifies or retrieves a value of the CERTENROLL_PROPERTYID enumeration that identifies an external certificate property. (Get)
get_ProviderCLSID

Gets or sets the CLSID of the revocation information provider used by the CA configuration. (Get)
get_ProviderFlags

Sets or retrieves the provider type. (Get)
get_ProviderFlags

The ProviderFlags property of IEnroll4 sets or retrieves the provider type. (Get)
get_ProviderName

Retrieves the provider name.
get_ProviderName

The name of the encryption provider. The default is the Microsoft Platform Crypto Provider. You must set the ProviderName property before you call the Open method. You cannot change the ProviderName property after you have called the Open method. (Get)
get_ProviderName

Specifies or retrieves the name of the cryptographic provider. (Get)
get_ProviderName

Gets or sets the name of the cryptographic service provider (CSP) or key storage provider (KSP) that is used to generate or store the private key. (Get)
get_ProviderName

The ProviderName property of ICEnroll4 sets or retrieves the name of the cryptographic service provider (CSP) to use. (Get)
get_ProviderNameWStr

Sets or retrieves the name of the cryptographic service provider (CSP) to use. (Get)
get_ProviderProperties

Gets or sets information that provides certificate status responses. (Get)
get_ProviderType

Specifies or retrieves the type of cryptographic provider associated with the private key. (Get)
get_ProviderType

The ProviderType property of ICEnroll4 sets or retrieves the type of provider. (Get)
get_ProviderType

Sets or retrieves the type of provider. (Get)
get_PublicKey

Retrieves the IX509PublicKey object that contains the public key included in the certificate request.
get_PublicKeyAlgorithm

Specifies and retrieves an object identifier (OID) for the public key algorithm used in the GetSignatureAlgorithm method. (Get)
get_PVKFileName

The PVKFileName property of ICEnroll4 sets or retrieves the name of the file that will contain exported keys. (Get)
get_PVKFileNameWStr

Sets or retrieves the name of the file that will contain exported keys. (Get)
get_Qualifier

Retrieves a string that contains the qualifier used to initialize the object.
get_RawData

Retrieves the Distinguished Encoding Rules (DER) encoded byte array that contains the name.
get_RawData

Retrieves the value of the certificate property.
get_RawData

Retrieves the Distinguished Encoding Rules (DER) encoded qualifier object.
get_RawData

Retrieves the attribute value.
get_RawData

Retrieves a byte array that contains the signed, Distinguished Encoding Rules (DER) encoded certificate request.
get_RawData

Retrieves a byte array that contains the extension value. (IX509Extension.get_RawData)
get_RawDataToBeSigned

Retrieves the unsigned certificate request created by the Encode method.
get_ReaderName

Specifies or retrieves the name of a smart card reader. (Get)
get_ReminderDuration

Gets or sets the percentage of a signing certificate lifetime after which a warning event is logged. (Get)
get_Renewal

Retrieves the SHA-1 hash of the new certificate.
get_RenewalCertificate

Retrieves the certificate to be renewed.
get_RenewalCertificate

Specifies or retrieves a byte array that contains the Distinguished Encoding Rules (DER) encoded certificate that is being renewed. (Get)
get_RenewalCertificate

Specifies the certificate context for the renewal certificate. (Get)
get_Request

Retrieves the certificate request associated with the enrollment object.
get_Request

Gets the inner PKCS10 request.
get_RequesterName

Specifies or retrieves a string that contains the Security Account Manager (SAM) name of the end-entity requesting the certificate. (Get)
get_RequestId

Retrieves a unique certificate request identifier.
get_RequestId

Retrieves a unique identifier for the certificate request sent to the certification authority by the Enroll method.
get_RequestID

Gets the request ID from the Certificate Management over CMS (CMC) response.
get_RequestIdString

Retrieves a string that contains a unique identifier for the certificate request sent to the certification enrollment server (CES).
get_RequestOriginator

Retrieves a string that contains the DNS name of the originating computer.
get_RequestStoreFlags

Sets or retrieves the registry location used for the request store. (Get)
get_RequestStoreFlags

The RequestStoreFlags property of IEnroll4 sets or retrieves the registry location used for the request store. (Get)
get_RequestStoreName

Sets or retrievesICEnroll the name of the store that contains the dummy certificate. (Get)
get_RequestStoreNameWStr

The RequestStoreNameWStr property of IEnroll4 sets or retrieves the name of the store that contains the dummy certificate. (Get)
get_RequestStoreType

Sets or retrieves the type of store to use for the store specified by the RequestStoreName property. This store type is passed directly to the CertOpenStore function. (Get)
get_RequestStoreTypeWStr

Sets or retrieves the type of store to use for the store specified by the RequestStoreNameWStr property. This store type is passed directly to the CertOpenStore function. (Get)
get_Response

Retrieves the certificate response returned from a certification authority.
get_ReuseHardwareKeyIfUnableToGenNew

Sets or retrieves a Boolean value that determines the action taken by the certificate enrollment control object if an error is encountered when generating a new key. (Get)
get_ReuseHardwareKeyIfUnableToGenNew

The ReuseHardwareKeyIfUnableToGenNew property of IEnroll4 sets or retrieves a Boolean value that determines the action taken by the certificate enrollment control object if an error is encountered when generating a new key. (Get)
get_ReuseKey

Retrieves a Boolean value that indicates whether an existing private key was used to sign the request.
get_RoleAssignments

Gets an IAzRoleAssignments object that represents the collection of IAzRoleAssignment objects associated with the current IAzApplication3 object.
get_RoleAssignments

Retrieves an IAzRoleAssignments object that represents the collection of IAzRoleAssignment objects associated with this scope.
get_RoleDefinitions

Gets an IAzRoleDefinitions object that represents the collection of IAzRoleDefinition objects associated with the current IAzApplication3 object.
get_RoleDefinitions

Retrieves a collection of the IAzRoleDefinition objects associated with this IAzRoleAssignment object.
get_RoleDefinitions

Retrieves a collection of the IAzRoleDefinition objects associated with this IAzRoleDefinition object.
get_RoleDefinitions

Retrieves an IAzRoleDefinitions object that represents the collection of IAzRoleDefinition objects associated with this scope.
get_RoleForAccessCheck

Sets or retrieves the role that is used to perform the access check. (Get)
get_Roles

The Roles property of IAzApplication retrieves an IAzRoles object that is used to enumerate IAzRole objects from the policy data.
get_Roles

Retrieves an IAzRoles object that is used to enumerate IAzRole objects from the policy data.
get_RootStoreFlags

The RootStoreFlags property of ICEnroll4 sets or retrieves the registry location used for the root store. (Get)
get_RootStoreFlags

Sets or retrieves the registry location used for the root store. (Get)
get_RootStoreName

Sets or retrieves the name of the root store where all intrinsically trusted, self-signed root certificates are kept. (Get)
get_RootStoreNameWStr

The RootStoreNameWStr property of IEnroll4 sets or retrieves the name of the root store where all intrinsically trusted, self-signed root certificates are kept. (Get)
get_RootStoreType

Sets or retrieves the type of store to use for the store specified by the RootStoreName property. (Get)
get_RootStoreTypeWStr

Sets or retrieves the type of store to use for the store specified by the RootStoreNameWStr property. (Get)
get_Scope

Retrieves the IAzScope object that represents the scope in which this IAzRoleAssignment object is defined.
get_Scopes

Retrieves an IAzScopes object that is used to enumerate IAzScope objects from the policy data.
get_ScriptEngineTimeout

Sets or retrieves the time in milliseconds that the IAzClientContext::AccessCheck method will wait for a Business Rule (BizRule) to complete execution before canceling it. (Get)
get_SecurityDescriptor

Specifies or retrieves the security descriptor for the private key. (Get)
get_Selected

Specifies or retrieves a value that indicates whether an item can be used during the enrollment process. (Get)
get_SenderNonce

Specifies or retrieves a byte array that contains a nonce. (Get)
get_SerialNumber

Specifies and retrieves the certificate serial number. (Get)
get_SHA1Hash

Retrieves the SHA-1 hash of a certificate.
get_Sids

Gets an array of the security identifiers (SIDs) associated with this client context.
get_Signature

Retrieves the digital signature on the provider.
get_Signature

Retrieves the request signature created by the Encode method.
get_SignatureInformation

Retrieves an IX509SignatureInformation object that contains information about the certificate signature.
get_SignatureInformation

Retrieves the IX509SignatureInformation object that contains information about the primary signature used to sign the certificate request.
get_SignatureInformation

Retrieves the IX509SignatureInformation object that contains information about the certificate request signature.
get_SignerCertificate

Specifies or retrieves the ISignerCertificate object used to sign the certificate. (Get)
get_SignerCertificate

Specifies or retrieves a certificate used to sign the certificate request. (Get)
get_SignerCertificate

Gets or sets the signer certificate for the request. (Get)
get_SignerCertificates

Retrieves a collection of certificates used to sign the request.
get_SigningCertificate

Gets or sets a signing certificate that has been encoded by using Distinguished Encoding Rules (DER). An Online Certificate Status Protocol (OCSP) responder service uses this certificate to sign its responses to certificate status requests. (Get)
get_SigningCertificateTemplate

Gets or sets the template name for a signing certificate. (Get)
get_SigningFlags

Gets or sets a combination of flag values. These values specify the management of signing certificates that belong to a certification authority (CA) configuration. (Get)
get_Silent

Specifies or retrieves a Boolean value that indicates whether the user is notified when the private key is used to sign a certificate request. (Get)
get_Silent

Specifies or retrieves a Boolean value that indicates whether any of the key-related modal dialogs are displayed during the certificate enrollment process. (Get)
get_Silent

Specifies or retrieves a Boolean value that indicates whether a user interface is displayed during the certificate enrollment process. (Get)
get_Silent

Specifies or retrieves a Boolean value that indicates whether the Certificate Enrollment Control is allowed to display a dialog box when the private key is accessed. (Get)
get_SmimeCapabilities

Specifies or retrieves a Boolean value that tells the Encode method whether to create an IX509ExtensionSmimeCapabilities collection that identifies the encryption capabilities supported by the computer. (Get)
get_SmimeCapabilities

Retrieves a collection of ISmimeCapability objects.
get_SPCFileName

Sets or retrieves the name of the file to which to write the base64-encoded PKCS (Get)
get_SPCFileNameWStr

The SPCFileNameWStr property of IEnroll4 sets or retrieves the name of the file to which to write the base64-encoded PKCS (Get)
get_Status

Retrieves an IX509EnrollmentStatus object that can be used to monitor the status of the enrollment process and retrieve error information.
get_Status

Specifies or retrieves a value that indicates the status of the enrollment process. (Get)
get_Status

Gets the status of the request.
get_StrValue

Retrieves a string that contains an email address, a Domain Name System (DNS) name, a URL, a registered object identifier (OID), or a user principal name (UPN).
get_Subject

Specifies or retrieves the X.500 distinguished name of the entity requesting the certificate. (Get)
get_SubjectKeyIdentifier

Retrieves a byte array that contains the key identifier.
get_SuppressDefaults

Specifies or retrieves a Boolean value that indicates whether the default extensions and attributes are included in the request. (Get)
get_SuppressOids

Retrieves a collection of extension or attribute object identifiers (OIDs) to be suppressed from the certificate during the encoding process.
get_SuppressOids

Retrieves a collection of the default extension and attribute object identifiers (OIDs) that were not added to the request when the request was encoded.
get_TargetMachine

Retrieves the name of the computer on which account resolution should occur.
get_Tasks

The Tasks property of IAzApplication retrieves an IAzTasks object that is used to enumerate IAzTask objects from the policy data.
get_Tasks

Retrieves the tasks associated with the role.
get_Tasks

Retrieves an IAzTasks object that is used to enumerate IAzTask objects from the policy data.
get_Tasks

Retrieves the tasks associated with the task.
get_Template

Retrieves the certificate request template used during initialization. (IX509CertificateRequestCertificate2.get_Template)
get_Template

Retrieves the certificate request template used during initialization. (IX509CertificateRequestCmc2.get_Template)
get_Template

Retrieves the certificate request template used during initialization. (IX509CertificateRequestPkcs10V2.get_Template)
get_Template

Retrieves the certificate request template used during initialization. (IX509CertificateRequestPkcs7V2.get_Template)
get_Template

Retrieves a copy of the IX509CertificateTemplate object that was used to initialize this IX509CertificateTemplateWritable instance.
get_Template

Retrieves the certificate request template used during initialization. (IX509Enrollment2.get_Template)
get_TemplateName

Retrieves a string that contains the name of the template that the certificate can use for autoenrollment.
get_TemplateName

Retrieves the name of the template.
get_TemplateObjectId

Retrieves the object identifier (OID) of the template used to create the certificate request. (IX509CertificateRequestCmc.get_TemplateObjectId)
get_TemplateObjectId

Retrieves the object identifier (OID) of the template used to create the certificate request. (IX509CertificateRequestPkcs10.get_TemplateObjectId)
get_TemplateOid

Retrieves the template object identifier (OID).
get_Text

Specifies or retrieves a string that contains a message associated with the status of the enrollment process. (Get)
get_ThumbPrint

Sets or retrieves a hash of the certificate data. (Get)
get_ThumbPrintWStr

Sets or retrieves a hash of the certificate data. The thumbprint is used to point to the pending certificate. (Get)
get_TransactionId

Specifies or retrieves a transaction identifier that can be used to track a certificate request or response. (Get)
get_TransactionId

Gets or sets the transaction id for the request. (Get)
get_Type

Sets or retrieves the group type of the application group. (Get)
get_Type

Retrieves the alternative name type.
get_Type

Retrieves the algorithm type.
get_Type

Retrieves the type of the provider.
get_Type

Retrieves the qualifier type.
get_Type

Retrieves a value that specifies the type of the request object.
get_UIContextMessage

Specifies or retrieves a string that contains user interface text associated with the signing certificate. (Get)
get_UIContextMessage

Specifies or retrieves a context string to display in the user interface. (Get)
get_UIContextMessage

Specifies or retrieves a string that contains user interface text associated with the private key. (Get)
get_UniqueContainerName

Retrieves a unique name for the key container.
get_Url

Specifies or retrieves the URL for the certificate enrollment policy (CEP) server. (Get)
get_UseExistingKeySet

Sets or retrieves a Boolean value that determines whether the existing keys should be used. (Get)
get_UseExistingKeySet

The UseExistingKeySet property of IEnroll4 sets or retrieves a Boolean value that determines whether the existing keys should be used. (Get)
get_UserCanonical

Retrieves the name of the current client in canonical format.
get_UserDisplay

Retrieves the name of the current client in user display name format.
get_UserDn

Retrieves the name of the current client in distinguished name (DN) format.
get_UserDnsSamCompat

Retrieves the name of the current client in a DNS format compatible with Windows�Security�Account�Manager (SAM).
get_UserGuid

Retrieves the name of the current client in GUID format.
get_UserSamCompat

Retrieves the name of the current client in a format compatible with Windows�Security�Account�Manager (SAM).
get_UserSamName

Retrieves the Security Accounts Manager (SAM) name of the user.
get_UserUpn

Retrieves the name of the current client in user principal name (UPN) format.
get_Valid

Retrieves a Boolean value that specifies whether the algorithm object is valid.
get_Valid

Retrieves a Boolean value that specifies whether the provider is installed on the client computer.
get_Value

Retrieves a string that contains the dotted decimal object identifier (OID).
get_Value

Retrieves the value portion of the name-value pair.
get_Value

Gets or sets the data part of the name-value pair represented by an OCSPProperty object. (Get)
get_Values

Retrieves an IX509Attributes object that contains a collection of attributes.
get_Version

Sets or retrieves the version of the application. (Get)
get_Version

Retrieves the version number of the provider.
get_Writable

Retrieves a value that indicates whether the object can be modified by the user context that initialized it.
get_Writable

Retrieves a value that indicates whether the application group can be modified by the user context that initialized it.
get_Writable

Retrieves a value that indicates whether the object can be modified by the user context that called the Initialize method.
get_Writable

Retrieves a value that indicates whether the operation can be modified by the user context that initialized it.
get_Writable

Retrieves a value that indicates whether the role can be modified by the user context that initialized it.
get_Writable

Retrieves a value that indicates whether the scope can be modified by the user context that initialized it.
get_Writable

Retrieves a value that indicates whether the task can be modified by the user context that initialized it.
get_WriteCertToCSP

The WriteCertToCSP property of ICEnroll4 sets or retrieves a Boolean value that determines whether a certificate should be written to the cryptographic service provider (CSP). (Get)
get_WriteCertToCSP

Sets or retrieves a Boolean value that determines whether a certificate should be written to the cryptographic service provider (CSP). (Get)
get_WriteCertToUserDS

Sets or retrieves a Boolean value that determines whether the certificate is written to the user's Active Directory store. (Get)
get_WriteCertToUserDS

The WriteCertToUserDS property of IEnroll4 sets or retrieves a Boolean value that determines whether the certificate is written to the user's Active Directory store. (Get)
get_X509Extensions

Retrieves the certificate extensions.
get_X509Extensions

Retrieves a collection of the extensions included in the certificate request. (IX509CertificateRequestCmc.get_X509Extensions)
get_X509Extensions

Retrieves a collection of the extensions included in the certificate request. (IX509CertificateRequestPkcs10.get_X509Extensions)
GetAccessRights

The GetAccessRights method requests information about the access rights that can be controlled for a securable object.
GetAce

Obtains a pointer to an access control entry (ACE) in an access control list (ACL).
GetAclInformation

Retrieves information about an access control list (ACL).
GetAlgName

Retrieves the name of a cryptographic algorithm given its ID. The values retrieved by this method depend on the current cryptographic service provider (CSP). This method was first defined in the ICEnroll3 interface.
GetAlgNameWStr

Retrieves the name of a cryptographic algorithm given its ID. The values retrieved by this method depend on the current cryptographic service provider (CSP).
GetAlgorithmName

Retrieves the display name associated with an algorithm object identifier (OID).
GetAlgorithmOid

Retrieves the algorithm object identifier (OID). This method is web enabled.
GetAllowUnTrustedCA

Retrieves a value that specifies whether to allow an untrusted certification authority certificate.
GetAllProperties

Gets all properties in a property set.
GetAppContainerAce

Retrieves a value that indicates whether a package or capability SID is present.
GetAppContainerNamedObjectPath

Retrieves the named object path for the app container.
GetArchivedKey

Retrieves an archived key recovery BLOB.
GetAssignedScopesPage

Retrieves a list of the scopes in which the client represented by the current IAzClientContext2 object is assigned to at least one role.
GetAt

Retrieves an IIdentityProvider interface pointer for the specified identity provider.
GetAuditedPermissionsFromAclA

Retrieves the audited access rights for a specified trustee. (ANSI)
GetAuditedPermissionsFromAclW

Retrieves the audited access rights for a specified trustee. (Unicode)
GetAuthentication

The GetAuthentication method retrieves a value that specifies the type of authentication used by the certificate enrollment policy (CEP) server to authenticate a client. This value is set by the Initialize method.
GetAuthFlags

Retrieves a value that specifies the authentication type used by the client to authenticate itself to the certificate enrollment policy (CEP) server.
GetBitCount

Returns the number of bits in a bit string that belongs to the CertEncodeBitString object and has been initialized by an earlier call to ICertEncodeBitString::Decode.
GetBitString

Returns the string of bits in the object's bit string.
GetBusinessRuleString

Returns the application-specific string for the business rule (BizRule).
GetCACertificate

Returns the certification authority (CA) certificate for the Certificate Services server.
GetCacheDir

Retrieves the name of the directory on the certificate enrollment policy (CEP) server that contains the policy cache file.
GetCachedSigningLevel

Retrieves the cached signing level.
GetCachePath

Retrieves the path of the policy cache file on the certificate enrollment policy (CEP) server.
GetCAProperty

Retrieves a property value for the certification authority (CA). (ICertRequest2.GetCAProperty)
GetCAProperty

Retrieves a property value for the certification authority (CA). (ICertAdmin2.GetCAProperty)
GetCAPropertyDisplayName

Retrieves the property display name for a certification authority (CA) property.
GetCAPropertyDisplayName

The ICertAdmin2::GetCAPropertyDisplayName method retrieves the property display name for a certification authority (CA) property.
GetCAPropertyFlags

Retrieves the property flags for a certification authority (CA) property.
GetCAPropertyFlags

The ICertAdmin2::GetCAPropertyFlags method retrieves the property flags for a certification authority (CA) property.
GetCAs

Retrieves a collection of certification enrollment servers included in the policy.
GetCASetupProperty

Gets a property value for a certification authority (CA) configuration.
GetCAsForTemplate

Retrieves a collection of certificate enrollment servers that support a specified template.
getCAStore

The getCAStore method is not implemented.
getCertContextFromFileResponseWStr

Retrieves the certificate from a file containing a response from a certification authority.
getCertContextFromPKCS7

Retrieves a certificate context based on a PKCS
getCertContextFromResponseBlob

Retrieves the certificate from a certification authority's response.
getCertFromFileResponse

Retrieves the certificate from a file containing a response from a certification authority. This method was first defined in the ICEnroll4 interface.
getCertFromPKCS7

Retrieves the certificate, contained in a PKCS
getCertFromResponse

Retrieves the certificate from a certification authority's response. This method was first defined by the ICEnroll4 interface.
GetCertificate

Returns the certificate issued for the request as an X.509 certificate, or optionally packaged in a Public Key Cryptography Standards (PKCS)
GetCertificateCount

Gets the count of the endorsement certificates in the key storage provider.
GetCertificateExtension

Gets a specified certificate extension.
GetCertificateExtension

Retrieves a specific certificate extension.
GetCertificateExtensionFlags

Gets the flags from the extension acquired by the most recent call to ICertServerExit::GetCertificateExtension.
GetCertificateExtensionFlags

Retrieves the flags associated with the extension acquired by the most recent call to GetCertificateExtension.
GetCertificateProperty

Returns a named property from a certificate. (ICertServerExit.GetCertificateProperty)
GetCertificateProperty

Returns a named property from a certificate. (ICertServerPolicy.GetCertificateProperty)
GetColumnCount

Retrieves the number of columns in the view of the Certificate Services database.
GetConfig

Retrieves the configuration string for a Certificate Services server. This method was first defined in the ICertConfig interface.
GetConfigEntry

Retrieves configuration information for a certification authority (CA).
GetConfiguration

Connects to an Online Certificate Status Protocol (OCSP) responder server and initializes an OCSPAdmin object with the configuration information from the server.
GetCount

Gets the number of identity providers registered on the system.
GetCount

Returns the number of DATE values in the object's DATE array.
GetCount

Returns the number of Long values in the object's Long array.
GetCount

Returns the number of string values in the string array.
GetCRL

Retrieves the current certificate revocation list (CRL) for the Certificate Services certification authority (CA).
GetCspStatuses

Retrieves an ICspStatuses collection that contains all provider/algorithm pairs consistent with the intended use of the private key as specified by the caller.
GetCspStatusesFromOperations

Retrieves an ICspStatuses collection by supported key operations and optional provider information.
GetCspStatusFromOperations

Creates an ICspStatus object for the first supported algorithm that is consistent with the specified signature, encryption, hashing, or cipher operation.
GetCspStatusFromProviderName

Retrieves an ICspStatus object for a legacy provider by provider name and supported key operations.
GetCustomOids

Is not implemented.
GetData

The GetData method retrieves configuration information from the Security Configuration snap-in.
GetDefaultSecurityDescriptor

Retrieves the default private key security descriptor.
GetDescription

Returns a human-readable description of the policy module and its function.
GetDescription

Returns a human-readable description of the exit module and its function.
GetDisplayName

Retrieves the localized name of the current column in the column-enumeration sequence.
GetDispositionMessage

Gets a human-readable message that gives the current disposition of the certificate request.
GetDistPointCount

Returns the number of certificate revocation list (CRL) distribution points in a CRL distribution information array.
GetEffectivePermission

Returns the effective permission for an object type.
GetEffectiveRightsFromAclA

Retrieves the effective access rights that an ACL structure grants to a specified trustee. The trustee's effective access rights are the access rights that the ACL grants to the trustee or to any groups of which the trustee is a member. (ANSI)
GetEffectiveRightsFromAclW

Retrieves the effective access rights that an ACL structure grants to a specified trustee. The trustee's effective access rights are the access rights that the ACL grants to the trustee or to any groups of which the trustee is a member. (Unicode)
GetEncryptionCspAlgorithms

Retrieves the collection of encryption algorithms supported by a provider.
GetEncSChannel

This function is unavailable.
GetEnrollmentServerAuthentication

The GetEnrollmentServerAuthentication method retrieves a value that specifies the type of authentication used by the certificate enrollment server (CES) to authenticate a client. This value is set by the Initialize method.
GetEnrollmentServerUrl

Retrieves a string that contains the URL for the certificate enrollment server.
GetErrorMessageText

Retrieves the error message text for an HRESULT error code.
GetExistingCACertificates

Gets the collection of CertSrvSetupKeyInformation objects that represent valid certification authority (CA) certificates currently installed on the computer.
GetExplicitEntriesFromAclA

Retrieves an array of structures that describe the access control entries (ACEs) in an access control list (ACL). (ANSI)
GetExplicitEntriesFromAclW

Retrieves an array of structures that describe the access control entries (ACEs) in an access control list (ACL). (Unicode)
GetField

Gets a specific field from the current record of the configuration database. This method was first defined in the ICertConfig interface.
GetFileSecurityA

Obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges. (GetFileSecurityA)
GetFileSecurityW

Obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges. (GetFileSecurityW)
GetFlags

Retrieves the policy and origin flags of the current extension in the extension-enumeration sequence.
GetFriendlyName

Retrieves a display name for the certificate enrollment policy (CEP) server.
GetFriendlyNameOfCertA

Retrieves the display name for a certificate. (ANSI)
GetFriendlyNameOfCertW

Retrieves the display name for a certificate. (Unicode)
GetFullResourceName

Retrieves the full path and file name of the object associated with the access control editor that is displayed by calling the OpenElevatedEditor method.
GetFullResponseProperty

Retrieves the cached response data returned by the server.
GetGroups

Returns an array of the application groups associated with this client context.
GetHashAlgorithmList

Gets the list of hash algorithms supported by the specified cryptographic service provider (CSP) for an asymmetric signature key algorithm.
GetHashAlgorithms

Retrieves the collection of hash algorithms supported by a provider.
GetHashAlgorithms

Gets a list of hash-algorithm names. The Online Certificate Status Protocol (OCSP) responder server uses these names to sign OCSP responses for a given certification authority (CA) configuration.
GetIdentityEnum

Retrieves an IEnumUnknown interface pointer that can be used to enumerate identities.
GetInheritanceSourceA

Returns information about the source of inherited access control entries (ACEs) in an access control list (ACL). (ANSI)
GetInheritanceSourceW

Returns information about the source of inherited access control entries (ACEs) in an access control list (ACL). (Unicode)
GetInheritSource

The ISecurityObjectTypeInfo::GetInheritSource method provides a means of determining the source of inherited access control entries in discretionary access control lists and system access control lists.
GetInheritTypes

The GetInheritTypes method requests information about how ACEs can be inherited by child objects. For more information, see ACE Inheritance.
GetInnerRequest

Retrieves a nested request object.
GetInterfaceValue

Gets the ID and flags of the interface that corresponds to the specified interface name.
GetIsDefaultCEP

Retrieves a Boolean value that specifies whether this is the default certificate enrollment policy (CEP) server.
GetIssuedCertificate

Retrieves a certificate's disposition by specifying either the request ID or the certificate serial number.
GetIssuedCertificate2

Retrieves a certificate's disposition by specifying either the request ID string or the certificate serial number.
GetKernelObjectSecurity

Retrieves a copy of the security descriptor that protects a kernel object.
GetKeyLen

Retrieves the minimum and maximum key lengths for the signature and exchange keys.
GetKeyLen

The IEnroll4::GetKeyLen method retrieves the minimum and maximum key lengths for the signature and exchange keys.
GetKeyLenEx

Retrieves size information for the signature and exchange keys. This method was first defined in the ICEnroll4 interface.
GetKeyLenEx

Retrieves size information for the signature and exchange keys.
GetKeyLengthList

Gets the list of key lengths supported by the specified cryptographic service provider (CSP). (ICertSrvSetup.GetKeyLengthList)
GetKeyLengthList

Gets the list of key lengths supported by the specified cryptographic service provider (CSP). (IMSCEPSetup.GetKeyLengthList)
GetLastStatus

Gets the last return code for this request. This returns the error code information, rather than the disposition of the request.
GetLastUpdateTime

Retrieves the date and time at which the policy was last downloaded.
GetLengthSid

Returns the length, in bytes, of a valid security identifier (SID).
GetManageModule

Retrieves the ICertManageModule interface associated with the ICertPolicy2 interface by calling GetManageModule and passing in the address of a pointer to an ICertManageModule.
GetManageModule

Retrieves the ICertManageModule interface associated with the ICertExit2 interface by calling GetManageModule and passing in the address of a pointer to an ICertManageModule.
GetMaxLength

Retrieves the maximum allowable length, in bytes, for the column data.
GetMSCEPSetupProperty

Gets a property value for a Network Device Enrollment Service (NDES) configuration.
GetMyRoles

Retrieves the certification authority (CA) roles of the caller.
GetMyRoles

Gets the access mask of privilege roles for a user on a given Online Certificate Status Protocol (OCSP) responder server.
getMyStore

The getMyStore method is not implemented.
GetName

Returns the specified name from the alternate name array.
GetName

Returns the name at a specified index of a certificate revocation list (CRL) distribution information point.
GetName

Retrieves the name of the current attribute in the attribute-enumeration sequence.
GetName

Retrieves the nonlocalized name of the current column in the column-enumeration sequence.
GetName

Retrieves the name of the current extension in the extension-enumeration sequence.
GetNameChoice

Returns the name choice at a specified index of an alternate name array.
GetNameChoice

Returns the name choice at a specified index of a certificate revocation list (CRL) distribution information point.
GetNameCount

Returns the number of names in the alternate name array.
GetNameCount

Returns the number of names in a certificate revocation list (CRL) distribution point.
GetNamedSecurityInfoA

Retrieves a copy of the security descriptor for an object specified by name. (ANSI)
GetNamedSecurityInfoW

Retrieves a copy of the security descriptor for an object specified by name. (Unicode)
GetNextUpdateTime

Retrieves the date and time at which the policy expires and should be refreshed.
GetObjectInformation

The GetObjectInformation method requests information that the access control editor uses to initialize its pages and to determine the editing options available to the user.
GetOpenCardNameA

The GetOpenCardName function displays the smart card "select card" dialog box. (ANSI)
GetOpenCardNameW

The GetOpenCardName function displays the smart card "select card" dialog box. (Unicode)
GetOperations

Returns a collection of the operations, within the specified scope, that the principal represented by the current client context has permission to perform.
GetParameter

Gets the specified value from the varParameterValues parameter of the IAzClientContext::AccessCheck method.
GetParameterValue

Gets the value type of the business rule (BizRule) parameter with the specified name.
GetPasswordCredentials

Returns credentials to authenticate a non-domain joined container with Active Directory.
GetPolicyServerId

Retrieves a string that uniquely identifies the certificate enrollment policy (CEP) server.
GetPolicyServerId

Retrieves a string value that uniquely identifies the certificate enrollment policy (CEP) server.
GetPolicyServerUrl

Retrieves a string that contains the URL for the certificate enrollment policy (CEP) server.
GetPolicyServerUrl

Retrieves a string value that contains the URL for the certificate enrollment policy (CEP) server.
GetPrincipals

Displays a dialog box from which users can choose one or more principals, and then returns the chosen list of principals and their corresponding security identifiers (SIDs).
GetPrivateKeyArchiveCertificate

The GetPrivateKeyArchiveCertificate method retrieves the certificate used to archive the private key. This method was first defined in the IEnroll4 interface.
GetPrivateKeyContainerList

Gets the list of key container names stored by the specified cryptographic service provider (CSP) for asymmetric signature key algorithms.
GetPrivateObjectSecurity

Retrieves information from a private object's security descriptor.
GetProperty

Returns the IAzApplication object property with the specified property ID.
GetProperty

Returns the IAzApplicationGroup object property with the specified property ID.
GetProperty

Returns the AzAuthorizationStore object property with the specified property ID.
GetProperty

Returns the IAzClientContext object property with the specified property ID.
GetProperty

Returns the IAzOperation object property with the specified property ID.
GetProperty

Returns the IAzRole object property with the specified property ID.
GetProperty

Returns the IAzScope object property with the specified property ID.
GetProperty

Returns the IAzTask object property with the specified property ID.
GetProperty

Retrieves a CEPSetupProperty enumeration value for the Certificate Enrollment Policy (CEP) Web Service configuration.
GetProperty

Retrieves a CESSetupProperty enumeration value for the Certificate Enrollment Web Service (CES) configuration.
GetProperty

Retrieves a module's property value.
GetPropertyFlags

Retrieves a value that specifies the default policy server URL.
GetProviderNameList

Gets the list of cryptographic service providers (CSPs) that provide asymmetric key signature algorithms on the computer.
GetProviderNameList

Gets the list of cryptographic service providers (CSPs) that provide asymmetric key signature and exchange algorithms on the computer.
GetProviderPropertyStore

Retrieves a pointer to the IPropertyStore interface associated with the identity provider.
getProviderType

Retrieves the type of the specified cryptographic service provider (CSP). This method was first defined in the ICEnroll4 interface.
getProviderTypeWStr

Retrieves the type of the specified cryptographic service provider (CSP).
GetRefreshPolicy

Returns a value that indicates whether a client's cached certificate enrollment policy is out of date and needs to be refreshed.
GetRequestAttribute

Returns a named attribute value from a request.
GetRequestAttribute

Returns a named attribute from a request.
GetRequestId

Gets the current internal request number for the request and subsequent certificate.
GetRequestIdString

Retrieves a unique string identifier for the certificate request sent to the certification authority during enrollment.
GetRequestIdString

Gets the current internal request number, formatted as a string, for the request and subsequent certificate.
GetRequestProperty

Returns a named property from a request.
GetRequestProperty

Retrieves a specific property from a request.
GetRevocationReason

Returns the reason a certificate was revoked. This method was first defined in the ICertAdmin interface.
GetRoles

Returns the roles for the client context.
getROOTHStore

The getROOTHStore method is not implemented.
GetSchemaVersion

Gets the version number of this authorization store.
GetSecondarySecurity

Returns additional security contexts that may impact access to the resource.
GetSecurity

The GetSecurity method requests a security descriptor for the securable object whose security descriptor is being edited. The access control editor calls this method to retrieve the object's current or default security descriptor.
GetSecurity

Gets security descriptor information for an Online Certificate Status Protocol (OCSP) responder server.
GetSecurityDescriptorControl

Retrieves a security descriptor control and revision information.
GetSecurityDescriptorDacl

Retrieves a pointer to the discretionary access control list (DACL) in a specified security descriptor.
GetSecurityDescriptorGroup

Retrieves the primary group information from a security descriptor.
GetSecurityDescriptorLength

Returns the length, in bytes, of a structurally valid security descriptor. The length includes the length of all associated structures.
GetSecurityDescriptorOwner

Retrieves the owner information from a security descriptor.
GetSecurityDescriptorRMControl

Retrieves the resource manager control bits.
GetSecurityDescriptorSacl

Retrieves a pointer to the system access control list (SACL) in a specified security descriptor.
GetSecurityInfo

Retrieves a copy of the security descriptor for an object specified by a handle.
GetServiceDirectory

Returns a path for a per-service filesystem location for a service to read and/or write state to.
GetServiceDisplayNameA

Retrieves the display name of the specified service. (ANSI)
GetServiceDisplayNameW

Retrieves the display name of the specified service. (Unicode)
GetServiceKeyNameA

Retrieves the service name of the specified service. (ANSI)
GetServiceKeyNameW

Retrieves the service name of the specified service. (Unicode)
GetServiceRegistryStateKey

Returns a handle for a registry key for a service to read and/or write state to.
GetSharedServiceDirectory

Returns a path for a per-service filesystem location for a service and associated programs to read and/or write state to.
GetSharedServiceRegistryStateKey

Returns a handle for a registry key for a service and associated programs to read and/or write state to.
GetSidIdentifierAuthority

Returns a pointer to the SID_IDENTIFIER_AUTHORITY structure in a specified security identifier (SID).
GetSidLengthRequired

Returns the length, in bytes, of the buffer required to store a SID with a specified number of subauthorities.
GetSidSubAuthority

Returns a pointer to a specified subauthority in a security identifier (SID). The subauthority value is a relative identifier (RID).
GetSidSubAuthorityCount

Returns a pointer to the member in a security identifier (SID) structure that contains the subauthority count.
GetSignatureAlgorithm

Retrieves the signing algorithm object identifier (OID).
GetSigningCertificates

Gets the signing certificates that are available on a responder server for a given certification authority (CA) certificate.
GetStringProperty

Retrieves the certificate enrollment policy (CEP) server ID or the display name of the CEP server.
GetStringType

Returns the type of string values that the string array contains.
GetSupportedCATypes

Gets the types of certification authorities (CAs) that can be installed on a computer under the caller context.
GetSupportedKeySpec

Retrieves information regarding the current cryptographic service provider (CSP) support for signature and/or exchange operations. This method was first defined in the ICEnroll3 interface.
GetSupportedKeySpec

Retrieves information regarding the current cryptographic service provider (CSP) support for signature and/or exchange operations.
GetTasks

Returns a collection of the tasks, within the specified scope, that the principal represented by the current client context has permission to perform.
GetTemplates

Retrieves a collection of the templates supported by the certificate enrollment policy (CEP) server.
GetTokenInformation

Retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
GetTrusteeFormA

Retrieves the trustee name from the specified TRUSTEE structure. This value indicates whether the structure uses a name string or a security identifier (SID) to identify the trustee. (ANSI)
GetTrusteeFormW

Retrieves the trustee name from the specified TRUSTEE structure. This value indicates whether the structure uses a name string or a security identifier (SID) to identify the trustee. (Unicode)
GetTrusteeNameA

Retrieves the trustee name from the specified TRUSTEE structure. (ANSI)
GetTrusteeNameW

Retrieves the trustee name from the specified TRUSTEE structure. (Unicode)
GetTrusteeTypeA

Retrieves the trustee type from the specified TRUSTEE structure. This value indicates whether the trustee is a user, a group, or the trustee type is unknown. (ANSI)
GetTrusteeTypeW

Retrieves the trustee type from the specified TRUSTEE structure. This value indicates whether the trustee is a user, a group, or the trustee type is unknown. (Unicode)
GetType

Retrieves the data type of the current column in the column-enumeration sequence.
GetUrl

Returns the URL string for the specified wizard or webpage.
GetUrlFlags

Retrieves a set of flags that contain miscellaneous policy information about the certificate enrollment policy (CEP) server.
GetUseClientId

Retrieves a value that specifies whether the ClientId attribute is set in the policy server flags of the certificate enrollment policy (CEP) server.
GetUserObjectSecurity

Retrieves security information for the specified user object.
GetValue

Returns the specified date from the DATE array.
GetValue

Returns the specified Long value from the Long array.
GetValue

Returns the specified string from the string array.
GetValue

Retrieves the value of the current attribute in the attribute-enumeration sequence.
GetValue

Retrieves the data value contained in the current column in the column-enumeration sequence.
GetValue

Retrieves the value of the current extension in the extension-enumeration sequence.
GetWindowsAccountDomainSid

Receives a security identifier (SID) and returns a SID representing the domain of that SID.
IdentityUpdated

Is called by an identity provider to notify a calling application that an identity event occurred.
ImpersonateAnonymousToken

Enables the specified thread to impersonate the system's anonymous logon token.
ImpersonateLoggedOnUser

Lets the calling thread impersonate the security context of a logged-on user. The user is represented by a token handle.
ImpersonateNamedPipeClient

Impersonates a named-pipe client application.
ImpersonateSecurityContext

Allows a server to impersonate a client by using a token previously obtained by a call to AcceptSecurityContext (General) or QuerySecurityContextToken.
ImpersonateSelf

Obtains an access token that impersonates the security context of the calling process. The token is assigned to the calling thread.
Import

Imports an identity to the system.
Import

Imports an existing private key into a key container within a cryptographic provider.
ImportCertificate

Takes a previously issued certificate and imports it to the certification authority's (CA) database. This method was first defined in the ICertAdmin interface.
ImportKey

Adds an encrypted key set to an item in the Certificate Services database. The key set is encrypted to one or several key recovery agent (KRA) certificates.
ImportPFXToProvider

Imports a PFX certificate.
ImportPFXToProviderFreeData

Frees PFX certificate context(s).
ImportSecurityContextA

Imports a security context. The security context must have been exported to the process calling ImportSecurityContext by a previous call to ExportSecurityContext. (ANSI)
ImportSecurityContextW

Imports a security context. The security context must have been exported to the process calling ImportSecurityContext by a previous call to ExportSecurityContext. (Unicode)
Initialize

Initializes the authorization manager.
Initialize

Initialize using the full Certificate Management over CMS (CMC) response returned from the CA.
Initialize

Initializes the object from an object identifier (OID).
Initialize

Initializes the object from a Boolean value that specifies whether the certificate has been archived.
Initialize

Initializes the object from a byte array that contains the hash.
Initialize

Initializes the object by specifying the name of the template to be used for autoenrollment.
Initialize

Initializes the object from a Boolean value and a date.
Initialize

Initializes the object from a string that contains descriptive information about the certificate.
Initialize

Initializes the property from the certificate request ID, the certification authority (CA) configuration string, and an optional certificate display name.
Initialize

Initializes an ICertPropertyEnrollmentPolicyServer object.
Initialize

Initializes the object from the certificate display name.
Initialize

Initializes the object from a private key.
Initialize

Initializes the object from a SHA-1 hash of the new certificate.
Initialize

Initializes the object from a string that contains the DNS name of the originating computer.
Initialize

Initializes the object from the SHA-1 hash of a certificate.
Initialize

Initializes the object from a cryptographic provider and an associated algorithm.
Initialize

Initializes the object from a signing certificate.
Initialize

Initializes the object from a symmetric encryption algorithm object identifier (OID) and an optional key length.
Initialize

Initializes the object from an object identifier (OID) and a value.
Initialize

Initializes the request object for a user or a computer.
Initialize

Initializes an IX509CertificateTemplateWritable object from a template.
Initialize

Initializes the enrollment object and creates a default PKCS
Initialize

Initializes an IX509EnrollmentHelper object.
Initialize

Initializes an IX509EnrollmentPolicyServer object.
Initialize

Initializes an IX509Extension object by using an object identifier (OID) and a byte array that contains the Distinguished Encoding Rules (DER) encoded extension.
Initialize

Initializes the object from strings that contain the name and associated value.
Initialize

Initializes an IX509PolicyServerListManager object.
Initialize

Initializes an IX509PolicyServerUrl object for a computer or user context.
Initialize

Initializes the object from a public key algorithm object identifier (OID) and from byte arrays that contain a public key and the associated parameters, if any.
Initialize

Initialize the instance in preparation for a new request.
Initialize

Called by the server engine to allow the policy module to perform initialization tasks.
Initialize

Initializes the NDES policy module.
Initialize

Called by the server engine when it initializes itself.
Initialize

The Initialize method informs the Security Configuration snap-in that the snap-in extension is loaded, and it establishes a context for communications.
InitializeAcl

Initializes a new ACL structure.
InitializeClientContext2

Retrieves an IAzClientContext2 object pointer.
InitializeClientContextFromName

Gets an IAzClientContext object pointer from the client identity as a (domain name, client name) pair.
InitializeClientContextFromStringSid

Gets an IAzClientContext object pointer from the specified security identifier (SID) in text form.
InitializeClientContextFromToken

Gets an IAzClientContext object pointer from the specified client token.
InitializeClientContextFromToken2

Retrieves an IAzClientContext2 object pointer from the specified client token.
InitializeDecode

Initializes the object from a byte array that contains the property value.
InitializeDecode

Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains the encrypted private key.
InitializeDecode

Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains a SHA-1 hash of the encrypted private key.
InitializeDecode

Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains the attribute value. (IX509AttributeClientId.InitializeDecode)
InitializeDecode

Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains information about the provider.
InitializeDecode

Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains the attribute value. (IX509AttributeExtensions.InitializeDecode)
InitializeDecode

Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains the operating system version information.
InitializeDecode

Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains the certificate to be renewed.
InitializeDecode

Decodes an existing signed or unsigned PKCS (IX509CertificateRequestPkcs10.InitializeDecode)
InitializeDecode

Decodes an existing signed or unsigned PKCS (IX509CertificateRequestPkcs7.InitializeDecode)
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionAlternativeNames.InitializeDecode)
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionAuthorityKeyIdentifier.InitializeDecode)
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionBasicConstraints.InitializeDecode)
InitializeDecode

Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value.
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionEnhancedKeyUsage.InitializeDecode)
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionKeyUsage.InitializeDecode)
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionMSApplicationPolicies.InitializeDecode)
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionSmimeCapabilities.InitializeDecode)
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionSubjectKeyIdentifier.InitializeDecode)
InitializeDecode

Initializes the extension from a DER-encoded byte array that contains the extension value.
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionTemplateName.InitializeDecode)
InitializeDefaults

Initializes a CCertSrvSetup object with default values to enable installation of the Certification Authority role.
InitializeDefaults

Initializes a CMSCEPSetup object with default values to enable installation of a Network Device Enrollment Service (NDES) role.
InitializeEncode

Initializes the object from a string and a value that identifies the qualifier type.
InitializeEncode

Initializes the attribute from an IX509PrivateKey object, the certification authority encryption certificate, and the symmetric encryption algorithm object identifier (OID).
InitializeEncode

Initializes the attribute from information about the user, client computer, and application that submitted the certificate request.
InitializeEncode

Initializes the attribute from information about the provider.
InitializeEncode

Initializes the object from an IX509Extensions collection.
InitializeEncode

Initializes the attribute from operating system version information.
InitializeEncode

Initializes the attribute by using the certificate to be renewed.
InitializeEncode

Initializes the extension from an IAlternativeNames collection.
InitializeEncode

Initializes the extension from a byte array.
InitializeEncode

Initializes the extension from a Boolean value that indicates whether the certificate subject is a certification authority (CA) and an integer that contains the depth of the subordinate CA chain.
InitializeEncode

Initializes the object from an ICertificatePolicies collection.
InitializeEncode

Initializes the extension from a collection of IObjectId object identifiers (OIDs) that specify the intended uses of the public key.
InitializeEncode

Initializes the extension by using the X509KeyUsageFlags enumeration.
InitializeEncode

Initializes the extension from an ICertificatePolicies collection.
InitializeEncode

Initializes the extension from an ISmimeCapabilities collection.
InitializeEncode

Initializes the extension from a byte array that contains the key identifier.
InitializeEncode

Initializes the extension from a template object identifier (OID) and from major and minor version numbers.
InitializeEncode

Initializes the extension from a string that contains the template name.
InitializeEncodeFromEncryptedKeyBlob

Initializes the attribute from an encrypted private key.
InitializeForPending

Initialize the instance to prepare to generate a message to either retrieve an issued certificate, or install a response for a previous request by the issuer.
InitializeFromAlgorithmName

Initializes the object from an algorithm name or an object identifier.
InitializeFromCertificate

Initializes the collection from the properties contained in a certificate.
InitializeFromCertificate

Initializes the object by using a property value associated with an existing certificate.
InitializeFromCertificate

Initializes the certificate request by using an existing certificate. (IX509CertificateRequestPkcs10.InitializeFromCertificate)
InitializeFromCertificate

Initializes the certificate request by using an existing certificate. (IX509CertificateRequestPkcs7.InitializeFromCertificate)
InitializeFromCertificateHash

Initializes the object from the new certificate.
InitializeFromCurrentTime

Initializes the property from a Boolean value and the current system date and time.
InitializeFromEncodedPublicKeyInfo

Initializes the object from a byte array that contains a public key.
InitializeFromInnerRequest

Initializes the certificate request from the inner PKCS
InitializeFromInnerRequestTemplate

Initializes the certificate request from an inner request object and a template.
InitializeFromInnerRequestTemplateName

The InitializeFromInnerRequestTemplateName method initializes the certificate request from an inner request object and a template.
InitializeFromLocalRequestOriginator

Initializes the object from the DNS name of the local computer.
InitializeFromName

Initializes the object from a string that contains a provider name.
InitializeFromName

Initializes the object from a CERTENROLL_OBJECTID enumeration value.
InitializeFromObjectId

Initializes a cryptographic attribute by using an object identifier.
InitializeFromOtherName

Initializes the object from an object identifier (OID) and the associated raw data (byte array).
InitializeFromPrivateKey

Initializes the certificate request by using an IX509PrivateKey object and, optionally, a template.
InitializeFromPrivateKeyTemplate

Initializes the certificate request by using an IX509PrivateKey object and a certificate template. (IX509CertificateRequestCertificate2.InitializeFromPrivateKeyTemplate)
InitializeFromPrivateKeyTemplate

Initializes the certificate request by using an IX509PrivateKey object and a certificate template. (IX509CertificateRequestPkcs10V2.InitializeFromPrivateKeyTemplate)
InitializeFromProperties

Creates a property set from the properties contained in an existing server configuration.
InitializeFromPublicKey

Initializes a null-signed certificate request by using an IX509PublicKey object and, optionally, a template.
InitializeFromPublicKeyTemplate

Initializes a null-signed certificate request by using an IX509PublicKey object and a template.
InitializeFromRawData

Initializes the object from a Digital Signature Algorithm (DSA) GUID, an X.500 directory name, or an Internet Protocol (IP) address contained in a Distinguished Encoding Rules (DER) encoded byte array.
InitializeFromRequest

Initializes the enrollment object from an existing IX509CertificateRequest object.
InitializeFromString

Initializes the object from a string that contains an email address, a Domain Name System (DNS) name, a URL, a registered object identifier (OID), or a user principal name (UPN).
InitializeFromTemplate

Initializes the certificate request by using a template. (IX509CertificateRequestCertificate2.InitializeFromTemplate)
InitializeFromTemplate

Initializes the certificate request by using a template. (IX509CertificateRequestCmc2.InitializeFromTemplate)
InitializeFromTemplate

Initializes the certificate request by using a template. (IX509CertificateRequestPkcs10V2.InitializeFromTemplate)
InitializeFromTemplate

Initializes the certificate request by using a template. (IX509CertificateRequestPkcs7V2.InitializeFromTemplate)
InitializeFromTemplate

Initializes the enrollment object by using a template.
InitializeFromTemplateName

. (IX509CertificateRequestPkcs10.InitializeFromTemplateName)
InitializeFromTemplateName

Initializes the certificate request by using a template. (IX509CertificateRequestPkcs7.InitializeFromTemplateName)
InitializeFromTemplateName

Initializes the enrollment object from a template common name (CN).
InitializeFromType

Initializes the object from the default cryptographic provider.
InitializeFromValue

Initializes the object from a string that contains a dotted decimal object identifier (OID).
InitializeFromValues

Initializes a cryptographic attribute by using an IX509Attributes object.
InitializeImport

Initializes the certificate enrollment policy (CEP) server from a collection of templates and object identifiers.
InitializeInstallDefaults

Initializes the ICertificateEnrollmentPolicyServerSetup object with a default configuration.
InitializeInstallDefaults

Initializes the ICertificateEnrollmentServerSetup object with a default configuration.
InitializeSecurityContextA

Initiates the client side, outbound security context from a credential handle. (ANSI)
InitializeSecurityContextW

Initiates the client side, outbound security context from a credential handle. (Unicode)
InitializeSecurityDescriptor

Initializes a new security descriptor.
InitializeSid

Initializes a security identifier (SID).
InitSecurityInterfaceA

The InitSecurityInterface function returns a pointer to an SSPI dispatch table. This function enables clients to use SSPI without binding directly to an implementation of the interface. (ANSI)
InitSecurityInterfaceW

The InitSecurityInterface function returns a pointer to an SSPI dispatch table. This function enables clients to use SSPI without binding directly to an implementation of the interface. (Unicode)
Install

Installs the Certificate Enrollment Policy (CEP) Web Service configured by the ICertificateEnrollmentPolicyServerSetup object.
Install

Installs the Certificate Enrollment Web Service (CES) configured by the ICertificateEnrollmentServerSetup object.
Install

Installs a role as configured in the CCertSrvSetup object.
Install

Installs a Network Device Enrollment Service (NDES) role as configured in a CMSCEPSetup object.
InstallPKCS7

Processes a certificate or chain of certificates, placing them into the appropriate certificate stores. This method differs from the acceptPKCS7 method in that InstallPKCS7 does not receive a request certificate.
InstallPKCS7Blob

Processes a certificate or chain of certificates, placing them into the appropriate certificate stores. This method differs from the acceptPKCS7Blob method in that InstallPKCS7Blob does not receive a request certificate.
InstallPKCS7BlobEx

The same as InstallPKCS7Blob except that it returns the number of certificates actually installed in local stores.
InstallPKCS7Ex

Processes a certificate or chain of certificates, placing them into the appropriate certificate stores.InstallPKCS7 except that it returns the number of certificates actually installed in local stores.
InstallResponse

Installs a certificate chain on the end-entity computer. (IX509Enrollment.InstallResponse)
InstallResponse2

Installs a certificate chain on the end-entity computer. (IX509Enrollment2.InstallResponse2)
IsCatalogFile

Retrieves a Boolean value that indicates whether the specified file is a catalog file.
IsCrossIsolatedEnvironmentClipboardContent

IsCrossIsolatedEnvironmentClipboardContent is called after an app detects a paste failure to determine if the content being pasted came from the other side of a Microsoft Defender Application Guard (MDAG) boundary.
IsDaclCanonical

The IsDaclCanonical method determines whether the ACEs contained in the specified DACL structure are ordered according to the definition of DACL ordering implemented by the client.
IsDirty

The IsDirty method returns a value indicating whether data in the attachment snap-in has been modified since it was last saved.
IsFunctionalLevelUpgradeSupported

Gets a Boolean value that indicates whether the version of this authorization store can be upgraded.
IsIndexed

Reports whether the data in the column is indexed.
IsInRoleAssignment

Checks whether the principal represented by the current client context is a member of the specified role in the specified scope.
IsMSCEPStoreEmpty

Always returns VARIANT_TRUE. It should not be used.
IsProcessInIsolatedWindowsEnvironment

Determines in which execution environment the application is running.
IsPropertyEditable

Indicates to the caller whether a specified property can be edited.
IsSmartCard

Retrieves a Boolean value that indicates whether any of the cryptographic providers associated with the request object is a smart card provider.
IsTokenRestricted

Indicates whether a token contains a list of restricted security identifiers (SIDs).
IsUpdateNeeded

Checks whether the persisted version of this authorization store is newer than the cached version.
IsValidAcl

Validates an access control list (ACL).
IsValidCertificate

Verifies the certificate against the certification authority (CA) key and checks that the certificate has not been revoked. This method was first defined in the ICertAdmin interface.
IsValidSecurityDescriptor

Determines whether the components of a security descriptor are valid.
IsValidSid

Validates a security identifier (SID) by verifying that the revision number is within a known range, and that the number of subauthorities is less than the maximum.
IsWellKnownSid

Compares a SID to a well-known SID and returns TRUE if they match.
KeyCredentialManagerFreeInformation

API to free the KeyCredentialManagerInfo pointer variable from the KeyCredentialManagerGetInformation call.
KeyCredentialManagerGetInformation

API to get a unique identifier of the users enrollment.
KeyCredentialManagerGetOperationErrorStates

Prerequisite API to call to determine if the operation will be successful prior.
KeyCredentialManagerShowUIOperation

API to perform the requested WHFB operation.
KspDeleteContextFn

Deletes a security context.
KspMakeSignatureFn

Generates a signature based on the specified message and security context.
KspVerifySignatureFn

Verifies that the message received is correct according to the signature.
LoadPolicy

Retrieves policy information from the certificate enrollment policy (CEP) server.
LockServiceDatabase

Requests ownership of the service control manager (SCM) database lock. Only one process can own the lock at any specified time.
LogonUserA

The Win32 LogonUser function attempts to log a user on to the local computer. LogonUser returns a handle to a user token that you can use to impersonate user. (ANSI)
LogonUserExA

The LogonUserEx function attempts to log a user on to the local computer. (ANSI)
LogonUserExW

The LogonUserEx function attempts to log a user on to the local computer. (Unicode)
LogonUserW

The Win32 LogonUser function attempts to log a user on to the local computer. LogonUser returns a handle to a user token that you can use to impersonate user. (Unicode)
LookupAccountNameA

Accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found. (ANSI)
LookupAccountNameW

Accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found. (Unicode)
LookupAccountSidA

Accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found. (ANSI)
LookupAccountSidLocalA

Retrieves the name of the account for the specified SID on the local machine. (ANSI)
LookupAccountSidLocalW

Retrieves the name of the account for the specified SID on the local machine. (Unicode)
LookupAccountSidW

Accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found. (Unicode)
LookupPrivilegeDisplayNameA

Retrieves the display name that represents a specified privilege. (ANSI)
LookupPrivilegeDisplayNameW

Retrieves the display name that represents a specified privilege. (Unicode)
LookupPrivilegeNameA

Retrieves the name that corresponds to the privilege represented on a specific system by a specified locally unique identifier (LUID). (ANSI)
LookupPrivilegeNameW

Retrieves the name that corresponds to the privilege represented on a specific system by a specified locally unique identifier (LUID). (Unicode)
LookupPrivilegeValueA

Retrieves the locally unique identifier (LUID) used on a specified system to locally represent the specified privilege name. (ANSI)
LookupPrivilegeValueW

Retrieves the locally unique identifier (LUID) used on a specified system to locally represent the specified privilege name. (Unicode)
LookupSecurityDescriptorPartsA

Retrieves security information from a self-relative security descriptor. (ANSI)
LookupSecurityDescriptorPartsW

Retrieves security information from a self-relative security descriptor. (Unicode)
LookupSids

The LookupSids method returns the common names corresponding to each of the elements in the specified list of SIDs.
LPHANDLER_FUNCTION

An application-defined callback function used with the RegisterServiceCtrlHandler function. A service program can use it as the control handler function of a particular service.
LPHANDLER_FUNCTION_EX

An application-defined callback function used with the RegisterServiceCtrlHandlerEx function. A service program can use it as the control handler function of a particular service.
LPSERVICE_MAIN_FUNCTIONA

The entry point for a service. (ANSI)
LPSERVICE_MAIN_FUNCTIONW

The entry point for a service. (Unicode)
LSA_ADD_CREDENTIAL

Adds credentials to a logon session.
LSA_ALLOCATE_CLIENT_BUFFER

Allocates a buffer in the client's address space.
LSA_ALLOCATE_LSA_HEAP

Allocates memory on the heap. Some information passed back to the LSA is expected to be allocated using this function.
LSA_ALLOCATE_PRIVATE_HEAP

Allocates memory on the private heap.
LSA_ALLOCATE_SHARED_MEMORY

The AllocateSharedMemory function allocates a block of shared memory from a section of memory previously reserved by a call to the CreateSharedMemory function.
LSA_AP_CALL_PACKAGE

Called by the Local Security Authority (LSA) when a logon application with a trusted connection to the LSA calls the LsaCallAuthenticationPackage function and specifies the authentication package's identifier.
LSA_AP_CALL_PACKAGE_PASSTHROUGH

The dispatch function for pass-through logon requests sent to the LsaCallAuthenticationPackage function.
LSA_AP_INITIALIZE_PACKAGE

Called once by the Local Security Authority (LSA) during system initialization to provide the authentication package a chance to initialize itself.
LSA_AP_LOGON_TERMINATED

Used to notify an authentication package when a logon session terminates. A logon session terminates when the last token referencing the logon session is deleted.
LSA_AP_LOGON_USER

The LSA_AP_LOGON_USER (ntsecpkg.h) callback function authenticates a user's logon credentials.
LSA_AP_LOGON_USER_EX

The LSA_AP_LOGON_USER_EX (ntsecpkg.h) callback function authenticates a user's logon credentials.
LSA_AP_LOGON_USER_EX2

Used to authenticate a user logon attempt on the user's initial logon. A new logon session is established for the user, and validation information for the user is returned.
LSA_AUDIT_ACCOUNT_LOGON

The AuditAccountLogon function produces an audit record that represents the mapping of a foreign principal name onto a Windows account.
LSA_AUDIT_LOGON

The AuditLogon function is used to audit a logon attempt.
LSA_CALL_PACKAGE

The CallPackage function is used to call another security package to access its services.
LSA_CALL_PACKAGE_PASSTHROUGH

The CallPackagePassthrough function is used to call another security package to access its services.
LSA_CALL_PACKAGEEX

The CallPackageEx function is used to call another security package to access its services.
LSA_CANCEL_NOTIFICATION

The CancelNotification function cancels a previously registered notification.
LSA_CLIENT_CALLBACK

Allows a Local Security Authority (LSA)-mode security package to call back to its user-mode package and invoke a function in its DLL there.
LSA_CLOSE_SAM_USER

Closes a handle to a Security Accounts Manager (SAM) user account.
LSA_CONVERT_AUTH_DATA_TO_TOKEN

The ConvertAuthDataToToken function creates an access token from the authorization data returned from the GetAuthDataForUser or GetUserAuthData functions.
LSA_COPY_FROM_CLIENT_BUFFER

Copies information from the address space of a client process into a buffer in the current process.
LSA_COPY_TO_CLIENT_BUFFER

Copies information from a buffer in the current process into a client process's address space.
LSA_CRACK_SINGLE_NAME

The CrackSingleName function converts a name from one format to another.
LSA_CREATE_LOGON_SESSION

Creates logon sessions.
LSA_CREATE_SHARED_MEMORY

The CreateSharedMemory function creates a section of memory that is shared by client processes and the security package.
LSA_CREATE_THREAD

A wrapper for the Windows CreateThread function that should be used by the Local Security Authority (LSA).
LSA_CREATE_TOKEN

The CreateToken function is used by SSP/APs to create tokens while processing calls to SpAcceptLsaModeContext.
LSA_CREATE_TOKEN_EX

Creates tokens while processing calls to SpAcceptLsaModeContext.
LSA_DELETE_CREDENTIAL

Deletes an existing credential.
LSA_DELETE_LOGON_SESSION

Cleans up any logon sessions created while determining whether a user's authentication information is legitimate.
LSA_DELETE_SHARED_MEMORY

The DeleteSharedMemory function releases a section of memory that is shared by clients and a security package.
LSA_DUPLICATE_HANDLE

The DuplicateHandle function creates a duplicate handle. The returned duplicate is in the caller's process space.
LSA_EXPAND_AUTH_DATA_FOR_DOMAIN

Expands the domain groups in the specified user authentication data.
LSA_FREE_CLIENT_BUFFER

Frees a client buffer previously allocated with the AllocateClientBuffer function.
LSA_FREE_LSA_HEAP

The FreeReturnBuffer function is used to free buffers allocated by the Local Security Authority (LSA) and returned to the security package. The package calls this function when the information in the returned buffer is no longer needed.
LSA_FREE_LSA_HEAP

Deallocates heap memory previously allocated by AllocateLsaHeap.
LSA_FREE_PRIVATE_HEAP

Frees memory that was allocated by using the AllocatePrivateHeap function.
LSA_FREE_SHARED_MEMORY

The FreeSharedMemory function frees a block of shared memory previously allocated by the AllocateSharedMemory function.
LSA_GET_AUTH_DATA_FOR_USER

The GetAuthDataForUser function retrieves authentication information for a user from the Security Accounts Manager (SAM) database and puts it into a format suitable for the ConvertAuthDataToToken function.
LSA_GET_CALL_INFO

The GetCallInfo function retrieves information about the most recent function call.
LSA_GET_CLIENT_INFO

The GetClientInfo function gets information about the client process, such as thread and process ID, and flags indicating the client's state and privileges.
LSA_GET_CREDENTIALS

Retrieves credentials associated with a logon session.
LSA_GET_USER_AUTH_DATA

The GetUserAuthData function returns the authorization data for the user in a single buffer.
LSA_MAP_BUFFER

Maps a SecBuffer structure into the address space of the security support provider/authentication package (SSP/AP).
LSA_OPEN_SAM_USER

Retrieves a handle to a user account in the Security Accounts Manager (SAM) database.
LSA_OPEN_TOKEN_BY_LOGON_ID

Opens the user access token associated with the specified user logon.
LSA_PROTECT_MEMORY

Encrypts the specified memory buffer.
LSA_REGISTER_NOTIFICATION

Provides a mechanism whereby the security package is notified. Notification can occur at fixed intervals, when an event object is signaled, or during certain system events.
LSA_UPDATE_PRIMARY_CREDENTIALS

Provides a mechanism for one security package to notify other packages that the credentials for a logon session have changed.
LsaAddAccountRights

Assigns one or more privileges to an account.
LsaCallAuthenticationPackage

Used by a logon application to communicate with an authentication package.
LsaClose

The LsaClose function closes a handle to a Policy or TrustedDomain object.
LsaConnectUntrusted

Establishes an untrusted connection to the LSA server.
LsaCreateTrustedDomainEx

The LsaCreateTrustedDomainEx function establishes a new trusted domain by creating a new TrustedDomain object.
LsaDeleteTrustedDomain

The LsaDeleteTrustedDomain function removes a trusted domain from the list of trusted domains for a system and deletes the associated TrustedDomain object.
LsaDeregisterLogonProcess

Deletes the caller's logon application context and closes the connection to the LSA server.
LsaEnumerateAccountRights

The LsaEnumerateAccountRights function enumerates the privileges assigned to an account.
LsaEnumerateAccountsWithUserRight

Returns the accounts in the database of a Local Security Authority (LSA) Policy object that hold a specified privilege.
LsaEnumerateLogonSessions

Retrieves the set of existing logon session identifiers (LUIDs) and the number of sessions.
LsaEnumerateTrustedDomains

The LsaEnumerateTrustedDomains function retrieves the names and SIDs of domains trusted to authenticate logon credentials.
LsaEnumerateTrustedDomainsEx

Returns information about the domains trusted by the local system.
LsaFreeMemory

The LsaFreeMemory function frees memory allocated for an output buffer by an LSA function call.
LsaFreeReturnBuffer

Frees the memory used by a buffer previously allocated by the LSA.
LsaGetAppliedCAPIDs

Returns an array of central access policies (CAPs) identifiers (CAPIDs) of all the CAPs applied on a specific computer.
LsaGetLogonSessionData

Retrieves information about a specified logon session.
LsaLogonUser

Authenticates a security principal's logon data by using stored credentials information.
LsaLookupAuthenticationPackage

Obtains the unique identifier of an authentication package.
LsaLookupNames

Retrieves the security identifiers (SIDs) that correspond to an array of user, group, or local group names.
LsaLookupPrivilegeValue

Retrieves the locally unique identifier (LUID) used by the Local Security Authority (LSA) to represent the specified privilege name.
LsaLookupSids

Looks up the names that correspond to an array of security identifiers (SIDs). If LsaLookupSids cannot find a name that corresponds to a SID, the function returns the SID in character form.
LsaLookupSids2

Looks up the names that correspond to an array of security identifiers (SIDs) and supports Internet provider identities. If LsaLookupSids2 cannot find a name that corresponds to a SID, the function returns the SID in character form.
LsaNtStatusToWinError

The LsaNtStatusToWinError function converts an NTSTATUS code returned by an LSA function to a Windows error code.
LsaOpenPolicy

Opens a handle to the Policy object on a local or remote system.
LsaOpenTrustedDomainByName

The LsaOpenTrustedDomainByName function opens the LSA policy handle of a remote trusted domain. You can pass this handle into LSA function calls in order to set or query the LSA policy of the remote machine.
LsaQueryCAPs

Returns the Central Access Policies (CAPs) for the specified IDs.
LsaQueryDomainInformationPolicy

Retrieves domain information from the Policyobject.
LsaQueryForestTrustInformation

Retrieves forest trust information for the specified Local Security Authority�TrustedDomain object.
LsaQueryInformationPolicy

Retrieves information about a Policy object.
LsaQueryTrustedDomainInfo

The LsaQueryTrustedDomainInfo function retrieves information about a trusted domain.
LsaQueryTrustedDomainInfoByName

The LsaQueryTrustedDomainInfoByName function returns information about a trusted domain.
LsaRegisterLogonProcess

Establishes a connection to the LSA server and verifies that the caller is a logon application.
LsaRegisterPolicyChangeNotification

The LsaRegisterPolicyChangeNotification function registers an event handle with the local security authority (LSA). This event handle is signaled whenever the indicated LSA policy is modified.
LsaRemoveAccountRights

Removes one or more privileges from an account.
LsaRetrievePrivateData

Do not use the LSA private data functions for generic data encryption and decryption. Instead, use the CryptProtectData and CryptUnprotectData functions. (LsaRetrievePrivateData)
LsaSetDomainInformationPolicy

Sets domain information to the Policyobject.
LsaSetForestTrustInformation

Sets the forest trust information for a specified Local Security Authority�TrustedDomain object.
LsaSetInformationPolicy

Modifies information in a Policy object.
LsaSetTrustedDomainInfoByName

The LsaSetTrustedDomainInfoByName function sets values for a TrustedDomain object.
LsaSetTrustedDomainInformation

The LsaSetTrustedDomainInformation function modifies a Policy object's information about a trusted domain.
LsaStorePrivateData

Do not use the LSA private data functions for generic data encryption and decryption. Instead, use the CryptProtectData and CryptUnprotectData functions. Only use the LSA private data functions when it is necessary to manipulate LSA secrets (LsaStorePrivateData)
LsaUnregisterPolicyChangeNotification

The LsaUnregisterPolicyChangeNotification function disables a previously registered notification event.
MakeAbsoluteSD

Creates a security descriptor in absolute format by using a security descriptor in self-relative format as a template.
MakeSelfRelativeSD

Creates a security descriptor in self-relative format by using a security descriptor in absolute format as a template.
MakeSignature

Generates a cryptographic checksum of the message, and also includes sequencing information to prevent message loss or insertion.
MapGeneric

The MapGeneric method requests that the generic access rights in an access mask be mapped to their corresponding standard and specific access rights.
MapGenericMask

Maps the generic access rights in an access mask to specific and standard access rights. The function applies a mapping supplied in a GENERIC_MAPPING structure.
Msv1_0SubAuthenticationFilter

Performs user logon authentication that is specific to domain controllers.
Msv1_0SubAuthenticationRoutine

Performs client/server-specific authentication.
Msv1_0SubAuthenticationRoutineEx

Performs Remote Access Service authentication when subauthentication is requested by calling the LogonUser function.
Msv1_0SubAuthenticationRoutineGeneric

Performs Remote Access Service authentication when subauthentication is requested by calling the LsaCallAuthenticationPackage function.
NameFromSid

Gets the display name that corresponds to the specified security identifier (SID).
NamesFromSids

Gets the display names that correspond to the specified security identifiers (SIDs).
NCryptCloseProtectionDescriptor

Zeros and frees a protection descriptor object and releases its handle.
NCryptCreateClaim

Creates a key attestation claim.
NCryptCreatePersistedKey

Creates a new key and stores it in the specified key storage provider.
NCryptCreateProtectionDescriptor

Retrieves a handle to a protection descriptor object.
NCryptDecrypt

Decrypts a block of encrypted data.
NCryptDeleteKey

Deletes a CNG key from storage.
NCryptDeriveKey

Derives a key from a secret agreement value. (NCryptDeriveKey)
NCryptEncrypt

Encrypts a block of data. (NCryptEncrypt)
NCryptEnumAlgorithms

Obtains the names of the algorithms that are supported by the specified key storage provider.
NCryptEnumKeys

Obtains the names of the keys that are stored by the provider.
NCryptEnumStorageProviders

Obtains the names of the registered key storage providers.
NCryptExportKey

Exports a CNG key to a memory BLOB.
NCryptFinalizeKey

Completes a CNG key storage key.
NCryptFreeBuffer

Releases a block of memory allocated by a CNG key storage provider.
NCryptFreeObject

Frees a CNG key storage object.
NCryptGetProperty

Retrieves the value of a named property for a key storage object.
NCryptGetProtectionDescriptorInfo

Retrieves a protection descriptor rule string.
NCryptImportKey

Imports a Cryptography API:_Next Generation (CNG) key from a memory BLOB.
NCryptIsAlgSupported

Determines if a CNG key storage provider supports a specific cryptographic algorithm.
NCryptIsKeyHandle

Determines if the specified handle is a CNG key handle.
NCryptKeyDerivation

Creates a key from another key by using the specified key derivation function.
NCryptNotifyChangeKey

Creates or removes a key change notification.
NCryptOpenKey

Opens a key that exists in the specified CNG key storage provider.
NCryptOpenStorageProvider

Loads and initializes a CNG key storage provider.
NCryptProtectSecret

Encrypts data to a specified protection descriptor.
NCryptQueryProtectionDescriptorName

Retrieves the protection descriptor rule string associated with a registered descriptor display name.
NCryptRegisterProtectionDescriptorName

Registers the display name and the associated rule string for a protection descriptor.
NCryptSecretAgreement

Creates a secret agreement value from a private and a public key. (NCryptSecretAgreement)
NCryptSetProperty

Sets the value for a named property for a CNG key storage object.
NCryptSignHash

Creates a signature of a hash value. (NCryptSignHash)
NCryptStreamClose

Closes a data protection stream object opened by using the NCryptStreamOpenToProtect or NCryptStreamOpenToUnprotect functions.
NCryptStreamOpenToProtect

Opens a stream object that can be used to encrypt large amounts of data to a given protection descriptor.
NCryptStreamOpenToUnprotect

Opens a stream object that can be used to decrypt large amounts of data to the same protection descriptor used for encryption. (NCryptStreamOpenToUnprotect)
NCryptStreamOpenToUnprotectEx

Opens a stream object that can be used to decrypt large amounts of data to the same protection descriptor used for encryption. (NCryptStreamOpenToUnprotectEx)
NCryptStreamUpdate

Encrypts and decrypts blocks of data.
NCryptTranslateHandle

Translates a CryptoAPI handle into a CNG key handle.
NCryptUnprotectSecret

Decrypts data to a specified protection descriptor.
NCryptVerifyClaim

Verifies a key attestation claim.
NCryptVerifySignature

Verifies that the specified signature matches the specified hash. (NCryptVerifySignature)
NetAddServiceAccount

Creates a standalone managed service account (sMSA) or retrieves the credentials for a group managed service account (gMSA) and stores the account information on the local computer.
NetEnumerateServiceAccounts

Enumerates the standalone managed service accounts (sMSA) on the specified server.
NetIsServiceAccount

Tests whether the specified standalone managed service account (sMSA) or group managed service account (gMSA) exists in the Netlogon store on the specified server.
NetQueryServiceAccount

Gets information about the specified managed service account.
NetRemoveServiceAccount

Deletes the specified service account from the Active Directory database if the account is a standalone managed service account (sMSA).
Next

Retrieves the index of the next available Certificate Services server configuration in the configuration point. This method was first defined in the ICertConfig interface.
Next

Moves to the next attribute in the attribute-enumeration sequence.
Next

Moves to the next column in the column-enumeration sequence.
Next

Moves to the next extension in the extension-enumeration sequence.
Next

Moves to the next row in the row-enumeration sequence.
Notify

Notifies the plug-in of the transaction status of the SCEP certificate request.
Notify

Called by the server engine to notify an exit module that an event has occurred.
NotifyBootConfigStatus

Reports the boot status to the service control manager. It is used by boot verification programs.
NotifyServiceStatusChangeA

Enables an application to receive notification when the specified service is created or deleted or when its status changes. (ANSI)
NotifyServiceStatusChangeW

Enables an application to receive notification when the specified service is created or deleted or when its status changes. (Unicode)
NPAddConnection

Connects a local device to a network resource. (NPAddConnection)
NPAddConnection3

Connects a local device to a network resource. (NPAddConnection3)
NPCancelConnection

Disconnects a network connection.
NPCloseEnum

Closes an enumeration.
NPDeviceMode

Specifies the parent window of a device. This window owns any dialog boxes that originate from the device.
NPDirectoryNotify

Notifies the network provider of certain directory operations.
NPEnumResource

Performs an enumeration based on a handle returned by NPOpenEnum.
NPFMXEditPerm

Enables network vendors to supply their own permission editor dialog boxes.
NPFMXGetPermCaps

Retrieves the capabilities of the permission editor. The return value is a bitmask that indicates which of the Security menu items in File Manager are to be enabled.
NPFMXGetPermHelp

Retrieves the help file and help context of the permission editor dialog boxes when a menu item in the Security menu of File Manager is selected and F1 is pressed.
NPFormatNetworkName

Formats a network name in a provider-specific format for display in a control.
NPGetCaps

Returns information about which services are supported on the network.
NPGetConnection

Retrieves information about a connection.
NPGetConnection3

Retrieves information about a network connection, even if it is currently disconnected.
NPGetConnectionPerformance

Returns information about the expected performance of a connection used to access a network resource. The request can only be for a network resource that is currently connected.
NPGetDirectoryType

Determines the type of a network directory.
NPGetPropertyText

Retrieves the names of buttons to add to a property dialog box for a network resource.
NPGetResourceInformation

Separates the part of a network resource accessed through the WNet API from the part accessed through APIs specific to the resource type.
NPGetResourceParent

Retrieves the parent of a specified network resource in the browse hierarchy.
NPGetUniversalName

Retrieves the universal name of a network resource. The NPGetUniversalName function can retrieve this universal name in UNC format or in the older, remote-name format.
NPGetUser

Retrieves the value of the current default user name or the user name used to establish a network connection.
NPLogonNotify

MPR calls this function to notify the credential manager that a logon event has occurred, allowing the credential manager to return a logon script.
NPOpenEnum

Opens an enumeration of network resources or existing connections. The NPOpenEnum function must be called to obtain a valid handle for an enumeration.
NPPasswordChangeNotify

MPR calls this function to notify the credential manager of a password change event.
NPPropertyDialog

Called when the user clicks a button added by using the NPPropertyDialog function. The NPPropertyDialog function is called only for file and directory network properties.
NPSearchDialog

Enables network vendors to supply their own form of browsing and search, beyond the hierarchical view presented in the Connection dialog box.
ObjectCloseAuditAlarmA

Generates an audit message in the security event log when a handle to a private object is deleted. (ObjectCloseAuditAlarmA)
ObjectCloseAuditAlarmW

Generates an audit message in the security event log when a handle to a private object is deleted. (ObjectCloseAuditAlarmW)
ObjectDeleteAuditAlarmA

The ObjectDeleteAuditAlarmA (ANSI) function (winbase.h) generates audit messages when an object is deleted.
ObjectDeleteAuditAlarmW

The ObjectDeleteAuditAlarmW (Unicode) function (securitybaseapi.h) generates audit messages when an object is deleted.
ObjectOpenAuditAlarmA

Generates audit messages when a client application attempts to gain access to an object or to create a new one. (ObjectOpenAuditAlarmA)
ObjectOpenAuditAlarmW

Generates audit messages when a client application attempts to gain access to an object or to create a new one. (ObjectOpenAuditAlarmW)
ObjectPrivilegeAuditAlarmA

Generates an audit message in the security event log. (ObjectPrivilegeAuditAlarmA)
ObjectPrivilegeAuditAlarmW

Generates an audit message in the security event log. (ObjectPrivilegeAuditAlarmW)
Open

Opens the endorsement key. The endorsement key must be open before you can retrieve an information from the endorsement key, add or remove certificates, or export the endorsement key.
Open

Opens an existing private key.
OpenApplication

Opens the IAzApplication object with the specified name.
OpenApplication2

Opens the IAzApplication2 object with the specified name.
OpenApplicationGroup

Opens an IAzApplicationGroup object by specifying its name. (IAzApplication.OpenApplicationGroup)
OpenApplicationGroup

Opens an IAzApplicationGroup object by specifying its name. (IAzAuthorizationStore.OpenApplicationGroup)
OpenApplicationGroup

Opens an IAzApplicationGroup object by specifying its name. (IAzScope.OpenApplicationGroup)
OpenConnection

Establishes a connection with a Certificate Services server.
OpenElevatedEditor

Opens an access control editor when a user clicks the Edit button on an access control editor page that displays an image of a shield on that Edit button.
OpenOperation

Opens an IAzOperation object with the specified name.
OpenPersonalTrustDBDialog

Displays the Certificates dialog box. (OpenPersonalTrustDBDialog)
OpenPersonalTrustDBDialogEx

Displays the Certificates dialog box. (OpenPersonalTrustDBDialogEx)
OpenRole

Opens an IAzRole object with the specified name. (IAzApplication.OpenRole)
OpenRole

Opens an IAzRole object with the specified name. (IAzScope.OpenRole)
OpenRoleAssignment

Opens an IAzRoleAssignment object with the specified name.
OpenRoleAssignment

Opens an IAzRoleAssignment object with the specified name in this scope.
OpenRoleDefinition

Opens an IAzRoleDefinition object with the specified name.
OpenRoleDefinition

Opens an IAzRoleDefinition object with the specified name in this scope.
OpenSCManagerA

Establishes a connection to the service control manager on the specified computer and opens the specified service control manager database. (ANSI)
OpenSCManagerW

Establishes a connection to the service control manager on the specified computer and opens the specified service control manager database. (Unicode)
OpenScope

Opens an IAzScope object with the specified name.
OpenScope2

Opens an IAzScope2 object with the specified name.
OpenServiceA

Opens an existing service. (ANSI)
OpenServiceW

Opens an existing service. (Unicode)
OpenTask

Opens an IAzTask object with the specified name. (IAzApplication.OpenTask)
OpenTask

Opens an IAzTask object with the specified name. (IAzScope.OpenTask)
OpenView

Opens a view to a Certificate Services database and instantiates an instance of an IEnumCERTVIEWROW object.
PCRYPT_DECRYPT_PRIVATE_KEY_FUNC

Decrypts the private key and returns the decrypted key in the pbClearTextKey parameter.
PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC

Encrypts the private key and returns the encrypted contents in the pbEncryptedKey parameter.
PCRYPT_RESOLVE_HCRYPTPROV_FUNC

Returns a handle to a cryptographic service provider (CSP) by using the phCryptProv parameter to receive the key being imported.
pCryptSIPGetCaps

Is implemented by a subject interface package (SIP) to report capabilities.
PFN_CDF_PARSE_ERROR_CALLBACK

Called for Catalog Definition Function errors while parsing a catalog definition file (CDF).
PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK

An application-defined callback function that allows the application to filter certificates that might be added to the certificate chain.
PFN_CERT_CREATE_CONTEXT_SORT_FUNC

Called for each sorted context entry when a context is created.
PFN_CERT_DLL_OPEN_STORE_PROV_FUNC

Implemented by a store-provider and is used to open a store.
PFN_CERT_ENUM_PHYSICAL_STORE

The CertEnumPhysicalStoreCallback callback function formats and presents information on each physical store found by a call to CertEnumPhysicalStore.
PFN_CERT_ENUM_SYSTEM_STORE

The CertEnumSystemStoreCallback callback function formats and presents information on each system store found by a call to CertEnumSystemStore.
PFN_CERT_ENUM_SYSTEM_STORE_LOCATION

The CertEnumSystemStoreLocationCallback callback function formats and presents information on each system store location found by a call to CertEnumSystemStoreLocation.
PFN_CERT_STORE_PROV_CLOSE

An application-defined callback function that is called by CertCloseStore when the store's reference count is decremented to zero.
PFN_CERT_STORE_PROV_CONTROL

The CertStoreProvControl callback function supports the CertControlStore API. All of the API's parameters are passed straight through to the callback. For details, see CertControlStore.
PFN_CERT_STORE_PROV_DELETE_CERT

An application-defined callback function that is called by CertDeleteCertificateFromStore before deleting a certificate from the store.
PFN_CERT_STORE_PROV_DELETE_CRL

An application-defined callback function that is called by CertDeleteCRLFromStore before deleting the CRL from the store.
PFN_CERT_STORE_PROV_READ_CERT

An application-defined callback function that reads the provider's copy of the certificate context.
PFN_CERT_STORE_PROV_READ_CRL

An application-defined callback function that reads the provider's copy of the CRL context.
PFN_CERT_STORE_PROV_READ_CTL

The CertStoreProvReadCTL callback function is called to read the provider's copy of the CTL context and, if it exists, to create a new CTL context.
PFN_CERT_STORE_PROV_SET_CERT_PROPERTY

An application-defined callback function that is called by CertSetCertificateContextProperty before setting the certificate's property.
PFN_CERT_STORE_PROV_SET_CRL_PROPERTY

An application-defined callback function that is called by CertSetCRLContextProperty before setting the CRL's property.
PFN_CERT_STORE_PROV_SET_CTL_PROPERTY

The CertStoreProvSetCTLProperty callback function determines whether a property can be set on a CTL.
PFN_CERT_STORE_PROV_WRITE_CERT

An application-defined callback function that is called by CertAddEncodedCertificateToStore, CertAddCertificateContextToStore and CertAddSerializedElementToStore before adding to the store.
PFN_CERT_STORE_PROV_WRITE_CRL

An application-defined callback function that is called by CertAddEncodedCRLToStore, CertAddCRLContextToStore and CertAddSerializedElementToStore before adding to the store.
PFN_CERT_STORE_PROV_WRITE_CTL

The CertStoreProvWriteCTL callback function can be called by CertAddEncodedCTLToStore, CertAddCTLContextToStore or CertAddSerializedElementToStore before a CTL is added to the store.
PFN_CMSG_CNG_IMPORT_CONTENT_ENCRYPT_KEY

Imports an already decrypted content encryption key (CEK).
PFN_CMSG_CNG_IMPORT_KEY_AGREE

Decrypts a content encryption key (CEK) that is intended for a key agreement recipient.
PFN_CMSG_CNG_IMPORT_KEY_TRANS

Imports and decrypts a content encryption key (CEK) that is intended for a key transport recipient.
PFN_CMSG_EXPORT_KEY_AGREE

Encrypts and exports the content encryption key for a key agreement recipient of an enveloped message.
PFN_CMSG_EXPORT_KEY_TRANS

Encrypts and exports the content encryption key for a key transport recipient of an enveloped message.
PFN_CMSG_EXPORT_MAIL_LIST

Encrypts and exports the content encryption key for a mailing list recipient of an enveloped message.
PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY

Generates the symmetric key used to encrypt content for an enveloped message.
PFN_CMSG_IMPORT_KEY_AGREE

Imports a content encryption key for a key transport recipient of an enveloped message. (PFN_CMSG_IMPORT_KEY_AGREE)
PFN_CMSG_IMPORT_KEY_TRANS

Imports a content encryption key for a key transport recipient of an enveloped message. (PFN_CMSG_IMPORT_KEY_TRANS)
PFN_CMSG_IMPORT_MAIL_LIST

Imports a content encryption key for a key transport recipient of an enveloped message. (PFN_CMSG_IMPORT_MAIL_LIST)
PFN_CRYPT_ENUM_KEYID_PROP

The CRYPT_ENUM_KEYID_PROP callback function is used with the CryptEnumKeyIdentifierProperties function.
PFN_CRYPT_ENUM_OID_FUNC

The CRYPT_ENUM_OID_FUNCTION callback function is used with the CryptEnumOIDFunction function.
PFN_CRYPT_ENUM_OID_INFO

The CRYPT_ENUM_OID_INFO callback function is used with the CryptEnumOIDInfo function.
PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC

Called by CryptExportPublicKeyInfoEx to export a public key BLOB and encode it.
PFN_CRYPT_EXTRACT_ENCODED_SIGNATURE_PARAMETERS_FUNC

Called to decode and return the hash algorithm identifier and optionally the signature parameters.
PFN_CRYPT_GET_SIGNER_CERTIFICATE

The CryptGetSignerCertificateCallback user supplied callback function is used with the CRYPT_VERIFY_MESSAGE_PARA structure to get and verify a message signer's certificate.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FLUSH

Specifies that an object has changed.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE

Releases the object returned by the provider.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE_IDENTIFIER

Releases memory for an object identifier.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE_PASSWORD

Releases the password used to encrypt a personal information exchange (PFX) byte array.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_GET

Retrieves an object.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_INITIALIZE

Initializes the provider.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_RELEASE

Releases the provider.
PFN_CRYPT_SIGN_AND_ENCODE_HASH_FUNC

Called to sign and encode a computed hash.
PFN_CRYPT_VERIFY_ENCODED_SIGNATURE_FUNC

Called to decrypt an encoded signature and compare it to a computed hash.
PFN_CRYPT_XML_CREATE_TRANSFORM

Creates a transform for a specified data provider.
PFN_CRYPT_XML_DATA_PROVIDER_CLOSE

Releases the data provider.
PFN_CRYPT_XML_DATA_PROVIDER_READ

Reads XML data.
PFN_CRYPT_XML_ENUM_ALG_INFO

Enumerates predefined and registered CRYPT_XML_ALGORITHM_INFO entries.
PFN_CRYPT_XML_WRITE_CALLBACK

Writes XML data.
PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC

Called by CryptImportPublicKeyInfoEx2 to decode the public key algorithm identifier, load the algorithm provider, and import the key pair.
PFNCFILTERPROC

An application-defined callback function that filters the certificates that appear in the digital signature wizard that are displayed by the CryptUIWizDigitalSign function.
PFNCMFILTERPROC

Filters each certificate to determine whether it will appear in the certificate selection dialog box that is displayed by the CertSelectCertificate function.
PFNCMHOOKPROC

Called before messages are processed by the certificate selection dialog box produced by the CertSelectCertificate function.
PFNCryptStreamOutputCallback

Receives encrypted or decrypted data from tasks started by using the NCryptStreamOpenToProtect or NCryptStreamOpenToUnprotect functions.
pfnIsFileSupported

Queries the subject interface packages (SIPs) listed in the registry to determine which SIP handles the file type. (pfnIsFileSupported)
pfnIsFileSupportedName

Queries the subject interface packages (SIPs) listed in the registry to determine which SIP handles the file type. (pfnIsFileSupportedName)
PFSCE_FREE_INFO

Frees the memory for buffers allocated by the Security Configuration tool set when it calls PFSCE_QUERY_INFO.
PFSCE_LOG_INFO

Logs messages to the configuration log file or analysis log file.
PFSCE_QUERY_INFO

Queries service-specific information from the Security Configuration file or analysis database.
PFSCE_SET_INFO

Sets or overwrites service-specific configuration and analysis information.
PFXExportCertStore

Exports the certificates and, if available, the associated private keys from the referenced certificate store.
PFXExportCertStoreEx

Exports the certificates and, if available, their associated private keys from the referenced certificate store.
PFXImportCertStore

Imports a PFX BLOB and returns the handle of a store that contains certificates and any associated private keys.
PFXIsPFXBlob

The PFXIsPFXBlob function attempts to decode the outer layer of a BLOB as a PFX packet.
PFXVerifyPassword

The PFXVerifyPassword function attempts to decode the outer layer of a BLOB as a Personal Information Exchange (PFX) packet and to decrypt it with the given password. No data from the BLOB is imported.
Ping

Tests a DCOM connection with an Online Certificate Status Protocol (OCSP) responder service.
PostUnInstall

Is not implemented and is reserved for future use.
PostUnInstall

Is not implemented. It is reserved for future use.
PreUnInstall

Temporarily saves role-specific state information and then it uninstalls the role.
PreUnInstall

Removes registry and IIS settings for the Network Device Enrollment Service (NDES) role.
PrivilegeCheck

Determines whether a specified set of privileges are enabled in an access token.
PrivilegedServiceAuditAlarmA

Generates an audit message in the security event log. (PrivilegedServiceAuditAlarmA)
PrivilegedServiceAuditAlarmW

Generates an audit message in the security event log. (PrivilegedServiceAuditAlarmW)
ProcessResponseMessage

Process a response message and return the disposition of the message.
PropertySheetPageCallback

The PropertySheetPageCallback method notifies an EditSecurity or CreateSecurityPage caller that an access control editor property page is being created or destroyed.
PSAM_INIT_NOTIFICATION_ROUTINE

The InitializeChangeNotify function is implemented by a password filter DLL. This function initializes the DLL.
PSAM_PASSWORD_FILTER_ROUTINE

Implemented by a password filter DLL. The value returned by this function determines whether the new password is accepted by the system.
PSAM_PASSWORD_NOTIFICATION_ROUTINE

Is implemented by a password filter DLL. It notifies the DLL that a password was changed.
PstAcquirePrivateKey

Associates the caller's private key with the specified certificate.
PstGetCertificates

Retrieves certificate chains that specify certificates that can be used to authenticate a user on the specified server.
PstGetTrustAnchors

Retrieves a list of certification authorities (CAs) trusted by the specified server.
PstGetUserNameForCertificate

Retrieves the user name associated with the specified certificate.
PstMapCertificate

Retrieves a structure that specifies information that can be used to create a user token associated with the specified certificate.
PstValidate

Validates the specified certificate.
PublishCRL

Sends a request to the Certificate Services certification authority (CA) to publish a new certificate revocation list (CRL). This method was first introduced in the ICertAdmin interface.
PublishCRLs

Publishes certificate revocation lists (CRLs) for a certification authority (CA).
put_Algorithm

Specifies or retrieves an object identifier (OID) for the public key algorithm. (Put)
put_AlternateSignatureAlgorithm

Specifies and retrieves a Boolean value that indicates whether the signature algorithm object identifier (OID) for a PKCS (Put)
put_AlternateSignatureAlgorithm

Specifies and retrieves a Boolean value that specifies whether the GetSignatureAlgorithm method should retrieve a discrete or combined algorithm object identifier (OID) for a PKCS (Put)
put_ApplicationData

Sets or retrieves an opaque field that can be used by the application to store information. (IAzApplication.put_ApplicationData)
put_ApplicationData

Sets or retrieves an opaque field that can be used by the application to store information. (IAzAuthorizationStore.put_ApplicationData)
put_ApplicationData

The ApplicationData property of IAzOperation sets or retrieves an opaque field that can be used by the application to store information. (Put)
put_ApplicationData

The ApplicationData property of IAzRole sets or retrieves an opaque field that can be used by the application to store information. (Put)
put_ApplicationData

The ApplicationData property of IAzScope sets or retrieves an opaque field that can be used by the application to store information. (Put)
put_ApplicationData

The ApplicationData property of IAzTask sets or retrieves an opaque field that can be used by the application to store information. (Put)
put_ApplyStoreSacl

Sets or retrieves a value that indicates whether policy audits should be generated when the authorization store is modified. (IAzApplication.put_ApplyStoreSacl)
put_ApplyStoreSacl

Sets or retrieves a value that indicates whether policy audits should be generated when the authorization store is modified. (IAzAuthorizationStore.put_ApplyStoreSacl)
put_ArchivePrivateKey

Specifies or retrieves a Boolean value that indicates whether to archive a private key on the certification authority (CA). (Put)
put_AttestationEncryptionCertificate

The certificate used to encrypt the EKPUB and EKCERT values from the client. This property must be set to a valid certificate that chains to a trusted machine root. (Put)
put_AttestPrivateKey

True if the created private key needs to be attested; otherwise false. If true, it is expected that the AttestationEncryptionCertificate property has been set. (Put)
put_AuthFlags

Specifies and retrieves a value that indicates the authentication type used by the client to authenticate itself to the certificate enrollment policy (CEP) server. (Put)
put_AuthzInterfaceClsid

Sets or retrieves the class identifier (CLSID) of the interface that the user interface (UI) uses to perform application-specific operations. (Put)
put_BizRule

Gets or sets the script that determines membership for this application group. (Put)
put_BizRule

Sets or retrieves the text of the script that implements the business rule (BizRule). (Put)
put_BizRuleImportedPath

Gets or sets the path of the file that contains the business rule script associated with this application group. (Put)
put_BizRuleImportedPath

Sets or retrieves the path to the file from which the business rule (BizRule) is imported. (Put)
put_BizRuleLanguage

Gets or sets the programming language of the business rule script associated with this application group. (Put)
put_BizRuleLanguage

Sets or retrieves the scripting language in which the business rule (BizRule) is implemented. (Put)
put_BizRulesEnabled

Gets or sets a value that indicates whether business rules are enabled for this application. (Put)
put_BusinessRuleResult

Sets a value that indicates whether the Business Rule (BizRule) allows the user to perform the requested task.
put_BusinessRuleString

Sets or retrieves an application-specific string for the Business Rule (BizRule). (Put)
put_CAConfig

Gets or sets a certification authority (CA) name with which a signing certificate must be signed. (Put)
put_CAStoreFlags

Sets or retrieves a flag that controls the certification authority (CA) store when the store is opened. (Put)
put_CAStoreFlags

The CAStoreFlags property of IEnroll4 sets or retrieves a flag that controls the certification authority (CA) store when the store is opened. (Put)
put_CAStoreName

Sets or retrieves the name of the store where all non-"ROOT" and non-"MY" certificates are kept. (Put)
put_CAStoreNameWStr

The CAStoreNameWStr property of IEnroll4 sets or retrieves the name of the store where all non-"ROOT" and non-"MY" certificates are kept. (Put)
put_CAStoreType

Sets or retrieves the type of store to use for the store specified by the CAStoreName property. (Put)
put_CAStoreTypeWStr

Sets or retrieves the type of store to use for the store specified by the CAStoreNameWStr property. (Put)
put_Certificate

Specifies or retrieves a byte array that contains the certificate associated with the private key. (Put)
put_CertificateDescription

Specifies or retrieves a string that contains a description of the certificate. (Put)
put_CertificateFriendlyName

Specifies or retrieves the display name of a certificate. (Put)
put_CertificateFriendlyName

Gets or sets the friendly name for the certificate. (Put)
put_ChallengePassword

The password to use when creating a request with a challenge. To create a request without a challenge, do not set the ChallengePassword property. (Put)
put_ClientId

Specifies and retrieves a value that identifies the executable that created the request. (Put)
put_ClientId

Sets or retrieves a client ID request attribute. The client ID request attribute indicates the source of the certificate request. This property was first defined in the ICEnroll4 interface. (Put)
put_ClientId

The ClientId property sets or retrieves a client ID request attribute. The client ID request attribute indicates the source of the certificate request. This property was first defined in the IEnroll4 interface. (Put)
put_ContainerName

Specifies or retrieves the name of the key container. (Put)
put_ContainerName

Gets or sets the name used by the cryptographic service provider (CSP) to generate, store, or access the key. (Put)
put_ContainerName

The ContainerName property of ICEnroll4 sets or retrieves the name of the key container to use. (Put)
put_ContainerNamePrefix

Specifies or retrieves a prefix added to the name of the key container. (Put)
put_ContainerNameWStr

Sets or retrieves the name of the key container to use. (Put)
put_Cost

Specifies and retrieves an arbitrary cost for contacting the certificate enrollment policy server. (IX509EnrollmentPolicyServer.put_Cost)
put_Cost

Specifies and retrieves an arbitrary cost for contacting the certificate enrollment policy server. (IX509PolicyServerUrl.put_Cost)
put_Critical

Specifies and retrieves a Boolean value that identifies whether the certificate extension is critical. (Put)
put_CspInformations

Specifies and retrieves a collection of cryptographic providers available for use by the request object. (Put)
put_CspInformations

Specifies or retrieves a collection of ICspInformation objects that contain information about the available cryptographic providers that support the public key algorithm associated with the private key. (Put)
put_CspStatus

Specifies or retrieves an ICspStatus object that contains information about the cryptographic provider and algorithm pair associated with the private key. (Put)
put_Default

Specifies and retrieves a Boolean value that indicates whether this is the default certificate enrollment policy (CEP) server. (Put)
put_DeleteRequestCert

Sets or retrieves a Boolean value that determines whether dummy certificates in the request store are deleted. (Put)
put_DeleteRequestCert

The DeleteRequestCert property of IEnroll4 sets or retrieves a Boolean value that determines whether dummy certificates in the request store are deleted. (Put)
put_Description

Sets or retrieves a comment that describes the application. (Put)
put_Description

Sets or retrieves a comment that describes the application group. (Put)
put_Description

Sets or retrieves a comment that describes the operation. (Put)
put_Description

The Description property of IAzOperation sets or retrieves a comment that describes the operation. (Put)
put_Description

Sets or retrieves a comment that describes the role. (Put)
put_Description

Sets or retrieves a comment that describes the scope. (Put)
put_Description

Sets or retrieves a comment that describes the task. (Put)
put_Description

Specifies or retrieves a string that contains a description of the private key. (Put)
put_Display

Specifies or retrieves a value that indicates whether to display the status information in a user interface. (Put)
put_DomainTimeout

Sets or retrieves the time in milliseconds after which a domain is determined to be unreachable. (Put)
put_EnableSMIMECapabilities

The ICEnroll4::EnableSMIMECapabilities property controls whether the PKCS (Put)
put_EnableSMIMECapabilities

Controls whether the PKCS (Put)
put_EnableT61DNEncoding

The EnableT61DNEncoding property of ICEnroll4 sets or retrieves a Boolean value that determines whether the distinguished name in the request is encoded as a T61 string instead of as a Unicode string. (Put)
put_EnableT61DNEncoding

Sets or retrieves a Boolean value that determines whether the distinguished name in the request is encoded as a T61 string instead of as a Unicode string. (Put)
put_EncryptionAlgorithm

Specifies or retrieves an object identifier (OID) of the algorithm used to encrypt the private key to be archived. (Put)
put_EncryptionAlgorithm

The encryption algorithm used to encrypt the EKPUB and EKCERT values from the client. (Put)
put_EncryptionStrength

Specifies or retrieves the relative encryption level applied to the private key to be archived. (Put)
put_EncryptionStrength

Identifies the bit length for the EncryptionAlgorithm to use for encryption. If the EncryptionAlgorithm only supports one bit length, then you do not need to specify a value for the EncryptionStrength property. (Put)
put_Error

Specifies and retrieves a value that identifies the error status of the certificate enrollment process. (Put)
put_Existing

Specifies or retrieves a Boolean value that indicates whether the private key has been created or imported. (Put)
put_Existing

Gets or sets a value that indicates whether the private key already exists. (Put)
put_ExistingCACertificate

Gets or sets the binary value that has been encoded by using Distinguished Encoding Rules (DER) and that is the binary value of the certification authority (CA) certificate that corresponds to an existing key. (Put)
put_ExportPolicy

Specifies or retrieves export constraints for a private key. (Put)
put_Flags

Specifies or retrieves a value that indicates whether the certificate enrollment policy (CEP) server policy information can be loaded from group policy, from the registry, or both. (Put)
put_FriendlyName

Specifies and retrieves a display name for the object identifier. (Put)
put_FriendlyName

Specifies or retrieves a display name for the private key. (Put)
put_GenerateAudits

The GenerateAudits property of IAzApplication sets or retrieves a value that indicates whether run-time audits should be generated. (Put)
put_GenerateAudits

Sets or retrieves a value that indicates whether run-time audits should be generated. (Put)
put_GenKeyFlags

Sets or retrieves the values passed to the CryptGenKey function when the certificate request is generated. (Put)
put_GenKeyFlags

Sets or retrieves the values passed to CryptGenKey when the certificate request is generated. (Put)
put_HashAlgID

Sets or retrieves the hash algorithm used when signing a PKCS (Put)
put_HashAlgID

The HashAlgID property of IEnroll4 sets or retrieves the hash algorithm used when signing a PKCS (Put)
put_HashAlgorithm

Specifies and retrieves the object identifier (OID) of the hash algorithm used to sign the certificate request. (Put)
put_HashAlgorithm

Specifies and retrieves an object identifier (OID) for the hashing algorithm used in the GetSignatureAlgorithm method. (Put)
put_HashAlgorithm

Gets or sets the name of the hashing algorithm used to sign or verify the certification authority (CA) certificate for the key. (Put)
put_HashAlgorithm

Sets or retrieves only the signature hashing algorithm used to sign the PKCS (ICEnroll.put_HashAlgorithm)
put_HashAlgorithm

Gets or sets an identifier for the hash algorithm used to sign a certificate. (Put)
put_HashAlgorithmWStr

Sets or retrieves only the signature hashing algorithm used to sign the PKCS (IEnroll.put_HashAlgorithmWStr)
put_IncludeSubjectKeyID

Determines whether the subject key ID extension is added to the certificate request that is generated. (Put)
put_IncludeSubjectKeyID

The IncludeSubjectKeyID property of IEnroll4 determines whether the subject key ID extension is added to the certificate request that is generated. (Put)
put_IsRoleDefinition

Sets or retrieves a value that indicates whether the task is a role definition. (Put)
put_Issuer

Specifies or retrieves the name of the certificate issuer. (Put)
put_KeyArchivalCertificate

Specifies or retrieves a certification authority (CA) encryption certificate. (Put)
put_KeyContainerNamePrefix

Specifies or retrieves a prefix used to create the container name for a new private key. (Put)
put_KeyProtection

Specifies or retrieves a value that indicates how a private key is protected before use. (Put)
put_KeySpec

Specifies or retrieves a value that identifies whether a private key can be used for signing, or encryption, or both. (Put)
put_KeySpec

The KeySpec property of ICEnroll4 sets or retrieves the type of key generated. (Put)
put_KeySpec

Sets or retrieves the type of key generated. (Put)
put_KeyUsage

Specifies or retrieves a value that identifies the specific purpose for which a private key can be used. (Put)
put_LdapQuery

Sets or retrieves the Lightweight Directory Access Protocol (LDAP) query used to define membership for an LDAP query application group. (Put)
put_LDAPQueryDN

Retrieves or sets the domain name of the directory object to be used during evaluation of LDAP query groups. (Put)
put_LegacyCsp

Specifies or retrieves a Boolean value that indicates whether the provider is a CryptoAPI (legacy) cryptographic service provider (CSP). (Put)
put_Length

Specifies or retrieves the length, in bits, of the private key. (Put)
put_Length

Gets or sets the strength of the key to one of the values supported by the cryptographic service provider (CSP). (Put)
put_LimitExchangeKeyToEncipherment

Sets or retrieves a Boolean value that determines whether an AT_KEYEXCHANGE request contains digital signature and nonrepudiation key usages. (Put)
put_LimitExchangeKeyToEncipherment

The LimitExchangeKeyToEncipherment property of IEnroll4 sets or retrieves a Boolean value that determines whether an AT_KEYEXCHANGE request contains digital signature and nonrepudiation key usages. (Put)
put_LocalRevocationInformation

Gets or sets the certificate revocation list (CRL) of the local machine. (Put)
put_MachineContext

Specifies or retrieves a Boolean value that identifies the local certificate store context. (Put)
put_MaxScriptEngines

Sets or retrieves the maximum number of Business Rule (BizRule) script engines that will be cached. (Put)
put_MyStoreFlags

Sets or retrieves the registry location used for MY store. (Put)
put_MyStoreFlags

Sets or retrieves the registry location used for the MY store. (Put)
put_MyStoreName

Sets or retrieves the name of the store where certificates with linked private keys are kept. (Put)
put_MyStoreNameWStr

The MyStoreNameWStr property of IEnroll4 sets or retrieves the name of the store where certificates with linked private keys are kept. (Put)
put_MyStoreType

Sets or retrieves the type of store specified by the MyStoreName property. (Put)
put_MyStoreTypeWStr

Sets or retrieves the type of store specified by the MyStoreTypeWStr property. (Put)
put_Name

Sets or retrieves the name of the application. (Put)
put_Name

Sets or retrieves the name of the application group. (Put)
put_Name

Sets or retrieves the name of the operation. (Put)
put_Name

Sets or retrieves the name of the role. (Put)
put_Name

Sets or retrieves the name of the scope. (Put)
put_Name

Sets or retrieves the name of the task. (Put)
put_NotAfter

Specifies or retrieves the date and time after which the certificate is no longer valid. (Put)
put_NotBefore

Specifies or retrieves the date and time before which the certificate is not valid. (Put)
put_NullSigned

Specifies and retrieves a Boolean value that indicates whether the certificate request is null-signed. (Put)
put_OldCertificate

Gets or sets an old certificate that a request is intended to replace. (Put)
put_OperationID

Sets or retrieves an application-specific value that uniquely identifies the operation within the application. (Put)
put_Ordinal

Specifies or retrieves the position of the ICspStatus object in the ICspStatuses collection. (Put)
put_Parameters

Retrieves a byte array that contains the parameters associated with the signature algorithm. (Put)
put_ParentWindow

Specifies or retrieves the ID of the window used to display signing certificate information. (Put)
put_ParentWindow

Specifies and retrieves the ID of the window used by key-related user interface dialogs. (Put)
put_ParentWindow

Specifies or retrieves the ID of the window used to display the enrollment information. (Put)
put_ParentWindow

Specifies or retrieves the ID of the window used to display key information. (Put)
put_Pin

Specifies a personal identification number (PIN) used to authenticate a smart card user.
put_Pin

Specifies a personal identification number (PIN) that is used to authenticate users prior to accessing a private key container on a smart card.
put_PrivateKeyArchiveCertificate

Sets or retrieves the certificate that is used to archive a private key with a PKCS (Put)
put_Property

Specifies or retrieves a property value for the IX509CertificateTemplateWritable object. (Put)
put_PropertyId

Specifies or retrieves a value of the CERTENROLL_PROPERTYID enumeration that identifies an external certificate property. (Put)
put_ProviderCLSID

Gets or sets the CLSID of the revocation information provider used by the CA configuration. (Put)
put_ProviderFlags

Sets or retrieves the provider type. (Put)
put_ProviderFlags

The ProviderFlags property of IEnroll4 sets or retrieves the provider type. (Put)
put_ProviderName

The name of the encryption provider. The default is the Microsoft Platform Crypto Provider. You must set the ProviderName property before you call the Open method. You cannot change the ProviderName property after you have called the Open method. (Put)
put_ProviderName

Specifies or retrieves the name of the cryptographic provider. (Put)
put_ProviderName

Gets or sets the name of the cryptographic service provider (CSP) or key storage provider (KSP) that is used to generate or store the private key. (Put)
put_ProviderName

The ProviderName property of ICEnroll4 sets or retrieves the name of the cryptographic service provider (CSP) to use. (Put)
put_ProviderNameWStr

Sets or retrieves the name of the cryptographic service provider (CSP) to use. (Put)
put_ProviderProperties

Gets or sets information that provides certificate status responses. (Put)
put_ProviderType

Specifies or retrieves the type of cryptographic provider associated with the private key. (Put)
put_ProviderType

The ProviderType property of ICEnroll4 sets or retrieves the type of provider. (Put)
put_ProviderType

Sets or retrieves the type of provider. (Put)
put_PublicKeyAlgorithm

Specifies and retrieves an object identifier (OID) for the public key algorithm used in the GetSignatureAlgorithm method. (Put)
put_PVKFileName

The PVKFileName property of ICEnroll4 sets or retrieves the name of the file that will contain exported keys. (Put)
put_PVKFileNameWStr

Sets or retrieves the name of the file that will contain exported keys. (Put)
put_ReaderName

Specifies or retrieves the name of a smart card reader. (Put)
put_ReminderDuration

Gets or sets the percentage of a signing certificate lifetime after which a warning event is logged. (Put)
put_RenewalCertificate

Specifies or retrieves a byte array that contains the Distinguished Encoding Rules (DER) encoded certificate that is being renewed. (Put)
put_RenewalCertificate

Specifies the certificate context for the renewal certificate. (Put)
put_RequesterName

Specifies or retrieves a string that contains the Security Account Manager (SAM) name of the end-entity requesting the certificate. (Put)
put_RequestStoreFlags

Sets or retrieves the registry location used for the request store. (Put)
put_RequestStoreFlags

The RequestStoreFlags property of IEnroll4 sets or retrieves the registry location used for the request store. (Put)
put_RequestStoreName

Sets or retrievesICEnroll the name of the store that contains the dummy certificate. (Put)
put_RequestStoreNameWStr

The RequestStoreNameWStr property of IEnroll4 sets or retrieves the name of the store that contains the dummy certificate. (Put)
put_RequestStoreType

Sets or retrieves the type of store to use for the store specified by the RequestStoreName property. This store type is passed directly to the CertOpenStore function. (Put)
put_RequestStoreTypeWStr

Sets or retrieves the type of store to use for the store specified by the RequestStoreNameWStr property. This store type is passed directly to the CertOpenStore function. (Put)
put_ReuseHardwareKeyIfUnableToGenNew

Sets or retrieves a Boolean value that determines the action taken by the certificate enrollment control object if an error is encountered when generating a new key. (Put)
put_ReuseHardwareKeyIfUnableToGenNew

The ReuseHardwareKeyIfUnableToGenNew property of IEnroll4 sets or retrieves a Boolean value that determines the action taken by the certificate enrollment control object if an error is encountered when generating a new key. (Put)
put_RoleForAccessCheck

Sets or retrieves the role that is used to perform the access check. (Put)
put_RootStoreFlags

The RootStoreFlags property of ICEnroll4 sets or retrieves the registry location used for the root store. (Put)
put_RootStoreFlags

Sets or retrieves the registry location used for the root store. (Put)
put_RootStoreName

Sets or retrieves the name of the root store where all intrinsically trusted, self-signed root certificates are kept. (Put)
put_RootStoreNameWStr

The RootStoreNameWStr property of IEnroll4 sets or retrieves the name of the root store where all intrinsically trusted, self-signed root certificates are kept. (Put)
put_RootStoreType

Sets or retrieves the type of store to use for the store specified by the RootStoreName property. (Put)
put_RootStoreTypeWStr

Sets or retrieves the type of store to use for the store specified by the RootStoreNameWStr property. (Put)
put_ScriptEngineTimeout

Sets or retrieves the time in milliseconds that the IAzClientContext::AccessCheck method will wait for a Business Rule (BizRule) to complete execution before canceling it. (Put)
put_SecurityDescriptor

Specifies or retrieves the security descriptor for the private key. (Put)
put_Selected

Specifies or retrieves a value that indicates whether an item can be used during the enrollment process. (Put)
put_SenderNonce

Specifies or retrieves a byte array that contains a nonce. (Put)
put_SerialNumber

Specifies and retrieves the certificate serial number. (Put)
put_ServerCapabilities

Sets the preferred hash and encryption algorithms for the request.
put_SignerCertificate

Specifies or retrieves the ISignerCertificate object used to sign the certificate. (Put)
put_SignerCertificate

Specifies or retrieves a certificate used to sign the certificate request. (Put)
put_SignerCertificate

Gets or sets the signer certificate for the request. (Put)
put_SignerCertificate

Sets the signer's certificate.
put_SigningCertificate

Gets or sets a signing certificate that has been encoded by using Distinguished Encoding Rules (DER). An Online Certificate Status Protocol (OCSP) responder service uses this certificate to sign its responses to certificate status requests. (Put)
put_SigningCertificateTemplate

Gets or sets the template name for a signing certificate. (Put)
put_SigningFlags

Gets or sets a combination of flag values. These values specify the management of signing certificates that belong to a certification authority (CA) configuration. (Put)
put_Silent

Specifies or retrieves a Boolean value that indicates whether the user is notified when the private key is used to sign a certificate request. (Put)
put_Silent

Specifies or retrieves a Boolean value that indicates whether any of the key-related modal dialogs are displayed during the certificate enrollment process. (Put)
put_Silent

Specifies or retrieves a Boolean value that indicates whether a user interface is displayed during the certificate enrollment process. (Put)
put_Silent

Specifies or retrieves a Boolean value that indicates whether the Certificate Enrollment Control is allowed to display a dialog box when the private key is accessed. (Put)
put_Silent

Gets or sets whether to allow UI during the request.
put_SmimeCapabilities

Specifies or retrieves a Boolean value that tells the Encode method whether to create an IX509ExtensionSmimeCapabilities collection that identifies the encryption capabilities supported by the computer. (Put)
put_SPCFileName

Sets or retrieves the name of the file to which to write the base64-encoded PKCS (Put)
put_SPCFileNameWStr

The SPCFileNameWStr property of IEnroll4 sets or retrieves the name of the file to which to write the base64-encoded PKCS (Put)
put_Status

Specifies or retrieves a value that indicates the status of the enrollment process. (Put)
put_Subject

Specifies or retrieves the X.500 distinguished name of the entity requesting the certificate. (Put)
put_SuppressDefaults

Specifies or retrieves a Boolean value that indicates whether the default extensions and attributes are included in the request. (Put)
put_Text

Specifies or retrieves a string that contains a message associated with the status of the enrollment process. (Put)
put_ThumbPrint

Sets or retrieves a hash of the certificate data. (Put)
put_ThumbPrintWStr

Sets or retrieves a hash of the certificate data. The thumbprint is used to point to the pending certificate. (Put)
put_TransactionId

Specifies or retrieves a transaction identifier that can be used to track a certificate request or response. (Put)
put_TransactionId

Gets or sets the transaction id for the request. (Put)
put_Type

Sets or retrieves the group type of the application group. (Put)
put_UIContextMessage

Specifies or retrieves a string that contains user interface text associated with the signing certificate. (Put)
put_UIContextMessage

Specifies or retrieves a context string to display in the user interface. (Put)
put_UIContextMessage

Specifies or retrieves a string that contains user interface text associated with the private key. (Put)
put_Url

Specifies or retrieves the URL for the certificate enrollment policy (CEP) server. (Put)
put_UseExistingKeySet

Sets or retrieves a Boolean value that determines whether the existing keys should be used. (Put)
put_UseExistingKeySet

The UseExistingKeySet property of IEnroll4 sets or retrieves a Boolean value that determines whether the existing keys should be used. (Put)
put_Value

Gets or sets the data part of the name-value pair represented by an OCSPProperty object. (Put)
put_Version

Sets or retrieves the version of the application. (Put)
put_WriteCertToCSP

The WriteCertToCSP property of ICEnroll4 sets or retrieves a Boolean value that determines whether a certificate should be written to the cryptographic service provider (CSP). (Put)
put_WriteCertToCSP

Sets or retrieves a Boolean value that determines whether a certificate should be written to the cryptographic service provider (CSP). (Put)
put_WriteCertToUserDS

Sets or retrieves a Boolean value that determines whether the certificate is written to the user's Active Directory store. (Put)
put_WriteCertToUserDS

The WriteCertToUserDS property of IEnroll4 sets or retrieves a Boolean value that determines whether the certificate is written to the user's Active Directory store. (Put)
PWLX_ASSIGN_SHELL_PROTECTION

Called by GINA to assign protection to the shell program of a newly logged-on user.
PWLX_CHANGE_PASSWORD_NOTIFY

Called by GINA to indicate it has changed a password.
PWLX_CHANGE_PASSWORD_NOTIFY_EX

Called by GINA to tell a specific network provider (or all network providers) that a password has changed.
PWLX_CLOSE_USER_DESKTOP

Called by GINA to close an alternate user desktop and clean up after the desktop is closed.
PWLX_CREATE_USER_DESKTOP

Called by GINA to create alternate application desktops for the user.
PWLX_DIALOG_BOX

Called by the GINA to create a modal dialog box from a dialog box template.
PWLX_DIALOG_BOX_INDIRECT

Called by GINA to create a modal dialog box from a dialog box template in memory.
PWLX_DIALOG_BOX_INDIRECT_PARAM

Called by GINA to initialize dialog box controls and then create a modal dialog box from a dialog box template in memory.
PWLX_DIALOG_BOX_PARAM

Called by GINA to initialize dialog box controls and then create a modal dialog box from a dialog box template resource.
PWLX_DISCONNECT

Called by a replacement GINA DLL if Terminal Services is enabled. GINA calls this function to disconnect from a Terminal Services network session.
PWLX_GET_OPTION

Called by GINA to retrieve the current value of an option.
PWLX_GET_SOURCE_DESKTOP

Called by GINA to determine the name and handle of the desktop that was current before Winlogon switched to the Winlogon desktop.
PWLX_MESSAGE_BOX

Called by GINA to create, display, and operate a message box.
PWLX_QUERY_CLIENT_CREDENTIALS

Called by a replacement GINA DLL if Terminal Services is enabled. GINA calls this function to retrieve the credentials of remote Terminal Services clients that are not using an Internet connector license.
PWLX_QUERY_CONSOLESWITCH_CREDENTIALS

Called by GINA to read the credentials transferred from the Winlogon of the temporary session to the Winlogon of the destination session.
PWLX_QUERY_IC_CREDENTIALS

Called by a replacement GINA DLL if Terminal Services is enabled. GINA calls this function to determine whether the terminal server is using Internet connector licensing and to retrieve credentials information.
PWLX_QUERY_TERMINAL_SERVICES_DATA

Called by GINA to retrieve Terminal Services user configuration information after a user has logged on.
PWLX_QUERY_TS_LOGON_CREDENTIALS

Called by a replacement GINA DLL to retrieve credentials information if Terminal Services is enabled. The GINA DLL can then use this information to fill in a logon box automatically and attempt to log the user in.
PWLX_SAS_NOTIFY

Called by GINA to notify Winlogon of a secure attention sequence (SAS) event.
PWLX_SET_CONTEXT_POINTER

Called by GINA to specify the context pointer passed by Winlogon as the first parameter to all future calls to GINA functions.
PWLX_SET_OPTION

Called by GINA to set the value of an option.
PWLX_SET_RETURN_DESKTOP

Called by GINA to specify the alternate application desktop that Winlogon will switch to when the current secure attention sequence (SAS) event processing function is complete.
PWLX_SET_TIMEOUT

Called by GINA to change the time-out associated with a dialog box. The default time-out is two minutes.
PWLX_SWITCH_DESKTOP_TO_USER

Called by GINA to switch to the application desktop.
PWLX_SWITCH_DESKTOP_TO_WINLOGON

Allows the GINA DLL switch to the Winlogon desktop.
PWLX_USE_CTRL_ALT_DEL

Called by GINA to tell Winlogon to use the standard CTRL+ALT+DEL key combination as a secure attention sequence (SAS).
PWLX_WIN31_MIGRATE

Called by a replacement GINA DLL if Terminal Services is enabled. GINA calls this function to complete the setup of the Terminal Services client.
QueryChanges

Retrieves a value that specifies whether the template or certification authority collections have changed in Active Directory.
QueryContextAttributesA

Lets a transport application query the Credential Security Support Provider (CredSSP) security package for certain attributes of a security context. (ANSI)
QueryContextAttributesExA

The QueryContextAttributesExA (ANSI) function (sspi.h) enables a transport application to query a security package for certain attributes of a security context.
QueryContextAttributesExW

The QueryContextAttributesExW (Unicode) function (sspi.h) enables a transport application to query a security package for certain attributes of a security context.
QueryContextAttributesW

Lets a transport application query the Credential Security Support Provider (CredSSP) security package for certain attributes of a security context. (Unicode)
QueryCredentialsAttributesA

Retrieves the attributes of a credential, such as the name associated with the credential. (ANSI)
QueryCredentialsAttributesExA

Query the attributes of a security context.
QueryCredentialsAttributesExW

Query the attributes of a security context.
QueryCredentialsAttributesW

Retrieves the attributes of a credential, such as the name associated with the credential. (Unicode)
QuerySecurityAccessMask

Creates an access mask that represents the access permissions necessary to query the specified object security information.
QuerySecurityContextToken

Obtains the access token for a client security context and uses it directly.
QuerySecurityPackageInfoA

Retrieves information about a specified security package. This information includes the bounds on sizes of authentication information, credentials, and contexts. (ANSI)
QuerySecurityPackageInfoW

Retrieves information about a specified security package. This information includes the bounds on sizes of authentication information, credentials, and contexts. (Unicode)
QueryServiceConfig2A

Retrieves the optional configuration parameters of the specified service. (ANSI)
QueryServiceConfig2W

Retrieves the optional configuration parameters of the specified service. (Unicode)
QueryServiceConfigA

Retrieves the configuration parameters of the specified service. (ANSI)
QueryServiceConfigW

Retrieves the configuration parameters of the specified service. (Unicode)
QueryServiceDynamicInformation

Retrieves dynamic information related to the current service start.
QueryServiceLockStatusA

Retrieves the lock status of the specified service control manager database. (ANSI)
QueryServiceLockStatusW

Retrieves the lock status of the specified service control manager database. (Unicode)
QueryServiceObjectSecurity

Retrieves a copy of the security descriptor associated with a service object.
QueryServiceStatus

Retrieves the current status of the specified service.
QueryServiceStatusEx

Retrieves the current status of the specified service based on the specified information level.
RegGetKeySecurity

Retrieves a copy of the security descriptor protecting the specified open registry key.
RegisterServiceCtrlHandlerA

Registers a function to handle service control requests. (ANSI)
RegisterServiceCtrlHandlerExA

Registers a function to handle extended service control requests. (ANSI)
RegisterServiceCtrlHandlerExW

Registers a function to handle extended service control requests. (Unicode)
RegisterServiceCtrlHandlerW

Registers a function to handle service control requests. (Unicode)
RegSetKeySecurity

Sets the security of an open registry key.
Remove

Removes the specified interface from the list of interfaces The number of interfaces in the list of interfaces that can be called by BizRule scripts.
Remove

Removes the specified parameter from the list of parameters available to business rule (BizRule) scripts.
Remove

Removes an object from the collection by index number. (IAlternativeNames.Remove)
Remove

Removes an object from the collection by index number. (ICertificatePolicies.Remove)
Remove

Removes an ICertificationAuthority object from the collection by index number.
Remove

Removes a property from the collection by index value.
Remove

Removes an ICryptAttribute object from the collection by index number.
Remove

Removes an ICspAlgorithm object from the collection by index number.
Remove

Removes an ICspInformation object from the collection by index number.
Remove

Removes an ICspStatus object from the collection by index number.
Remove

Removes an IObjectId object from the collection by index value.
Remove

Removes an object from the collection by index value. (IPolicyQualifiers.Remove)
Remove

Removes an ISignerCertificate object from the collection by index number.
Remove

Removes an object from the collection by index value. (ISmimeCapabilities.Remove)
Remove

Removes an IX509Attribute object from the collection by index number.
Remove

Removes an IX509CertificateTemplate object from the collection by index number.
Remove

Removes an IX509Extension object from the collection by index number.
Remove

Removes an IX509NameValuePair object from the collection by index number.
Remove

Removes an IX509PolicyServerUrl object from the collection by index number.
RemoveAll

Removes all interfaces from the list of interfaces that can be called by business rule (BizRule) scripts.
RemoveAll

Removes all parameters from the list of parameters available to business rule (BizRule) scripts.
RemoveCertificate

Removes an endorsement certificate related to the endorsement key from the key storage provider. You can only call the RemoveCertificate method after the Open method has been successfully called.
RemoveFromCertificate

Disassociates a property from a certificate.
RemoveFromRegistry

Unregisters a certificate enrollment policy (CEP) server.
removePendingRequest

Removes a pending request from the client's request store. This method was first defined in the ICEnroll4 interface.
removePendingRequestWStr

Removes a pending request from the client's request store.
ReportError

Reports any errors from the requested operation.
ReportProgress

Reports the progress of the current operation.
Reset

Sets the current index of the identity enumeration to zero.
Reset

Resets the configuration query state to point at the Certificate Services server configuration indexed on the specified configuration point. This method was first defined in the ICertConfig interface.
Reset

Returns the certificate enrollment control object to its initial state and thereby allow reuse of the control. This method was first defined in the ICEnroll3 interface.
Reset

Returns the certificate enrollment control object to its initial state and thereby allows reuse of the control.
Reset

Specifies the size of the alternate name array in this object. The value of all elements in the array are set to zero.
Reset

Resets a certificate revocation list (CRL) distribution information array to a specified number of distribution point structures.
Reset

Specifies the size of DATE array in this object.
Reset

Specifies the size of the array in this object.
Reset

Specifies the size of the string array and the type of strings the array will contain.
Reset

Moves to the beginning of the attribute-enumeration sequence.
Reset

Moves to the beginning of the column-enumeration sequence.
Reset

Moves to the beginning of the extension-enumeration sequence.
Reset

Moves to the beginning of the row-enumeration sequence.
resetAttributes

Removes all attributes from the request. This method was first defined in the ICEnroll4 interface.
resetAttributes

Removes all attributes from the request.
resetBlobProperties

Resets the properties of a BLOB.
resetExtensions

Removes all extensions from the request. This method was first defined in the ICEnroll4 interface.
resetExtensions

Removes all extensions from the request.
ResetForEncode

Restores the state of the request object to that which existed before the Encode method was called.
ResubmitRequest

Submits the specified certificate request to the policy module for the specified certification authority. This method was first introduced in the ICertAdmin interface.
RetrievePending

Retrieves a certificate's disposition status from an earlier request that may have previously returned CR_DISP_INCOMPLETE or CR_DISP_UNDER_SUBMISSION.
RevertSecurityContext

Allows a security package to discontinue the impersonation of the caller and restore its own security context.
RevertToSelf

Terminates the impersonation of a client application.
RevokeCertificate

Revokes a certificate either on a specified date or immediately. This method was first defined in the ICertAdmin interface.
RoleAssignments

Gets a collection of IAzRoleAssignment objects associated with this application group.
RoleAssignments

Returns a collection of the role assignments associated with this operation.
RoleAssignments

Retrieves a collection of IAzRoleAssignment objects that represent the role assignments associated with this IAzRoleDefinition object.
RoleAssignments

Returns a collection of the role assignments associated with this task.
RtlConvertSidToUnicodeString

Converts a security identifier (SID) to its Unicode character representation.
RtlDecryptMemory

Decrypts memory contents previously encrypted by the RtlEncryptMemory function.
RtlEncryptMemory

Encrypts memory contents.
RtlGenRandom

Generates a pseudo-random number.
SaferCloseLevel

Closes a SAFER_LEVEL_HANDLE that was opened by using the SaferIdentifyLevel function or the SaferCreateLevel function.
SaferComputeTokenFromLevel

Restricts a token using restrictions specified by a SAFER_LEVEL_HANDLE.
SaferCreateLevel

Opens a SAFER_LEVEL_HANDLE.
SaferGetLevelInformation

Retrieves information about a policy level.
SaferGetPolicyInformation

Gets information about a policy.
SaferIdentifyLevel

Retrieves information about a level.
SaferiIsExecutableFileType

Determines whether a specified file is an executable file.
SaferRecordEventLogEntry

Saves messages to an event log.
SaferSetLevelInformation

Sets the information about a policy level.
SaferSetPolicyInformation

Sets the global policy controls.
SaslAcceptSecurityContext

Wraps a standard call to the Security Support Provider Interface AcceptSecurityContext (General) function and includes creation of SASL server cookies.
SaslEnumerateProfilesA

Lists the packages that provide a SASL interface. (ANSI)
SaslEnumerateProfilesW

Lists the packages that provide a SASL interface. (Unicode)
SaslGetContextOption

Retrieves the specified property of the specified SASL context.
SaslGetProfilePackageA

Returns the package information for the specified package. (ANSI)
SaslGetProfilePackageW

Returns the package information for the specified package. (Unicode)
SaslIdentifyPackageA

Returns the negotiate prefix that matches the specified SASL negotiation buffer. (ANSI)
SaslIdentifyPackageW

Returns the negotiate prefix that matches the specified SASL negotiation buffer. (Unicode)
SaslInitializeSecurityContextA

Wraps a standard call to the Security Support Provider Interface InitializeSecurityContext (General) function and processes SASL server cookies from the server. (ANSI)
SaslInitializeSecurityContextW

Wraps a standard call to the Security Support Provider Interface InitializeSecurityContext (General) function and processes SASL server cookies from the server. (Unicode)
SaslSetContextOption

Sets the value of the specified property for the specified SASL context.
Save

The Save method causes the snap-in extension to return information about the data that needs to be saved. The caller is responsible for saving the data.
SCardAccessStartedEvent

Returns an event handle when an event signals that the smart card resource manager is started.
SCardAddReaderToGroupA

Adds a reader to a reader group. (ANSI)
SCardAddReaderToGroupW

Adds a reader to a reader group. (Unicode)
SCardAudit

Writes event messages to the Windows application log Microsoft-Windows-SmartCard-Audit/Authentication.
SCardBeginTransaction

Starts a transaction.
SCardCancel

Terminates all outstanding actions within a specific resource manager context.
SCardConnectA

Establishes a connection (using a specific resource manager context) between the calling application and a smart card contained by a specific reader. If no card exists in the specified reader, an error is returned. (ANSI)
SCardConnectW

Establishes a connection (using a specific resource manager context) between the calling application and a smart card contained by a specific reader. If no card exists in the specified reader, an error is returned. (Unicode)
SCardControl

Gives you direct control of the reader. You can call it any time after a successful call to SCardConnect and before a successful call to SCardDisconnect.
SCardDisconnect

Terminates a connection previously opened between the calling application and a smart card in the target reader.
SCardEndTransaction

Completes a previously declared transaction, allowing other applications to resume interactions with the card.
SCardEstablishContext

Establishes the resource manager context (the scope) within which database operations are performed.
SCardForgetCardTypeA

Removes an introduced smart card from the smart card subsystem. (ANSI)
SCardForgetCardTypeW

Removes an introduced smart card from the smart card subsystem. (Unicode)
SCardForgetReaderA

Removes a previously introduced reader from control by the smart card subsystem. It is removed from the smart card database, including from any reader group that it may have been added to. (ANSI)
SCardForgetReaderGroupA

Removes a previously introduced smart card reader group from the smart card subsystem. Although this function automatically clears all readers from the group, it does not affect the existence of the individual readers in the database. (ANSI)
SCardForgetReaderGroupW

Removes a previously introduced smart card reader group from the smart card subsystem. Although this function automatically clears all readers from the group, it does not affect the existence of the individual readers in the database. (Unicode)
SCardForgetReaderW

Removes a previously introduced reader from control by the smart card subsystem. It is removed from the smart card database, including from any reader group that it may have been added to. (Unicode)
SCardFreeMemory

Releases memory that has been returned from the resource manager using the SCARD_AUTOALLOCATE length designator.
SCardGetAttrib

Retrieves the current reader attributes for the given handle. It does not affect the state of the reader, driver, or card.
SCardGetCardTypeProviderNameA

Returns the name of the module (dynamic link library) that contains the provider for a given card name and provider type. (ANSI)
SCardGetCardTypeProviderNameW

Returns the name of the module (dynamic link library) that contains the provider for a given card name and provider type. (Unicode)
SCardGetDeviceTypeIdA

Gets the device type identifier of the card reader for the given reader name. This function does not affect the state of the reader. (ANSI)
SCardGetDeviceTypeIdW

Gets the device type identifier of the card reader for the given reader name. This function does not affect the state of the reader. (Unicode)
SCardGetProviderIdA

Returns the identifier (GUID) of the primary service provider for a given card. (ANSI)
SCardGetProviderIdW

Returns the identifier (GUID) of the primary service provider for a given card. (Unicode)
SCardGetReaderDeviceInstanceIdA

Gets the device instance identifier of the card reader for the given reader name. This function does not affect the state of the reader. (ANSI)
SCardGetReaderDeviceInstanceIdW

Gets the device instance identifier of the card reader for the given reader name. This function does not affect the state of the reader. (Unicode)
SCardGetReaderIconA

Gets an icon of the smart card reader for a given reader's name. (ANSI)
SCardGetReaderIconW

Gets an icon of the smart card reader for a given reader's name. (Unicode)
SCardGetStatusChangeA

Blocks execution until the current availability of the cards in a specific set of readers changes. (ANSI)
SCardGetStatusChangeW

Blocks execution until the current availability of the cards in a specific set of readers changes. (Unicode)
SCardGetTransmitCount

Retrieves the number of transmit operations that have completed since the specified card reader was inserted.
SCardIntroduceCardTypeA

Introduces a smart card to the smart card subsystem (for the active user) by adding it to the smart card database. (ANSI)
SCardIntroduceCardTypeW

Introduces a smart card to the smart card subsystem (for the active user) by adding it to the smart card database. (Unicode)
SCardIntroduceReaderA

Introduces a new name for an existing smart card reader. (ANSI)
SCardIntroduceReaderGroupA

Introduces a reader group to the smart card subsystem. However, the reader group is not created until the group is specified when adding a reader to the smart card database. (ANSI)
SCardIntroduceReaderGroupW

Introduces a reader group to the smart card subsystem. However, the reader group is not created until the group is specified when adding a reader to the smart card database. (Unicode)
SCardIntroduceReaderW

Introduces a new name for an existing smart card reader. (Unicode)
SCardIsValidContext

Determines whether a smart card context handle is valid.
SCardListCardsA

Searches the smart card database and provides a list of named cards previously introduced to the system by the user. (ANSI)
SCardListCardsW

Searches the smart card database and provides a list of named cards previously introduced to the system by the user. (Unicode)
SCardListInterfacesA

Provides a list of interfaces supplied by a given card. (ANSI)
SCardListInterfacesW

Provides a list of interfaces supplied by a given card. (Unicode)
SCardListReaderGroupsA

Provides the list of reader groups that have previously been introduced to the system. (ANSI)
SCardListReaderGroupsW

Provides the list of reader groups that have previously been introduced to the system. (Unicode)
SCardListReadersA

Provides the list of readers within a set of named reader groups, eliminating duplicates. (ANSI)
SCardListReadersW

Provides the list of readers within a set of named reader groups, eliminating duplicates. (Unicode)
SCardListReadersWithDeviceInstanceIdA

Gets the list of readers that have provided a device instance identifier. This function does not affect the state of the reader. (ANSI)
SCardListReadersWithDeviceInstanceIdW

Gets the list of readers that have provided a device instance identifier. This function does not affect the state of the reader. (Unicode)
SCardLocateCardsA

Searches the readers listed in the rgReaderStates parameter for a card with an ATR string that matches one of the card names specified in mszCards, returning immediately with the result. (ANSI)
SCardLocateCardsByATRA

Searches the readers listed in the rgReaderStates parameter for a card with a name that matches one of the card names contained in one of the SCARD_ATRMASK structures specified by the rgAtrMasks parameter. (ANSI)
SCardLocateCardsByATRW

Searches the readers listed in the rgReaderStates parameter for a card with a name that matches one of the card names contained in one of the SCARD_ATRMASK structures specified by the rgAtrMasks parameter. (Unicode)
SCardLocateCardsW

Searches the readers listed in the rgReaderStates parameter for a card with an ATR string that matches one of the card names specified in mszCards, returning immediately with the result. (Unicode)
SCardReadCacheA

Retrieves the value portion of a name-value pair from the global cache maintained by the Smart Card Resource Manager. (ANSI)
SCardReadCacheW

Retrieves the value portion of a name-value pair from the global cache maintained by the Smart Card Resource Manager. (Unicode)
SCardReconnect

Reestablishes an existing connection between the calling application and a smart card.
SCardReleaseContext

Closes an established resource manager context, freeing any resources allocated under that context, including SCARDHANDLE objects and memory allocated using the SCARD_AUTOALLOCATE length designator.
SCardReleaseStartedEvent

Decrements the reference count for a handle acquired by a previous call to the SCardAccessStartedEvent function.
SCardRemoveReaderFromGroupA

Removes a reader from an existing reader group. This function has no effect on the reader. (ANSI)
SCardRemoveReaderFromGroupW

Removes a reader from an existing reader group. This function has no effect on the reader. (Unicode)
SCardSetAttrib

Sets the given reader attribute for the given handle.
SCardSetCardTypeProviderNameA

Specifies the name of the module (dynamic link library) containing the provider for a given card name and provider type. (ANSI)
SCardSetCardTypeProviderNameW

Specifies the name of the module (dynamic link library) containing the provider for a given card name and provider type. (Unicode)
SCardStatusA

Provides the current status of a smart card in a reader. (ANSI)
SCardStatusW

Provides the current status of a smart card in a reader. (Unicode)
SCardTransmit

Sends a service request to the smart card and expects to receive data back from the card.
SCardUIDlgSelectCardA

Displays the smart card Select Card dialog box. (ANSI)
SCardUIDlgSelectCardW

Displays the smart card Select Card dialog box. (Unicode)
SCardWriteCacheA

Writes a name-value pair from a smart card to the global cache maintained by the Smart Card Resource Manager. (ANSI)
SCardWriteCacheW

Writes a name-value pair from a smart card to the global cache maintained by the Smart Card Resource Manager. (Unicode)
ScopeExists

Indicates whether the specified scope exists in this IAzApplication3 object.
SendSAS

Simulates a secure attention sequence (SAS).
SetAccountInformation

Sets the user account information used by the IIS Network Device Enrollment Service (NDES) extension to perform enrollment on behalf of network devices.
SetAclInformation

Sets information about an access control list (ACL).
SetApplicationPoolCredentials

Specifies user account information for the application pool in which the Certificate Enrollment Web Service (CES) runs.
SetCachedSigningLevel

Sets the cached signing level.
SetCADistinguishedName

Sets a certification authority (CA) common name and an optional distinguished name suffix.
SetCAProperty

Sets a property value for the certification authority (CA).
SetCASetupProperty

Sets a property value for a certification authority (CA) configuration.
SetCertificateExtension

Adds a new extension to the certificate issued in response to a certificate request. This method was first defined by the ICertAdmin interface.
SetCertificateExtension

Adds a new extension to the certificate.
SetCertificateProperty

To set a property associated with a certificate.
SetConfigEntry

Sets configuration information for a certification authority (CA).
SetConfiguration

Updates a responder service with configuration changes.
SetContext

Causes the current instantiation of the interface to operate on the request referenced by Context.
SetContext

Specifies the request to be used as the context for subsequent calls to Certificate Services.
SetContextAttributesA

Enables a transport application to set attributes of a security context for a security package. This function is supported only by the Schannel security package. (ANSI)
SetContextAttributesW

Enables a transport application to set attributes of a security context for a security package. This function is supported only by the Schannel security package. (Unicode)
SetCredential

Sets the credential used to contact the certificate enrollment policy (CEP) server.
SetCredential

Sets the credential used to contact the Certificate Enrollment Web Service.
SetCredentialsAttributesA

Sets the attributes of a credential, such as the name associated with the credential. (ANSI)
SetCredentialsAttributesW

Sets the attributes of a credential, such as the name associated with the credential. (Unicode)
SetDatabaseInformation

Sets the database related information for the certification authority (CA) role.
SetDefaultValues

Specifies a default hashing algorithm used to create a digest of the certificate request prior to signing.
SetEntriesInAclA

Creates a new access control list (ACL) by merging new access control or audit control information into an existing ACL structure. (ANSI)
SetEntriesInAclW

Creates a new access control list (ACL) by merging new access control or audit control information into an existing ACL structure. (Unicode)
SetFileSecurityA

The SetFileSecurityA (ANSI) function (winbase.h) sets the security of a file or directory object.
SetFileSecurityW

The SetFileSecurityW (Unicode) function (securitybaseapi.h) sets the security of a file or directory object.
SetHStoreCA

The SetHStoreCA method specifies the handle to use for the CA store. This method was first defined in the IEnroll2 interface.
SetHStoreMy

The SetHStoreMy method specifies the handle to use for the MY store. This method was first defined in the IEnroll2 interface.
SetHStoreRequest

The SetHStoreRequest method specifies the handle to use for the request store. This method was first defined in the IEnroll2 interface.
SetHStoreROOT

The SetHStoreROOT method specifies the handle to use for the Root store. This method was first defined in the IEnroll2 interface.
SetKernelObjectSecurity

Sets the security of a kernel object.
SetMSCEPSetupProperty

Sets a property value for a Network Device Enrollment Service (NDES) configuration.
SetNameCount

Sets a name count for the specified distribution point in a certificate revocation list (CRL) distribution information array.
SetNamedSecurityInfoA

Sets specified security information in the security descriptor of a specified object. (ANSI)
SetNamedSecurityInfoW

Sets specified security information in the security descriptor of a specified object. (Unicode)
SetNameEntry

Sets a name at a specified index of the alternate name array.
SetNameEntry

Sets a name at a specified index of a distribution point in a certificate revocation list (CRL) distribution information array.
SetParentCAInformation

Sets the parent certification authority (CA) information for a subordinate CA configuration.
setPendingRequestInfo

Sets properties for a pending request. This method was first defined in the ICEnroll4 interface.
setPendingRequestInfoWStr

Sets properties for a pending request.
SetPrivateKeyArchiveCertificate

The SetPrivateKeyArchiveCertificate method specifies the certificate used to archive the private key. This method was first defined in the IEnroll4 interface.
SetPrivateObjectSecurity

Modifies a private object's security descriptor.
SetPrivateObjectSecurityEx

Modifies the security descriptor of a private object maintained by the resource manager calling this function.
SetProperty

Sets the specified value to the IAzApplication object property with the specified property ID.
SetProperty

Sets the specified value to the IAzApplicationGroup object property with the specified property ID.
SetProperty

Sets the specified value to the AzAuthorizationStore object property with the specified property ID.
SetProperty

Sets the specified value to the IAzOperation object property with the specified property ID.
SetProperty

Sets the specified value to the IAzRole object property with the specified property ID.
SetProperty

Sets the specified value to the IAzScope object property with the specified property ID.
SetProperty

Sets the specified value to the IAzTask object property with the specified property ID.
SetProperty

Specifies a CEPSetupProperty enumeration value for the Certificate Enrollment Policy (CEP) Web Service configuration.
SetProperty

Specifies a CESSetupProperty enumeration value for the Certificate Enrollment Web Service (CES) configuration.
SetProperty

Allows a module to set a property value.
SetRequestAttributes

Sets attributes in the specified pending certificate request. This method was first defined in the ICertAdmin interface.
SetRestriction

Sets the sorting and qualifying restrictions on a column.
SetResultColumn

Specifies a column for the result set of a customized view of the Certificate Services database.
SetResultColumnCount

Specifies the maximum number of columns for the result set of a customized view of the Certificate Services database.
SetSecurity

The SetSecurity method provides a security descriptor containing the security information the user wants to apply to the securable object. The access control editor calls this method when the user clicks Okay or Apply.
SetSecurity

Updates security descriptor information for an Online Certificate Status Protocol (OCSP) responder server.
SetSecurityAccessMask

Creates an access mask that represents the access permissions necessary to set the specified object security information.
SetSecurityDescriptorControl

Sets the control bits of a security descriptor. The function can set only the control bits that relate to automatic inheritance of ACEs.
SetSecurityDescriptorDacl

Sets information in a discretionary access control list (DACL). If a DACL is already present in the security descriptor, the DACL is replaced.
SetSecurityDescriptorGroup

Sets the primary group information of an absolute-format security descriptor, replacing any primary group information already present in the security descriptor.
SetSecurityDescriptorOwner

Sets the owner information of an absolute-format security descriptor. It replaces any owner information already present in the security descriptor.
SetSecurityDescriptorRMControl

Sets the resource manager control bits in the SECURITY_DESCRIPTOR structure.
SetSecurityDescriptorSacl

Sets information in a system access control list (SACL). If there is already a SACL present in the security descriptor, it is replaced.
SetSecurityInfo

Sets specified security information in the security descriptor of a specified object. The caller identifies the object by a handle.
SetServiceObjectSecurity

Sets the security descriptor of a service object.
SetServiceStatus

Updates the service control manager's status information for the calling service.
SetSharedFolder

Specifies the path to be used as the certification authority's (CA) shared folder.
SetSignerCertificate

The SetSignerCertificate method specifies the signer's certificate. This method was first defined in the IEnroll4 interface.
SetStringProperty

Specifies the certificate enrollment policy (CEP) server ID or the display name of the CEP server.
SetTable

Specifies which Certificate Services database table is used for subsequent calls to the methods of the ICertView2 interface.
SetThreadToken

Assigns an impersonation token to a thread. The function can also cause a thread to stop using an impersonation token.
SetTokenInformation

Sets various types of information for a specified access token.
SetUserObjectSecurity

Sets the security of a user object. This can be, for example, a window or a DDE conversation.
SetValue

Sets a DATE value at the specified index of the DATE array.
SetValue

Sets a Long value at the specified index of the Long array.
SetValue

Sets a string value at the specified index of the string array.
SetValueOnCertificate

Associates a property value with an existing certificate.
SetWebCAInformation

Sets the certification authority (CA) information for the Certification Authority Web Enrollment role.
ShutDown

Called by the server engine before the server is terminated.
Skip

Skips a specified number of attributes in the attribute-enumeration sequence.
Skip

Skips a specified number of columns in the column-enumeration sequence.
Skip

Skips a specified number of extensions in the extension-enumeration sequence.
Skip

Skips a specified number of rows in the row enumeration sequence.
SLAcquireGenuineTicket

Gets a XrML genuine ticket acquired from the Software Licensing Server (SLS).
SLActivateProduct

Acquires a use license from the Software License Server (SLS).
SLClose

Closes the Software Licensing Client (SLC) context handle.
SLConsumeRight

Let an application to exercise rights on a locally-stored licenses.
SLDepositMigrationBlob

Deposits licensing information previously collected and gathered using the SLGatherMigrationBlob function.
SLDepositOfflineConfirmationId

Deposits Installation ID (IID) and Confirmation ID (CID) for offline activation. (SLDepositOfflineConfirmationId)
SLDepositOfflineConfirmationIdEx

Deposits Installation ID (IID) and Confirmation ID (CID) for offline activation. (SLDepositOfflineConfirmationIdEx)
SLFireEvent

Sends a specified event to a registered listener.
SLGatherMigrationBlob

Gathers licensing information for the provided file handle. This licensing information can later be applied or deposited using the SLDepositMigrationBlob function.
SLGenerateOfflineInstallationId

Generates the Installation ID (IID).
SLGenerateOfflineInstallationIdEx

Generates Installation ID (IID).
SLGetApplicationInformation

Gets information about the specified application.
SLGetApplicationPolicy

Queries a policy from the set stored with the SLPersistApplicationPolicies function and loaded using the SLLoadApplicationPolicies function.
SLGetAuthenticationResult

Gets the authentication results.
SLGetGenuineInformation

Gets information about the genuine state of a Windows computer.
SLGetGenuineInformationEx

Specifies information about the genuine status of a Windows computer. (SLGetGenuineInformationEx)
SLGetInstalledProductKeyIds

This function returns a list of product key IDs associated with the specified Product SKU ID.
SLGetLicense

Returns the license file BLOB.
SLGetLicenseFileId

Checks if the license BLOB has been installed already.
SLGetLicenseInformation

Gets the specified license information.
SLGetLicensingStatusInformation

Gets the licensing status of the specified application or SKU.
SLGetPKeyId

Gets the registered product key ID associated with the product.
SLGetPKeyInformation

Gets the information of the specified product key.
SLGetPolicyInformation

Gets the policy information after right has been consumed successfully. (SLGetPolicyInformation)
SLGetPolicyInformationDWORD

Gets the policy information after right has been consumed successfully. (SLGetPolicyInformationDWORD)
SLGetProductSkuInformation

Gets information about the specified product SKU.
SLGetReferralInformation

Gets referral information for the specified product.
SLGetServerStatus

Checks the server status according to the specified URL and RequestType.
SLGetServiceInformation

Gets global data information.
SLGetSLIDList

Gets a list of SLIDs according to the input query ID type and the ID value.
SLGetWindowsInformation

Retrieves the value portion of a name-value pair from the licensing policy of a software component.
SLGetWindowsInformationDWORD

Retrieves the DWORD value portion of a name-value pair from the licensing policy of a software component.
SLInstallLicense

Stores the specified license and returns a license file ID.
SLInstallProofOfPurchase

Registers the product key with SL.
SLInstallProofOfPurchaseEx

Register the product key with SL.
SLIsGenuineLocal

Checks whether the specified application is a genuine Windows installation.
SLIsGenuineLocalEx

Checks whether the specified application installation is genuine.
SLLoadApplicationPolicies

Loads the application policies set with the SLPersistApplicationPolicies function for use by the SLGetApplicationPolicy function.
SLOpen

Initializes the Software Licensing Client (SLC) and connects SLC to the Software Licensing Service (SLS).
SLPersistApplicationPolicies

Stores the current consumed policies to disk for fast policy access.
SLPersistRTSPayloadOverride

Associates information with the specified product for both online and phone activation.
SLQueryLicenseValueFromApp

Gets the value for the specified component policy.
SLReArm

This function is rearm application activation.
SLRegisterEvent

Registers an event in the SL service.
SLSetAuthenticationData

Sets authentication data.
SLSetCurrentProductKey

Sets the current product key to the previously installed product key.
SLSetGenuineInformation

Specifies information about the genuine status of a Windows computer. (SLSetGenuineInformation)
SLUninstallLicense

Uninstalls the license specified by the license file ID and target user option.
SLUninstallProofOfPurchase

Unregisters the product key information.
SLUnloadApplicationPolicies

Releases the policy context handle returned by the SLLoadApplicationPolicies function.
SLUnregisterEvent

Unregisters a registered event in the SL service.
SpAcceptCredentialsFn

Called by the Local Security Authority (LSA) to pass the security package any credentials stored for the authenticated security principal.
SpAcceptLsaModeContextFn

Server dispatch function used to create a security context shared by a server and client.
SpAcquireCredentialsHandleFn

Called to obtain a handle to a principal's credentials.
SpAddCredentialsFn

Used to add credentials for a security principal.
SpApplyControlTokenFn

Applies a control token to a security context. This function is not currently called by the Local Security Authority (LSA).
SpCompleteAuthTokenFn

Completes an authentication token.S
SpDeleteCredentialsFn

Deletes credentials from a security package's list of primary or supplemental credentials.
SpExchangeMetaDataFn

Sends metadata to a security support provider.
SpExportSecurityContextFn

Exports a security context to another process.
SpFormatCredentialsFn

Formats credentials to be stored in a user object.
SpFreeCredentialsHandleFn

Frees credentials acquired by calling the SpAcquireCredentialsHandle function.
SpGetContextTokenFn

Obtains the token to impersonate.
SpGetCredentialsFn

Retrieves the primary and supplemental credentials from the user object.
SpGetCredUIContextFn

Retrieves context information from a credential provider. (SpGetCredUIContextFn)
SpGetExtendedInformationFn

Provides extended information about a security package.
SpGetInfoFn

Provides general information about the security package, such as its name and capabilities.
SpGetUserInfoFn

Retrieves information about a logon session.
SpImportSecurityContextFn

Imports a security context from another process.
SpInitializeFn

Is called once by the Local Security Authority (LSA) to provide a security package with general security information and a dispatch table of support functions.
SpInitLsaModeContextFn

The client dispatch function used to establish a security context between a server and client.
SpInitUserModeContextFn

Creates a user-mode security context from a packed Local Security Authority (LSA)-mode context.
SpInstanceInitFn

Initializes user-mode security packages in an SSP/AP.
SpLsaModeInitializeFn

Provides the LSA with pointers to the functions implemented by each security package in the SSP/AP DLL.
SpMarshallSupplementalCredsFn

Converts supplemental credentials from a public format into a format suitable for local procedure calls.
SpQueryContextAttributesFn

Retrieves the attributes of a security context.
SpQueryCredentialsAttributesFn

Retrieves the attributes for a credential.
SpQueryMetaDataFn

Gets metadata from a security support provider (SSP) when it is initiating a security context.
SpSaveCredentialsFn

Saves a supplemental credential to the user object.
SpSealMessageFn

Encrypts a message exchanged between a client and server.
SpSetExtendedInformationFn

Sets extended information about the security package.
SpUnsealMessageFn

Decrypts a message that was previously encrypted with the SpSealMessage function.
SpUpdateCredentialsFn

Updates the credentials associated with the specified context. (SpUpdateCredentialsFn)
SpUserModeInitializeFn

Called when a security support provider/authentication package (SSP/AP) DLL is loaded into the process space of a client/server application. This function provides the SECPKG_USER_FUNCTION_TABLE tables for each security package in the SSP/AP DLL.
SpValidateTargetInfoFn

Validates that the specified SECPKG_TARGETINFO structure represents a valid target.
SslCrackCertificate

Returns an X509Certificate structure with the information contained in the specified certificate BLOB.
SslEmptyCacheA

Removes the specified string from the Schannel cache. (ANSI)
SslEmptyCacheW

Removes the specified string from the Schannel cache. (Unicode)
SslFreeCertificate

Frees a certificate that was allocated by a previous call to the SslCrackCertificate function.
SslGetServerIdentity

Gets the identity of the server.
SspiAcceptSecurityContextAsync

Lets the server component of a transport application asynchronously establish a security context between the server and a remote client.
SspiAcquireCredentialsHandleAsyncA

Asynchronously acquires a handle to preexisting credentials of a security principal. (ANSI)
SspiAcquireCredentialsHandleAsyncW

Asynchronously acquires a handle to preexisting credentials of a security principal. (Unicode)
SspiAsyncContextRequiresNotify

Determines whether a given async context requires notification on completion of the call.
SspiAsyncNotifyCallback

Callback used for notifying completion of an async SSPI call.
SspiCompareAuthIdentities

Compares the two specified credentials.
SspiCopyAuthIdentity

Creates a copy of the specified opaque credential structure.
SspiCreateAsyncContext

Creates an instance of SspiAsyncContext which is used to track the async call.
SspiDecryptAuthIdentity

Decrypts the specified encrypted credential.
SspiDecryptAuthIdentityEx

Decrypts a SEC_WINNT_AUTH_IDENTITY_OPAQUE structure.
SspiDeleteSecurityContextAsync

Deletes the local data structures associated with the specified security context initiated by a previous call to the SspiInitializeSecurityContextAsync function or the SspiAcceptSecurityContextAsync function.
SspiEncodeAuthIdentityAsStrings

Encodes the specified authentication identity as three strings.
SspiEncodeStringsAsAuthIdentity

Encodes a set of three credential strings as an authentication identity structure.
SspiEncryptAuthIdentity

Encrypts the specified identity structure.
SspiEncryptAuthIdentityEx

Encrypts a SEC_WINNT_AUTH_IDENTITY_OPAQUE structure.
SspiExcludePackage

Creates a new identity structure that is a copy of the specified identity structure modified to exclude the specified security support provider (SSP).
SspiFreeAsyncContext

Frees up a context created in the call to the SspiCreateAsyncContext function.
SspiFreeAuthIdentity

Frees the memory allocated for the specified identity structure.
SspiFreeCredentialsHandleAsync

Frees up a credential handle.
SspiGetAsyncCallStatus

Gets the current status of an async call associated with the provided context.
SspiGetCredUIContext

Retrieves context information from a credential provider. (SspiGetCredUIContext)
SspiGetTargetHostName

Gets the host name associated with the specified target.
SspiInitializeSecurityContextAsyncA

Initializes an async security context. (ANSI)
SspiInitializeSecurityContextAsyncW

Initializes an async security context. (Unicode)
SspiIsAuthIdentityEncrypted

Indicates whether the specified identity structure is encrypted.
SspiIsPromptingNeeded

Indicates whether an error returned after a call to either the InitializeSecurityContext or the AcceptSecurityContext function requires an additional call to the SspiPromptForCredentials function.
SspiLocalFree

Frees the memory associated with the specified buffer.
SspiMarshalAuthIdentity

Serializes the specified identity structure into a byte array.
SspiPrepareForCredRead

Generates a target name and credential type from the specified identity structure.
SspiPrepareForCredWrite

Generates values from an identity structure that can be passed as the values of parameters in a call to the CredWrite function.
SspiPromptForCredentialsA

Allows a Security Support Provider Interface (SSPI) application to prompt a user to enter credentials. (ANSI)
SspiPromptForCredentialsW

Allows a Security Support Provider Interface (SSPI) application to prompt a user to enter credentials. (Unicode)
SspiReinitAsyncContext

Marks an async context for reuse.
SspiSetAsyncNotifyCallback

Registers a callback that is notified on async call completion.
SspiUnmarshalAuthIdentity

Deserializes the specified array of byte values into an identity structure.
SspiUnmarshalCredUIContext

Deserializes credential information obtained by a credential provider during a previous call to the ICredentialProvider::SetSerialization method.
SspiUpdateCredentials

Updates the credentials associated with the specified context. (SspiUpdateCredentials)
SspiValidateAuthIdentity

Indicates whether the specified identity structure is valid.
SspiZeroAuthIdentity

Fills the block of memory associated with the specified identity structure with zeros.
StartServiceA

Starts a service. (ANSI)
StartServiceCtrlDispatcherA

Connects the main thread of a service process to the service control manager, which causes the thread to be the service control dispatcher thread for the calling process. (ANSI)
StartServiceCtrlDispatcherW

Connects the main thread of a service process to the service control manager, which causes the thread to be the service control dispatcher thread for the calling process. (Unicode)
StartServiceW

Starts a service. (Unicode)
stringToBinary

Converts an encoded string to a binary data BLOB. This method was first defined in the ICEnroll4 interface.
stringToBinaryBlob

Converts an encoded string to a binary data BLOB.
StringToString

Modifies the type of Unicode encoding applied to a string.
StringToVariantByteArray

Creates a byte array from a Unicode encoded string.
Submit

Persists changes made to the IAzApplication object.
Submit

Persists changes made to the IAzApplicationGroup object.
Submit

Persists changes made to the AzAuthorizationStore object.
Submit

Persists changes made to the IAzOperation object.
Submit

Persists changes made to the IAzRole object.
Submit

Persists changes made to the IAzScope object.
Submit

Persists changes made to the IAzTask object.
Submit

Submits a request to the Certificate Services server.
TokenBindingDeleteAllBindings

Deletes all token binding keys that are associated with the calling user or app container.
TokenBindingDeleteBinding

Deletes the token binding key that is associated with the specified target string.
TokenBindingGenerateBinding

Constructs one token binding that contains the exported public key and signature by using the specified key type for the token binding, a target identifier string for creating and retrieving the token binding key, and the unique data.
TokenBindingGenerateID

Constructs the token binding identifier by extracting the signature algorithm from the key type and copying the exported public key.
TokenBindingGenerateMessage

Assembles the list of token bindings and generates the final message for the client device to the server.
TokenBindingGetKeyTypesClient

Retrieves a list of the key types that the client device supports.
TokenBindingGetKeyTypesServer

Retrieves a list of the key types that the server supports.
TokenBindingVerifyMessage

Validates the token binding message and verifies the token bindings that the message contains.
TreeResetNamedSecurityInfoA

Resets specified security information in the security descriptor of a specified tree of objects. (ANSI)
TreeResetNamedSecurityInfoW

Resets specified security information in the security descriptor of a specified tree of objects. (Unicode)
TreeSetNamedSecurityInfoA

Sets specified security information in the security descriptor of a specified tree of objects. (ANSI)
TreeSetNamedSecurityInfoW

Sets specified security information in the security descriptor of a specified tree of objects. (Unicode)
UnAdvise

Deletes a connection created by calling the Advise method.
Uninitialize

Uninitializes the NDES policy module.
UnInstall

Removes the Certificate Enrollment Policy (CEP) Web Service.
UnInstall

Removes the Certificate Enrollment Web Service (CES).
UnlockServiceDatabase

Unlocks a service control manager database by releasing the specified lock.
UpdateCache

Updates the cache of objects and object attributes to match the underlying policy store.
UpdateRegistry

Registers a certificate enrollment policy (CEP) server.
UpgradeStoresFunctionalLevel

Upgrades this authorization store from version 1 to version 2.
Validate

Validates the current policy information.
VariantByteArrayToString

Creates a Unicode encoded string from a byte array.
Verify

Verifies that a private key exists and can be used by the client but does not open the key.
VerifyRequest

Notifies the policy module that a new request has entered the system.
VerifyRequest

Verifies the NDES certificate request for submission to the CA.
VerifySignature

Verifies that a message signed by using the MakeSignature function was received in the correct sequence and has not been modified.
WintrustAddActionID

Adds a trust provider action to the user's system.
WintrustAddDefaultForUsage

Specifies the default usage identifier and callback information for a provider.
WintrustGetDefaultForUsage

Retrieves the default usage identifier and callback information.
WintrustGetRegPolicyFlags

Retrieves policy flags for a policy provider.
WintrustLoadFunctionPointers

Loads function entry points for a specified action GUID. This function has no associated import library.
WintrustRemoveActionID

Removes an action added by the WintrustAddActionID function. This function has no associated import library.
WintrustSetDefaultIncludePEPageHashes

Sets the default setting that determines whether page hashes are included when creating subject interface package (SIP) indirect data for PE files.
WintrustSetRegPolicyFlags

Sets policy flags for a policy provider.
WinVerifyTrust

Performs a trust verification action on a specified object.
WinVerifyTrustEx

Performs a trust verification action on a specified object and takes a pointer to a WINTRUST_DATA structure.
WlxActivateUserShell

Activates the user shell program.
WlxDisconnectNotify

Winlogon calls this function when a Terminal Services network session is disconnected.
WlxDisplayLockedNotice

Allows the GINA to display information about the lock, such as who locked the workstation and when it was locked.
WlxDisplaySASNotice

Winlogon calls this function when no user is logged on.
WlxDisplayStatusMessage

Winlogon calls this function when the GINA DLL should display a message.
WlxGetConsoleSwitchCredentials

Winlogon calls this function to read the currently logged on user's credentials to transparently transfer them to a target session.
WlxGetStatusMessage

Winlogon calls this function to get the status message being displayed by the GINA DLL.
WlxInitialize

Winlogon calls this function once for each window station present on the computer. Currently, the operating system supports one window station per workstation.
WlxIsLockOk

Winlogon calls this function before attempting to lock the workstation.
WlxIsLogoffOk

Winlogon calls this function when the user initiates a logoff operation.
WlxLoggedOnSAS

Winlogon calls this function when it receives a secure attention sequence (SAS) event while the user is logged on and the workstation is not locked.
WlxLoggedOutSAS

Winlogon calls this function when it receives a secure attention sequence (SAS) event while no user is logged on.
WlxLogoff

Winlogon calls this function to notify the GINA of a logoff operation on this workstation, allowing the GINA to perform any logoff operations that may be required.
WlxNegotiate

The WlxNegotiate function must be implemented by a replacement GINA DLL. This is the first call made by Winlogon to the GINA DLL. WlxNegotiate allows the GINA to verify that it supports the installed version of Winlogon.
WlxNetworkProviderLoad

Winlogon calls this function to collect valid authentication and identification information.
WlxReconnectNotify

Winlogon calls this function when a Terminal Services network session is reconnected.
WlxRemoveStatusMessage

Winlogon calls this function to tell the GINA DLL to stop displaying the status message.
WlxScreenSaverNotify

Winlogon calls this function immediately before a screen saver is activated, allowing the GINA to interact with the screen saver program.
WlxShutdown

Winlogon calls this function just before shutting down, allowing the GINA to perform any shutdown tasks, such as ejecting a smart card from a reader.
WlxStartApplication

Winlogon calls this function when the system needs an application to be started in the context of the user.
WlxWkstaLockedSAS

Winlogon calls this function when it receives a secure attention sequence (SAS) and the workstation is locked.
WNetSetLastErrorA

Sets extended error information. Network providers should call this function instead of SetLastError. (ANSI)
WNetSetLastErrorW

Sets extended error information. Network providers should call this function instead of SetLastError. (Unicode)
WTHelperCertCheckValidSignature

Checks whether a signature is valid.
WTHelperCertIsSelfSigned

Checks whether a certificate is self-signed.
WTHelperGetProvCertFromChain

Retrieves a trust provider certificate from the certificate chain.
WTHelperGetProvPrivateDataFromChain

Receives a CRYPT_PROVIDER_PRIVDATA structure from the chain by using the provider ID.
WTHelperGetProvSignerFromChain

Retrieves a signer or countersigner by index from the chain.
WTHelperProvDataFromStateData

Retrieves trust provider information from a specified handle.

Interfaces

 
IAlternativeName

Is used by an IX509ExtensionAlternativeNames object to represent an instance of an AlternativeNames extension.
IAlternativeNames

Contains methods and properties that enable you to manage a collection of IAlternativeName objects.
IAssociatedIdentityProvider

Allows an identity provider to associate identities with local user accounts.
IAzApplication

Defines an installed instance of an application. An IAzApplication object is created when an application is installed.
IAzApplication2

Inherits from the IAzApplication interface and implements additional methods to initialize IAzClientContext2 objects.
IAzApplication3

Provides methods to manage IAzRoleAssignment, IAzRoleDefinition, and IAzScope2 objects.
IAzApplicationGroup

Defines a collection of principals.
IAzApplicationGroup2

Extends the IAzApplicationGroup interface by adding support for the BizRule group type.
IAzApplicationGroups

Represents a collection of IAzApplicationGroup objects.
IAzApplications

Represents a collection of IAzApplication objects.
IAzAuthorizationStore

Defines the container that is the root of the authorization policy store.
IAzAuthorizationStore2

Inherits from the AzAuthorizationStore object and implements methods to create and open IAzApplication2 objects.
IAzAuthorizationStore3

Extends the IAzAuthorizationStore2 interface with methods that manage business rule (BizRule) support and caching.
IAzBizRuleContext

Contains information about a Business Rule (BizRule) operation.
IAzBizRuleInterfaces

Provides methods and properties used to manage a list of IDispatch interfaces that can be called by business rule (BizRule) scripts.
IAzBizRuleParameters

Provides methods and properties used to manage a list of parameters that can be passed to business rule (BizRule) scripts.
IAzClientContext

Maintains the state that describes a particular client.
IAzClientContext2

Inherits from the IAzClientContext interface and implements new methods that manipulate the client context.
IAzClientContext3

Extends the IAzClientContext2 interface.
IAzNameResolver

Translates security identifiers (SIDs) into principal display names.
IAzObjectPicker

Displays a dialog box that allows users to select one or more principals from a list.
IAzOperation

Defines a low-level operation supported by an application.
IAzOperation2

Extends the IAzOperation with a method that returns the role assignments associated with the operation.
IAzOperations

Represents a collection of IAzOperation objects.
IAzPrincipalLocator

Locates and chooses ADAM principals in Authorization Manager.
IAzRole

Defines the set of operations that can be performed by a set of users within a scope.
IAzRoleAssignment

Represents a role to which users and groups can be assigned.
IAzRoleAssignments

Represents a collection of IAzRoleAssignment objects.
IAzRoleDefinition

Represents one or more IAzRoleDefinition, IAzTask, and IAzOperation objects that specify a set of operations.
IAzRoleDefinitions

Represents a collection of IAzRoleDefinition objects.
IAzRoles

Represents a collection of IAzRole objects.
IAzScope

Defines a logical container of resources to which the application manages access.
IAzScope2

Extends the IAzScope interface to manage IAzRoleAssignment and IAzRoleDefinition objects.
IAzScopes

Represents a collection of IAzScope objects.
IAzTask

Describes a set of operations.
IAzTask2

Extends the IAzTask interface with a method that returns the role assignments associated with the task.
IAzTasks

Represents a collection of IAzTask objects.
IBinaryConverter

Contains general methods that enable you to create a Unicode-encoded string from a byte array, create a byte array from a Unicode-encoded string, and modify the type of Unicode encoding applied to a string.
ICcgDomainAuthCredentials

A client-implemented interface that allows developers to supply their own credentials dynamically at run time to authenticate non-domain joined containers with Active Directory.
ICEnroll

The ICEnroll interface is one of several interfaces that represent the Certificate Enrollment Control.
ICEnroll2

The ICEnroll2 interface is one of several interfaces that represent the Certificate Enrollment Control.
ICEnroll3

One of several interfaces that represent the Certificate Enrollment Control.
ICEnroll4

The ICEnroll4 interface is one of several interfaces that represent the Certificate Enrollment Control.
ICertAdmin

Provides administration functionality for properly authorized clients.
ICertAdmin2

Provide administration functionality for properly authorized clients.
ICertConfig

The ICertConfig interface provides functionality for retrieving the public configuration data (specified during client setup) for a Certificate Services server.
ICertConfig2

Provide functionality for retrieving the public configuration data (specified during client setup) for a Certificate Services server.
ICertEncodeAltName

Provides methods for handling alternate names used in certificate extensions.
ICertEncodeBitString

Provides methods for handling bit strings used in certificate extensions.
ICertEncodeCRLDistInfo

Provides methods for handling certificate revocation list (CRL) distribution information arrays used in certificate extensions.
ICertEncodeDateArray

Provides methods for handling Date arrays used in certificate extensions.
ICertEncodeLongArray

Provides methods for handling Long arrays used in certificate extensions.
ICertEncodeStringArray

Provides methods for handling string arrays used in certificate extensions.
ICertExit

Provides communications between the Certificate Services server and an exit module.
ICertExit2

Provide communications between the Certificate Services server and an exit module.
ICertGetConfig

Provides functionality for retrieving the public configuration data (specified during client setup) for a Certificate Services server.
ICertificateAttestationChallenge

Allows applications to decrypt a key attestation challenge received from a server.
ICertificateEnrollmentPolicyServerSetup

The ICertificateEnrollmentPolicyServerSetup interface represents the Certificate Enrollment Policy (CEP) Web Service within Active Directory Certificate Services (ADCS).
ICertificateEnrollmentServerSetup

The ICertificateEnrollmentServerSetup interface represents the Certificate Enrollment Web Service (CES) within Active Directory Certificate Services (ADCS).
ICertificatePolicies

Contains methods and properties that enable you to manage a collection of ICertificatePolicy objects.
ICertificatePolicy

Can be used to specify a certificate policy that identifies a purpose for which the certificate can be used.
ICertificationAuthorities

The ICertificationAuthorities interface defines the following methods and properties that manage a collection of ICertificationAuthority objects.
ICertificationAuthority

The ICertificationAuthority interface represents a single certification authority. A collection of certification authorities is represented by the ICertificationAuthorities interface.
ICertManageModule

Provided to retrieve information about a Certificate Services Policy or Exit module.
ICertPolicy

Provides communications between the Certificate Services server engine and the policy module.
ICertPolicy2

Provide communications between the Certificate Services server engine and the policy module.
ICertProperties

Contains methods and properties that enable you to manage a collection of certificate properties.
ICertProperty

Can be used to associate an external property with a certificate.
ICertPropertyArchived

Represents a certificate property that identifies whether a certificate has been archived.
ICertPropertyArchivedKeyHash

Represents a SHA-1 hash of an encrypted private key submitted to a certification authority for archival.
ICertPropertyAutoEnroll

Represents a certificate property that identifies a template that has been configured to enable autoenrollment of the certificate.
ICertPropertyBackedUp

Represents an external certificate property that identifies whether a certificate has been backed up and, if so, the date and time that it was saved.
ICertPropertyDescription

Enables you to specify and retrieve a string that contains descriptive information for a certificate.
ICertPropertyEnrollment

Represents a certificate property that contains certificate and certification authority (CA) information created when the client calls the Enroll method on the IX509Enrollment interface.
ICertPropertyEnrollmentPolicyServer

Represents an external certificate property that contains information about a certificate enrollment policy (CEP) server and a certificate enrollment server (CES).
ICertPropertyFriendlyName

Enables you to specify and retrieve a string that contains the display name of a certificate.
ICertPropertyKeyProvInfo

Represents a certificate property that contains information about a private key.
ICertPropertyRenewal

Represents a certificate property that contains a SHA-1 hash of the new certificate created when an existing certificate is renewed.
ICertPropertyRequestOriginator

Represents a certificate property that contains the Domain Naming System (DNS) name of the computer on which the request was created.
ICertPropertySHA1Hash

Represents a certificate property that contains a SHA-1 hash of the certificate.
ICertRequest

Provides communications between a client or intermediary application and Certificate services.
ICertRequest2

Provide communications between a client or intermediary application and Certificate Services. (ICertRequest2)
ICertRequest3

Provide communications between a client or intermediary application and Certificate Services. (ICertRequest3)
ICertServerExit

Exported by the server engine and is called by exit modules.
ICertServerPolicy

Allows the policy module to communicate with Certificate Services.
ICertSrvSetup

Defines functionality to install and uninstall Certification Authority (CA) and Certification Authority Web Enrollment roles on a Certificate Services computer.
ICertSrvSetupKeyInformation

Defines a set of private key properties that are used for setup of certification authority (CA) or Microsoft Simple Certificate Enrollment Protocol (SCEP) roles.
ICertSrvSetupKeyInformationCollection

Defines functionality to populate and enumerate a collection of ICertSrvSetupKeyInformation objects.
ICertView

Allows properly authorized clients to create a customized or complete view of the Certificate Services database.
ICertView2

Allow properly authorized clients to create a customized or complete view of the Certificate Services database.
IConnectedIdentityProvider

Provides methods of interaction with a connected identity provider.
ICryptAttribute

The ICryptAttribute interface represents a cryptographic attribute in a certificate request. A collection of these attributes is contained in the CertificateRequestInfo structure of a PKCS
ICryptAttributes

The ICryptAttributes interface contains methods and properties that enable you to manage a collection of ICryptAttribute objects.
ICspAlgorithm

Represents an algorithm implemented by a cryptographic provider.
ICspAlgorithms

The ICspAlgorithms interface defines the following methods and properties that manage a collection of ICspAlgorithm objects.
ICspInformation

Provides access to general information about a cryptographic provider.
ICspInformations

The ICspInformations interface defines the following methods and properties to manage a collection of ICspInformation objects.
ICspStatus

Contains information about a cryptographic provider/algorithm pair. (ICspStatus)
ICspStatuses

Contains information about a cryptographic provider/algorithm pair. (ICspStatuses)
IEffectivePermission

Provides a means to determine effective permission for a security principal on an object.
IEffectivePermission2

Provides a way to determine effective permission for a security principal on an object.
IEnroll

Represents the Certificate Enrollment Control and is used primarily to generate certificate requests. (IEnroll)
IEnroll2

Represents the Certificate Enrollment Control and is used primarily to generate certificate requests. (IEnroll2)
IEnroll4

The IEnroll4 interface represents the Certificate Enrollment Control and is used primarily to generate certificate requests.
IEnumCERTVIEWATTRIBUTE

Represents an attribute-enumeration sequence that contains the certificate attributes for the current row of the row-enumeration sequence.
IEnumCERTVIEWCOLUMN

Represents a column-enumeration sequence that contains the column data for the current row of the enumeration sequence.
IEnumCERTVIEWEXTENSION

Represents an extension-enumeration sequence that contains the certificate extension data for the current row of the row-enumeration sequence.
IEnumCERTVIEWROW

Represents a row-enumeration sequence that contains the data in the rows of the Certificate Services view, allowing further access to the columns, attributes, and extensions associated with each row.
IIdentityAdvise

Allows an identity provider to notify a calling application when an identity is updated.
IIdentityProvider

Represents an identity provider.
IIdentityStore

Provides methods to enumerate and manage identities and identity providers.
IMSCEPSetup

Defines functionality to install and uninstall a Network Device Enrollment Service (NDES) role on a Certificate Services computer.
INDESPolicy

The NDES Policy Module Interface. When installed against an enterprise CA, NDES generates a password after checking that the user has enrollment permission on the configured NDES templates, both user and machine templates.
IObjectId

Represents an object identifier (OID).
IObjectIds

The IObjectIds interface defines methods and properties that enable you to manage a collection of IObjectId objects.
IOCSPAdmin

Provides functionality to manage an Online Certificate Status Protocol (OCSP) responder server.
IOCSPCAConfiguration

Represents a set of definitions that enable an Online Certificate Status Protocol (OCSP) service to respond to a certificate status request for a specific certification authority (CA).
IOCSPCAConfigurationCollection

Represents a set of certificates for which an Online Certificate Status Protocol (OCSP) service has been configured to provide certificate status responses.
IOCSPProperty

Represents a name-value pair for OCSPServiceProperties or ProviderProperties.
IOCSPPropertyCollection

Represents a set of configurable attribute properties (name-value pairs) for an Online Certificate Status Protocol (OCSP) service.
IPolicyQualifier

Represents a qualifier that can be associated with a certificate policy.
IPolicyQualifiers

Defines methods and properties that enable you to manage a collection of IPolicyQualifier objects.
ISceSvcAttachmentData

The ISceSvcAttachmentData interface retrieves configuration and analysis data about a specified security service from the Security Configuration snap-ins.
ISceSvcAttachmentPersistInfo

The ISceSvcAttachmentPersistInfo interface retrieves any modified configuration or analysis information from an attachment snap-in.
ISecurityInformation

Enables the access control editor to communicate with the caller of the CreateSecurityPage and EditSecurity functions.
ISecurityInformation2

Enables the access control editor to obtain information from the client that is not provided by the ISecurityInformation interface.
ISecurityInformation3

Provides methods necessary for displaying an elevated access control editor when a user clicks the Edit button on an access control editor page that displays an image of a shield on that Edit button.
ISecurityInformation4

Enables the access control editor (ACE) to obtain the share's security descriptor to initialize the share page.
ISecurityObjectTypeInfo

Provides a means of determining the source of inherited access control entries (ACEs) in discretionary access control lists (DACLs) and system access control lists (SACLs).
ISignerCertificate

Represents a signing certificate that enables you to sign a certificate request.
ISignerCertificates

The ISignerCertificates interface defines the following methods and properties to manage a collection of ISignerCertificate objects.
ISmimeCapabilities

Defines the following methods and properties to manage a collection of ISmimeCapability objects.
ISmimeCapability

Represents an SMIMECapabilities extension that identifies the decryption capabilities of an email recipient.
ITpmVirtualSmartCardManager

Manages the TPM virtual smart cards.
ITpmVirtualSmartCardManagerStatusCallback

Notifies the caller of the progress of the requested operation or any resulting errors.
IX500DistinguishedName

Represents an X.500 distinguished name (DN).
IX509Attribute

Can be used to represent an attribute in a PKCS
IX509AttributeArchiveKey

Represents an attribute that contains an encrypted private key to be archived by a certification authority.
IX509AttributeArchiveKeyHash

Represents an attribute that contains a SHA-1 hash of the encrypted private key to be archived by a certification authority.
IX509AttributeClientId

Represents an attribute that can be used to identify the client that generated a certificate request.
IX509AttributeCspProvider

Represents an attribute that identifies the cryptographic provider used by the entity requesting the certificate.
IX509AttributeExtensions

Defines methods and properties that initialize and retrieve certificate extensions in a certificate request.
IX509AttributeOSVersion

Represents an attribute that contains version information about the client operating system on which the certificate request was generated.
IX509AttributeRenewalCertificate

Represents an attribute that contains the certificate being renewed. This attribute is automatically placed in the PKCS
IX509Attributes

The IX509Attributes interface defines the following methods and properties that enable you to manage a collection of IX509Attribute objects.
IX509CertificateRequest

The IX509CertificateRequest interface represents an abstract base certificate request that identifies methods and properties common to and inherited by each of the request objects implemented by the Certificate Enrollment API.
IX509CertificateRequestCertificate

The IX509CertificateRequestCertificate interface represents a request object for a self-generated certificate, enabling you to create a certificate directly without going through a registration or certification authority.
IX509CertificateRequestCertificate2

The IX509CertificateRequestCertificate2 interface represents a request object for a self-generated certificate, enabling you to create a certificate directly without going through a registration or certification authority.
IX509CertificateRequestCmc

Represents a CMC (Certificate Management Message over CMS) certificate request.
IX509CertificateRequestCmc2

The IX509CertificateRequestCmc2 interface represents a CMC (Certificate Management Message over CMS) certificate request.
IX509CertificateRequestPkcs10

The IX509CertificateRequestPkcs10 interface represents a PKCS
IX509CertificateRequestPkcs10V2

The IX509CertificateRequestPkcs10V2 interface represents a PKCS
IX509CertificateRequestPkcs10V3

The IX509CertificateRequestPkcs10V3 interface represents a PKCS
IX509CertificateRequestPkcs7

The IX509CertificateRequestPkcs7 interface represents a PKCS
IX509CertificateRequestPkcs7V2

The IX509CertificateRequestPkcs7V2 interface represents a PKCS
IX509CertificateTemplate

The IX509CertificateTemplate interface represents a certificate request template. It can be used to initialize an IX509CertificateTemplateWritable interface.
IX509CertificateTemplates

The IX509CertificateTemplates interface defines the following methods and properties that manage a collection of IX509CertificateTemplate objects.
IX509CertificateTemplateWritable

The IX509CertificateTemplateWritable interface enables you to add a template to or delete it from a template store. Currently, Active Directory is the only available store.
IX509EndorsementKey

X.509 Endorsement Key Interface
IX509Enrollment

Represents the top level object and enables you to enroll in a certificate hierarchy and install a certificate response.
IX509Enrollment2

The IX509Enrollment2 interface enables you to enroll in a certificate hierarchy and install a certificate response.
IX509EnrollmentHelper

The IX509EnrollmentHelper interface defines methods that enable a web application to enroll a certificate, store policy server credentials in the credential cache, and register policy servers and enrollment servers.
IX509EnrollmentPolicyServer

The IX509EnrollmentPolicyServer interface represents a certificate enrollment policy (CEP) server.
IX509EnrollmentStatus

The IX509EnrollmentStatus interface can be used to specify or retrieve detailed error information about a certificate enrollment transaction.
IX509EnrollmentWebClassFactory

Can be used to create any of the following objects on a webpage.
IX509Extension

Can be used to define an extension for a certificate request.
IX509ExtensionAlternativeNames

Enables you to specify one or more alternative name forms for the subject of a certificate. A certification authority processes the extension by binding the names to the certified public key.
IX509ExtensionAuthorityKeyIdentifier

Enables you to specify an AuthorityKeyIdentifier extension.
IX509ExtensionBasicConstraints

Enables you to specify whether the certificate subject is a certification authority and, if so, the depth of the subordinate certification authority chain that can exist beneath the certification authority for which this extension ID is defined.
IX509ExtensionCertificatePolicies

Enables you to specify a collection of policy information terms, each of which consists of an object identifier (OID) and optional policy qualifiers. A single policy term is defined by an ICertificatePolicy object.
IX509ExtensionEnhancedKeyUsage

Can be used to define a collection of object identifiers (OIDs) that identify the intended uses of the public key contained in the certificate.
IX509ExtensionKeyUsage

Can be used to define restrictions on the operations that can be performed by the public key contained in the certificate.
IX509ExtensionMSApplicationPolicies

Enables you to specify a collection of object identifiers (OIDs) that indicate how a certificate can be used by an application.
IX509Extensions

The IX509Extensions interface defines the following methods and properties to manage a collection of IX509Extension objects.
IX509ExtensionSmimeCapabilities

Can be used to report the decryption capabilities of an email recipient to an email sender so that the sender can choose the most secure algorithm supported by both parties.
IX509ExtensionSubjectKeyIdentifier

Enables you to specify a SubjectKeyIdentifier extension.
IX509ExtensionTemplate

Defines methods and properties that can be used to initialize or retrieve a CertificateTemplate extension.
IX509ExtensionTemplateName

Defines methods and properties that can be used to initialize or retrieve a template name extension.
IX509MachineEnrollmentFactory

Can be used to create an IX509EnrollmentHelper object on a webpage.
IX509NameValuePair

Represents a generic name-value pair.
IX509NameValuePairs

The IX509NameValuePairs interface defines the following methods and properties to manage a collection of IX509NameValuePair objects.
IX509PolicyServerListManager

The IX509PolicyServerListManager interface defines the following methods and properties that enable you to manage a collection of IX509PolicyServerUrl objects.
IX509PolicyServerUrl

The IX509PolicyServerUrl interface can be used to set or retrieve property values associated with the certificate enrollment policy (CEP) server and to update associated registry values.
IX509PrivateKey

Represents an asymmetric private key that can be used for encryption, signing, and key agreement.
IX509PublicKey

Represents a public key in a public/private key pair.
IX509SCEPEnrollment

X.509 Simple Computer Enrollment Protocol Interface
IX509SignatureInformation

Represents information used to sign a certificate request.

Structures

 
ACCESS_ALLOWED_ACE

Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a security identifier (SID).
ACCESS_ALLOWED_CALLBACK_ACE

The ACCESS_ALLOWED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object.
ACCESS_ALLOWED_CALLBACK_OBJECT_ACE

Defines an access control entry (ACE) that controls allowed access to an object, property set, or property.
ACCESS_ALLOWED_OBJECT_ACE

Defines an access control entry (ACE) that controls allowed access to an object, a property set, or property.
ACCESS_DENIED_ACE

Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a security identifier (SID).
ACCESS_DENIED_CALLBACK_ACE

The ACCESS_DENIED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object.
ACCESS_DENIED_CALLBACK_OBJECT_ACE

The ACCESS_DENIED_CALLBACK_OBJECT_ACE structure defines an access control entry that controls denied access to an object, a property set, or property.
ACCESS_DENIED_OBJECT_ACE

Defines an access control entry (ACE) that controls denied access to an object, a property set, or property.
ACE_HEADER

Defines the type and size of an access control entry (ACE).
ACL

Header of an access control list (ACL).
ACL_REVISION_INFORMATION

Contains revision information about an ACL structure.
ACL_SIZE_INFORMATION

Contains information about the size of an ACL structure.
AUDIT_POLICY_INFORMATION

Specifies a security event type and when to audit that type.
AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA

Holds policy information used in the verification of certificate chains for files.
AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_STATUS

The AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_STATUS structure holds additional Authenticode policy information for chain verification of files.
AUTHENTICODE_TS_EXTRA_CERT_CHAIN_POLICY_PARA

The AUTHENTICODE_TS_EXTRA_CERT_CHAIN_POLICY_PARA structure contains time stamp policy information that can be used in certificate chain verification of files.
AUTHZ_ACCESS_REPLY

Defines an access check reply.
AUTHZ_ACCESS_REQUEST

Defines an access check request.
AUTHZ_INIT_INFO

Defines the initialization information for the resource manager.
AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET

Specifies the offset of a registration object type name.
AUTHZ_RPC_INIT_INFO_CLIENT

Initializes a remote resource manager for a client.
AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE

Specifies a fully qualified binary name value associated with a security attribute.
AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE

Specifies an octet string value for a security attribute.
AUTHZ_SECURITY_ATTRIBUTE_V1

Defines a security attribute that can be associated with an authorization context.
AUTHZ_SECURITY_ATTRIBUTES_INFORMATION

Specifies one or more security attributes and values.
AUTHZ_SOURCE_SCHEMA_REGISTRATION

Specifies information about source schema registration.
BCRYPT_ALGORITHM_IDENTIFIER

Is used with the BCryptEnumAlgorithms function to contain a cryptographic algorithm identifier.
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO

Used with the BCryptEncrypt and BCryptDecrypt functions to contain additional information related to authenticated cipher modes.
BCRYPT_DH_KEY_BLOB

Used as a header for a Diffie-Hellman public key or private key BLOB in memory.
BCRYPT_DH_PARAMETER_HEADER

Used to contain parameter header information for a Diffie-Hellman key.
BCRYPT_DSA_KEY_BLOB

Used as a header for a Digital Signature Algorithm (DSA) public key or private key BLOB in memory. (BCRYPT_DSA_KEY_BLOB)
BCRYPT_DSA_KEY_BLOB_V2

Used as a header for a Digital Signature Algorithm (DSA) public key or private key BLOB in memory. (BCRYPT_DSA_KEY_BLOB_V2)
BCRYPT_DSA_PARAMETER_HEADER

Used to contain parameter header information for a Digital Signature Algorithm (DSA) key.
BCRYPT_DSA_PARAMETER_HEADER_V2

Contains parameter header information for a Digital Signature Algorithm (DSA) key.
BCRYPT_ECCKEY_BLOB

Used as a header for an elliptic curve public key or private key BLOB in memory.
BCRYPT_INTERFACE_VERSION

Contains version information for a programmatic interface for a CNG provider.
BCRYPT_KEY_BLOB

Is the base structure for all CNG key BLOBs.
BCRYPT_KEY_DATA_BLOB_HEADER

Used to contain information about a key data BLOB.
BCRYPT_KEY_LENGTHS_STRUCT

Defines the range of key sizes that are supported by the provider.
BCRYPT_MULTI_HASH_OPERATION

A BCRYPT_MULTI_HASH_OPERATION structure defines a single operation in a multi-hash operation.
BCRYPT_MULTI_OBJECT_LENGTH_STRUCT

The BCRYPT_MULTI_OBJECT_LENGTH_STRUCT structure contains information to determine the size of the pbHashObject buffer for the BCryptCreateMultiHash function.
BCRYPT_OAEP_PADDING_INFO

Used to provide options for the Optimal Asymmetric Encryption Padding (OAEP) scheme.
BCRYPT_OID

Contains information about a DER-encoded object identifier (OID).
BCRYPT_OID_LIST

Used to contain a collection of BCRYPT_OID structures. Use this structure with the BCRYPT_HASH_OID_LIST property to retrieve the list of hashing object identifiers (OIDs) that have been encoded by using Distinguished Encoding Rules (DER) encoding.
BCRYPT_PKCS1_PADDING_INFO

Used to provide options for the PKCS
BCRYPT_PROVIDER_NAME

Contains the name of a CNG provider.
BCRYPT_PSS_PADDING_INFO

Used to provide options for the Probabilistic Signature Scheme (PSS) padding scheme.
BCRYPT_RSAKEY_BLOB

Used as a header for an RSA public key or private key BLOB in memory.
BCryptBuffer

Describes how the BCryptBuffer structure represents a generic Cryptography API: Next Generation (CNG) buffer.
BCryptBufferDesc

Describes how the BCryptBufferDesc structure contains a set of generic Cryptography API: Next Generation (CNG) buffers.
BLOBHEADER

Indicates a key's BLOB type and the algorithm that the key uses.
CATALOG_INFO

The CATALOG_INFO structure contains the name of a catalog file. This structure is used by the CryptCATCatalogInfoFromContext function.
CENTRAL_ACCESS_POLICY

Represents a central access policy that contains a set of central access policy entries.
CENTRAL_ACCESS_POLICY_ENTRY

Represents a central access policy entry containing a list of security descriptors and staged security descriptors.
CERT_ACCESS_DESCRIPTION

The CERT_ACCESS_DESCRIPTION structure is a member of a CERT_AUTHORITY_INFO_ACCESS structure.
CERT_ALT_NAME_ENTRY

Contains an alternative name in one of a variety of name forms.
CERT_ALT_NAME_INFO

The CERT_ALT_NAME_INFO structure is used in encoding and decoding extensions for subject or issuer certificates, Certificate Revocation Lists (CRLs), and Certificate Trust Lists (CTLs).
CERT_AUTHORITY_INFO_ACCESS

Represents authority information access and subject information access certificate extensions and specifies how to access additional information and services for the subject or the issuer of a certificate.
CERT_AUTHORITY_KEY_ID_INFO

Identifies the key used to sign a certificate or certificate revocation list (CRL).
CERT_AUTHORITY_KEY_ID2_INFO

The CERT_AUTHORITY_KEY_ID2_INFO structure identifies the key used to sign a certificate or CRL.
CERT_BASIC_CONSTRAINTS_INFO

The CERT_BASIC_CONSTRAINTS_INFO structure contains information that indicates whether the certified subject can act as a certification authority (CA), an end entity, or both.
CERT_BASIC_CONSTRAINTS2_INFO

The CERT_BASIC_CONSTRAINTS2_INFO structure contains information indicating whether the certified subject can act as a CA or an end entity. If the subject can act as a CA, a certification path length constraint can also be specified.
CERT_BIOMETRIC_DATA

Contains information about biometric data.
CERT_BIOMETRIC_EXT_INFO

Contains a set of biometric information.
CERT_CHAIN_CONTEXT

Contains an array of simple certificate chains and a trust status structure that indicates summary validity data on all of the connected simple chains.
CERT_CHAIN_ELEMENT

The CERT_CHAIN_ELEMENT structure is a single element in a simple certificate chain.
CERT_CHAIN_ENGINE_CONFIG

Sets parameters for building a non-default certificate chain engine. The engine used determines the ways that certificate chains are built.
CERT_CHAIN_FIND_ISSUER_PARA

Contains information used in the CertFindChainInStore function to build certificate chains.
CERT_CHAIN_PARA

The CERT_CHAIN_PARA structure establishes the searching and matching criteria to be used in building a certificate chain.
CERT_CHAIN_POLICY_PARA

Contains information used in CertVerifyCertificateChainPolicy to establish policy criteria for the verification of certificate chains.
CERT_CHAIN_POLICY_STATUS

Holds certificate chain status information returned by the CertVerifyCertificateChainPolicy function when the certificate chains are validated.
CERT_CONTEXT

Contains both the encoded and decoded representations of a certificate.
CERT_CREATE_CONTEXT_PARA

Defines additional values that can be used when calling the CertCreateContext function.
CERT_CREDENTIAL_INFO

The CERT_CREDENTIAL_INFO structure contains a reference to a certificate.
CERT_CRL_CONTEXT_PAIR

The CERT_CRL_CONTEXT_PAIR structure contains a certificate context and an associated CRL context.
CERT_DH_PARAMETERS

Contains parameters associated with a Diffie/Hellman public key algorithm.
CERT_DSS_PARAMETERS

Contains parameters associated with a Digital Signature Standard (DSS) public key algorithm.
CERT_ECC_SIGNATURE

Contains the r and s values for an Elliptic Curve Digital Signature Algorithm (ECDSA) signature.
CERT_EXTENSION

The CERT_EXTENSION structure contains the extension information for a certificate, Certificate Revocation List (CRL) or Certificate Trust List (CTL).
CERT_EXTENSIONS

The CERT_EXTENSIONS structure contains an array of extensions.
CERT_GENERAL_SUBTREE

The CERT_GENERAL_SUBTREE structure is used in CERT_NAME_CONSTRAINTS_INFO structure. This structure provides the identity of a certificate that can be included or excluded.
CERT_HASHED_URL

Contains a hashed URL.
CERT_ID

Is used as a flexible means of uniquely identifying a certificate.
CERT_INFO

Contains the information of a certificate.
CERT_ISSUER_SERIAL_NUMBER

Acts as a unique identifier of a certificate containing the issuer and issuer's serial number for a certificate.
CERT_KEY_ATTRIBUTES_INFO

The CERT_KEY_ATTRIBUTES_INFO structure contains optional additional information about the public key being certified.
CERT_KEY_CONTEXT

Contains data associated with a CERT_KEY_CONTEXT_PROP_ID property.
CERT_KEY_USAGE_RESTRICTION_INFO

The CERT_KEY_USAGE_RESTRICTION_INFO structure contains restrictions imposed on the usage of a certificate's public key. This includes purposes for use of the key and policies under which the key can be used.
CERT_KEYGEN_REQUEST_INFO

Contains information stored in the Netscape key generation request. The subject and subject public key BLOBs are encoded.
CERT_LDAP_STORE_OPENED_PARA

Used with the CertOpenStore function when the CERT_STORE_PROV_LDAP provider is specified by using the CERT_LDAP_STORE_OPENED_FLAG flag to specify both the existing LDAP session to use to perform the query as well as the LDAP query string.
CERT_LOGOTYPE_AUDIO

Contains information about an audio logotype.
CERT_LOGOTYPE_AUDIO_INFO

Contains more detailed information about an audio logotype.
CERT_LOGOTYPE_DATA

Contains logotype data.
CERT_LOGOTYPE_DETAILS

Contains additional information about a logotype.
CERT_LOGOTYPE_EXT_INFO

Contains a set of logotype information.
CERT_LOGOTYPE_IMAGE

Contains information about an image logotype.
CERT_LOGOTYPE_IMAGE_INFO

Contains more detailed information about an image logotype.
CERT_LOGOTYPE_INFO

Contains information about logotype data.
CERT_LOGOTYPE_REFERENCE

Contains logotype reference information.
CERT_NAME_CONSTRAINTS_INFO

The CERT_NAME_CONSTRAINTS_INFO structure contains information about certificates that are specifically permitted or excluded from trust.
CERT_NAME_INFO

Contains subject or issuer names.
CERT_NAME_VALUE

Contains a relative distinguished name (RDN) attribute value.
CERT_OR_CRL_BLOB

Encapsulates certificates for use with Internet Key Exchange messages.
CERT_OR_CRL_BUNDLE

Encapsulates an array of certificates for use with Internet Key Exchange messages.
CERT_OTHER_LOGOTYPE_INFO

Contains information about logo types that are not predefined.
CERT_PAIR

The CERT_PAIR structure contains a certificate and its pair cross certificate.
CERT_PHYSICAL_STORE_INFO

Contains information on physical certificate stores.
CERT_POLICIES_INFO

The CERT_POLICIES_INFO structure contains an array of CERT_POLICY_INFO.
CERT_POLICY_CONSTRAINTS_INFO

The CERT_POLICY_CONSTRAINTS_INFO structure contains established policies for accepting certificates as trusted.
CERT_POLICY_ID

The CERT_POLICY_ID structure contains a list of certificate policies that the certificate expressly supports, together with optional qualifier information pertaining to these policies.
CERT_POLICY_INFO

The CERT_POLICY_INFO structure contains an object identifier (OID) specifying a policy and an optional array of policy qualifiers.
CERT_POLICY_MAPPING

Contains a mapping between issuer domain and subject domain policy OIDs.
CERT_POLICY_MAPPINGS_INFO

The CERT_POLICY_MAPPINGS_INFO structure provides mapping between the policy OIDs of two domains.
CERT_POLICY_QUALIFIER_INFO

The CERT_POLICY_QUALIFIER_INFO structure contains an object identifier (OID) specifying the qualifier and qualifier-specific supplemental information.
CERT_PRIVATE_KEY_VALIDITY

The CERT_PRIVATE_KEY_VALIDITY structure indicates a valid time span for the private key corresponding to a certificate's public key.
CERT_PUBLIC_KEY_INFO

Contains a public key and its algorithm.
CERT_QC_STATEMENT

Represents a single statement in a sequence of one or more statements for inclusion in a Qualified Certificate (QC) statements extension.
CERT_QC_STATEMENTS_EXT_INFO

Contains a sequence of one or more statements that make up the Qualified Certificate (QC) statements extension for a QC.
CERT_RDN

The CERT_RDN structure contains a relative distinguished name (RDN) consisting of an array of CERT_RDN_ATTR structures.
CERT_RDN_ATTR

Contains a single attribute of a relative distinguished name (RDN). A whole RDN is expressed in a CERT_RDN structure that contains an array of CERT_RDN_ATTR structures.
CERT_REQUEST_INFO

The CERT_REQUEST_INFO structure contains information for a certificate request. The subject, subject public key, and attribute BLOBs are encoded.
CERT_REVOCATION_CHAIN_PARA

Contains parameters used for building a chain for an independent online certificate status protocol (OCSP) response signer certificate.
CERT_REVOCATION_CRL_INFO

Contains information updated by a certificate revocation list (CRL) revocation type handler.
CERT_REVOCATION_INFO

Indicates the revocation status of a certificate in a CERT_CHAIN_ELEMENT.
CERT_REVOCATION_PARA

Is passed in calls to the CertVerifyRevocation function to assist in finding the issuer of the context to be verified.
CERT_REVOCATION_STATUS

Contains information on the revocation status of the certificate.
CERT_SELECT_CHAIN_PARA

Contains the parameters used for building and selecting chains.
CERT_SELECT_CRITERIA

Specifies selection criteria that is passed to the CertSelectCertificateChains function.
CERT_SELECT_STRUCT_A

Contains criteria upon which to select certificates that are presented in a certificate selection dialog box. This structure is used in the CertSelectCertificate function. (ANSI)
CERT_SELECT_STRUCT_W

Contains criteria upon which to select certificates that are presented in a certificate selection dialog box. This structure is used in the CertSelectCertificate function. (Unicode)
CERT_SELECTUI_INPUT

Used by the CertSelectionGetSerializedBlob function to serialize the certificates contained in a store or an array of certificate chains. The returned serialized BLOB can be passed to the CredUIPromptForWindowsCredentials function.
CERT_SERVER_OCSP_RESPONSE_CONTEXT

Contains an encoded OCSP response.
CERT_SIGNED_CONTENT_INFO

The CERT_SIGNED_CONTENT_INFO structure contains encoded content to be signed and a BLOB to hold the signature. The ToBeSigned member is an encoded CERT_INFO, CRL_INFO, CTL_INFO or CERT_REQUEST_INFO.
CERT_SIMPLE_CHAIN

The CERT_SIMPLE_CHAIN structure contains an array of chain elements and a summary trust status for the chain that the array represents.
CERT_STORE_PROV_FIND_INFO

Used by many of the store provider callback functions.
CERT_STORE_PROV_INFO

Contains information returned by the installed CertDllOpenStoreProv function when a store is opened by using the CertOpenStore function.
CERT_STRONG_SIGN_PARA

Contains parameters used to check for strong signatures on certificates, certificate revocation lists (CRLs), online certificate status protocol (OCSP) responses, and PKCS
CERT_STRONG_SIGN_SERIALIZED_INFO

Contains the signature algorithm/hash algorithm and public key algorithm/bit length pairs that can be used for strong signing.
CERT_SYSTEM_STORE_INFO

The CERT_SYSTEM_STORE_INFO structure contains information used by functions that work with system stores. Currently, no essential information is contained in this structure.
CERT_SYSTEM_STORE_RELOCATE_PARA

The CERT_SYSTEM_STORE_RELOCATE_PARA structure contains data to be passed to CertOpenStore when that function's dwFlags parameter is set to CERT_SYSTEM_STORE_RELOCATE_FLAG.
CERT_TEMPLATE_EXT

A certificate template.
CERT_TRUST_LIST_INFO

The CERT_TRUST_LIST_INFO structure that indicates valid usage of a CTL.
CERT_TRUST_STATUS

Contains trust information about a certificate in a certificate chain, summary trust information about a simple chain of certificates, or summary information about an array of simple chains.
CERT_USAGE_MATCH

Provides criteria for identifying issuer certificates to be used to build a certificate chain.
CERT_VIEWPROPERTIES_STRUCT_A

The CERT_VIEWPROPERTIES_STRUCT structure defines information used when the CertViewProperties function is called to display a certificate's properties. (ANSI)
CERT_VIEWPROPERTIES_STRUCT_W

The CERT_VIEWPROPERTIES_STRUCT structure defines information used when the CertViewProperties function is called to display a certificate's properties. (Unicode)
CERT_X942_DH_PARAMETERS

Contains parameters associated with a Diffie-Hellman public key algorithm.
CERT_X942_DH_VALIDATION_PARAMS

Optionally pointed to by a member of the CERT_X942_DH_PARAMETERS structure and contains additional seed information.
CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE

Specifies the fully qualified binary name.
CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE

Specifies the OCTET_STRING value type of the claim security attribute.
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1

Defines a resource attribute that is defined in continuous memory for persistence within a serialized security descriptor.
CLAIM_SECURITY_ATTRIBUTE_V1

Defines a security attribute that can be associated with a token or authorization context.
CLAIM_SECURITY_ATTRIBUTES_INFORMATION

Defines the security attributes for the claim.
CMC_ADD_ATTRIBUTES_INFO

Contains certificate attributes to be added to a certificate.
CMC_ADD_EXTENSIONS_INFO

Contains certificate extension control attributes to be added to a certificate.
CMC_DATA_INFO

Provides a means of communicating different pieces of tagged information. (CMC_DATA_INFO)
CMC_PEND_INFO

A possible member of a CMC_STATUS_INFO structure.
CMC_RESPONSE_INFO

Provides a means of communicating different pieces of tagged information. (CMC_RESPONSE_INFO)
CMC_STATUS_INFO

Contains status information about Certificate Management Messages over CMS.
CMC_TAGGED_ATTRIBUTE

Used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures. (CMC_TAGGED_ATTRIBUTE)
CMC_TAGGED_CERT_REQUEST

Used in the CMC_TAGGED_REQUEST structure.
CMC_TAGGED_CONTENT_INFO

Used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures. (CMC_TAGGED_CONTENT_INFO)
CMC_TAGGED_OTHER_MSG

Used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures. (CMC_TAGGED_OTHER_MSG)
CMC_TAGGED_REQUEST

Used in the CMC_DATA_INFO structures to request a certificate.
CMS_DH_KEY_INFO

Used with the KP_CMS_DH_KEY_INFO parameter in the CryptSetKeyParam function to contain Diffie-Hellman key information.
CMS_KEY_INFO

Not used.
CMSG_CMS_RECIPIENT_INFO

Used with the CryptMsgGetParam function to get information on a key transport, key agreement, or mail list envelope message recipient.
CMSG_CMS_SIGNER_INFO

Contains the content of the defined SignerInfo in signed or signed and enveloped messages.
CMSG_CNG_CONTENT_DECRYPT_INFO

Contains all the relevant information passed between CryptMsgControl and object identifier (OID) installable functions for the import and decryption of a Cryptography API:_Next Generation (CNG) content encryption key (CEK).
CMSG_CONTENT_ENCRYPT_INFO

Contains information shared between the PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY, PFN_CMSG_EXPORT_KEY_TRANS, PFN_CMSG_EXPORT_KEY_AGREE, and PFN_CMSG_EXPORT_MAIL_LIST functions.
CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA

Used to add an unauthenticated attribute to a signer of a signed message.
CMSG_CTRL_DECRYPT_PARA

Contains information used to decrypt an enveloped message for a key transport recipient. This structure is passed to CryptMsgControl if the dwCtrlType parameter is CMSG_CTRL_DECRYPT.
CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA

Used to delete an unauthenticated attribute of a signer of a signed message.
CMSG_CTRL_KEY_AGREE_DECRYPT_PARA

Contains information about a key agreement recipient.
CMSG_CTRL_KEY_TRANS_DECRYPT_PARA

Contains information about a key transport message recipient.
CMSG_CTRL_MAIL_LIST_DECRYPT_PARA

Contains information on a mail list message recipient.
CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA

Contains information used to verify a message signature. It contains the signer index and signer public key.
CMSG_ENVELOPED_ENCODE_INFO

Contains information needed to encode an enveloped message. It is passed to CryptMsgOpenToEncode if the dwMsgType parameter is CMSG_ENVELOPED.
CMSG_HASHED_ENCODE_INFO

Used with hashed messages. It is passed to the CryptMsgOpenToEncode function if the CryptMsgOpenToEncode function's dwMsgType parameter is CMSG_ENVELOPED.
CMSG_KEY_AGREE_ENCRYPT_INFO

Contains encryption information applicable to all key agreement recipients of an enveloped message.
CMSG_KEY_AGREE_KEY_ENCRYPT_INFO

Contains the encrypted key for a key agreement recipient of an enveloped message.
CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO

Contains information about a message recipient that is using key agreement key management.
CMSG_KEY_AGREE_RECIPIENT_INFO

Contains information used for key agreement algorithms.
CMSG_KEY_TRANS_ENCRYPT_INFO

Contains encryption information for a key transport recipient of enveloped data.
CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO

Contains encoded key transport information for a message recipient.
CMSG_KEY_TRANS_RECIPIENT_INFO

The CMSG_KEY_TRANS_RECIPIENT_INFO structure contains information used in key transport algorithms.
CMSG_MAIL_LIST_ENCRYPT_INFO

Contains encryption information for a mailing list recipient of enveloped data.
CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO

The CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO structure is used with previously distributed symmetric keys for decrypting the content key encryption key (KEK).
CMSG_MAIL_LIST_RECIPIENT_INFO

Contains information used for previously distributed symmetric key-encryption keys (KEK).
CMSG_RC2_AUX_INFO

Contains the bit length of the key for RC2 encryption algorithms.
CMSG_RC4_AUX_INFO

The CMSG_RC4_AUX_INFO structure contains the bit length of the key for RC4 encryption algorithms. The pvEncryptionAuxInfo member in CMSG_ENVELOPED_ENCODE_INFO can be set to point to an instance of this structure.
CMSG_RECIPIENT_ENCODE_INFO

Contains information a message recipient's content encryption key management type.
CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO

Contains information on a message receiver used to decrypt the session key needed to decrypt the message contents.
CMSG_RECIPIENT_ENCRYPTED_KEY_INFO

The CMSG_RECIPIENT_ENCRYPTED_KEY_INFO structure contains information used for an individual key agreement recipient.
CMSG_SIGNED_ENCODE_INFO

Contains information to be passed to CryptMsgOpenToEncode if dwMsgType is CMSG_SIGNED.
CMSG_SIGNER_ENCODE_INFO

Contains signer information. It is passed to CryptMsgCountersign, CryptMsgCountersignEncoded, and optionally to CryptMsgOpenToEncode as a member of the CMSG_SIGNED_ENCODE_INFO structure, if the dwMsgType parameter is CMSG_SIGNED.
CMSG_SIGNER_INFO

The CMSG_SIGNER_INFO structure contains the content of the PKCS
CMSG_SP3_COMPATIBLE_AUX_INFO

Contains information needed for SP3 compatible encryption.
CMSG_STREAM_INFO

Used to enable stream processing of data rather than single block processing.
CREDENTIAL_ATTRIBUTEA

The CREDENTIAL_ATTRIBUTE structure contains an application-defined attribute of the credential. An attribute is a keyword-value pair. It is up to the application to define the meaning of the attribute. (ANSI)
CREDENTIAL_ATTRIBUTEW

The CREDENTIAL_ATTRIBUTE structure contains an application-defined attribute of the credential. An attribute is a keyword-value pair. It is up to the application to define the meaning of the attribute. (Unicode)
CREDENTIAL_TARGET_INFORMATIONA

The CREDENTIAL_TARGET_INFORMATION structure contains the target computer's name, domain, and tree. (ANSI)
CREDENTIAL_TARGET_INFORMATIONW

The CREDENTIAL_TARGET_INFORMATION structure contains the target computer's name, domain, and tree. (Unicode)
CREDENTIALA

The CREDENTIAL structure contains an individual credential. (ANSI)
CREDENTIALW

The CREDENTIAL structure contains an individual credential. (Unicode)
CREDSSP_CRED

Specifies authentication data for both Schannel and Negotiate security packages.
CREDUI_INFOA

The CREDUI_INFO structure is used to pass information to the CredUIPromptForCredentials function that creates a dialog box used to obtain credentials information. (ANSI)
CREDUI_INFOW

The CREDUI_INFO structure is used to pass information to the CredUIPromptForCredentials function that creates a dialog box used to obtain credentials information. (Unicode)
CREDUIWIN_MARSHALED_CONTEXT

Specifies credential information that has been serialized by using the ICredentialProvider::SetSerialization method.
CRL_CONTEXT

The CRL_CONTEXT structure contains both the encoded and decoded representations of a certificate revocation list (CRL). CRL contexts returned by any CryptoAPI function must be freed by calling the CertFreeCRLContext function.
CRL_DIST_POINT

Identifies a single certificate revocation list (CRL) distribution point that a certificate user can reference to determine whether certificates have been revoked.
CRL_DIST_POINT_NAME

Identifies a location from which the CRL can be obtained.
CRL_DIST_POINTS_INFO

Contains a list of certificate revocation list (CRL) distribution points a certificate user can reference to determine whether the certificate has been revoked.
CRL_ENTRY

Contains information about a single revoked certificate. It is a member of a CRL_INFO structure.
CRL_FIND_ISSUED_FOR_PARA

Contains the certificate contexts of both a subject and a certificate issuer.
CRL_INFO

Contains the information of a certificate revocation list (CRL).
CRL_ISSUING_DIST_POINT

Contains information about the kinds of certificates listed in a certificate revocation list (CRL).
CROSS_CERT_DIST_POINTS_INFO

Provides information used to update dynamic cross certificates.
CRYPT_AES_128_KEY_STATE

Specifies the 128-bit symmetric key information for an Advanced Encryption Standard (AES) cipher.
CRYPT_AES_256_KEY_STATE

Specifies the 256-bit symmetric key information for an Advanced Encryption Standard (AES) cipher.
CRYPT_ALGORITHM_IDENTIFIER

Specifies an algorithm used to encrypt a private key.
CRYPT_ATTRIBUTE

The CRYPT_ATTRIBUTE structure specifies an attribute that has one or more values.
CRYPT_ATTRIBUTE_TYPE_VALUE

Contains a single attribute value. The Value member's CRYPT_OBJID_BLOB is encoded.
CRYPT_ATTRIBUTES

Contains an array of attributes.
CRYPT_BIT_BLOB

Contains a set of bits represented by an array of bytes.
CRYPT_BLOB_ARRAY

Contains an array of CRYPT_DATA_BLOB structures.
CRYPT_CONTENT_INFO

Contains data encoded in the PKCS
CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY

Contains information representing the Netscape certificate sequence of certificates.
CRYPT_CONTEXT_CONFIG

Contains configuration information for a CNG context.
CRYPT_CONTEXT_FUNCTION_CONFIG

Contains configuration information for a cryptographic function of a CNG context.
CRYPT_CONTEXT_FUNCTION_PROVIDERS

Contains a set of cryptographic function providers for a CNG configuration context.
CRYPT_CONTEXT_FUNCTIONS

Contains a set of cryptographic functions for a CNG configuration context.
CRYPT_CONTEXTS

Contains a set of CNG configuration context identifiers.
CRYPT_CREDENTIALS

Contains information about credentials that can be passed as optional input to a remote object retrieval function such as CryptRetrieveObjectByUrl or CryptGetTimeValidObject.
CRYPT_DECODE_PARA

Used by the CryptDecodeObjectEx function to provide access to memory allocation and memory freeing callback functions.
CRYPT_DECRYPT_MESSAGE_PARA

The CRYPT_DECRYPT_MESSAGE_PARA structure contains information for decrypting messages.
CRYPT_DEFAULT_CONTEXT_MULTI_OID_PARA

Used with the CryptInstallDefaultContext function to contain an array of object identifier strings.
CRYPT_ECC_CMS_SHARED_INFO

Represents key-encryption key information when using Elliptic Curve Cryptography (ECC) in the Cryptographic Message Syntax (CMS) EnvelopedData content type.
CRYPT_ENCODE_PARA

Used by the CryptEncodeObjectEx function to provide access to memory allocation and memory freeing callback functions.
CRYPT_ENCRYPT_MESSAGE_PARA

Contains information used to encrypt messages.
CRYPT_ENCRYPTED_PRIVATE_KEY_INFO

Contains the information in a PKCS
CRYPT_ENROLLMENT_NAME_VALUE_PAIR

Used to create certificate requests on behalf of a user.
CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO

Contains optional extra information that can be passed to the CryptGetTimeValidObject function in the pExtraInfo parameter.
CRYPT_HASH_MESSAGE_PARA

Contains data for hashing messages.
CRYPT_IMAGE_REF

Contains information about a CNG provider module.
CRYPT_IMAGE_REG

Contains image registration information about a CNG provider.
CRYPT_INTEGER_BLOB

The CryptoAPI CRYPT_INTEGER_BLOB structure (wincrypt.h) is used for an arbitrary array of bytes and gives flexibility to objects that can contain data types.
CRYPT_INTEGER_BLOB

The CryptoAPI CRYPT_INTEGER_BLOB (dpapi.h) structure is used for an arbitrary array of bytes. It is declared in Wincrypt.h and provides flexibility for objects that can contain various data types. (CRYPT_INTEGER_BLOB)
CRYPT_INTERFACE_REG

Used to contain information about the type of interface supported by a CNG provider.
CRYPT_KEY_PROV_INFO

The CRYPT_KEY_PROV_INFO structure contains information about a key container within a cryptographic service provider (CSP).
CRYPT_KEY_PROV_PARAM

Contains information about a key container parameter.
CRYPT_KEY_SIGN_MESSAGE_PARA

Contains information about the cryptographic service provider (CSP) and algorithms used to sign a message.
CRYPT_KEY_VERIFY_MESSAGE_PARA

Contains information needed to verify signed messages without a certificate for the signer.
CRYPT_MASK_GEN_ALGORITHM

Identifies the algorithm used to generate an RSA PKCS
CRYPT_OBJECT_LOCATOR_PROVIDER_TABLE

Contains pointers to functions implemented by an object location provider.
CRYPT_OID_FUNC_ENTRY

Contains an object identifier (OID) and a pointer to its related function.
CRYPT_OID_INFO

Contains information about an object identifier (OID).
CRYPT_PASSWORD_CREDENTIALSA

Contains the user name and password credentials to be used in the CRYPT_CREDENTIALS structure as optional input to a remote object retrieval function such as CryptRetrieveObjectByUrl or CryptGetTimeValidObject. (ANSI)
CRYPT_PASSWORD_CREDENTIALSW

Contains the user name and password credentials to be used in the CRYPT_CREDENTIALS structure as optional input to a remote object retrieval function such as CryptRetrieveObjectByUrl or CryptGetTimeValidObject. (Unicode)
CRYPT_PKCS12_PBE_PARAMS

Contains parameters used to create an encryption key, initialization vector (IV), or Message Authentication Code (MAC) key for a PKCS
CRYPT_PKCS8_EXPORT_PARAMS

Identifies the private key and a callback function to encrypt the private key. CRYPT_PKCS8_EXPORT_PARAMS is used as a parameter to the CryptExportPKCS8Ex function, which exports a private key in PKCS
CRYPT_PKCS8_IMPORT_PARAMS

Contains a PKCS
CRYPT_PRIVATE_KEY_INFO

Contains a clear-text private key in the PrivateKey field (DER encoded). CRYPT_PRIVATE_KEY_INFO contains the information in a PKCS
CRYPT_PROPERTY_REF

Contains information about a CNG context property.
CRYPT_PROVIDER_CERT

Provides information about a provider certificate.
CRYPT_PROVIDER_DATA

Used to pass data between WinVerifyTrust and trust providers.
CRYPT_PROVIDER_DEFUSAGE

Used by the WintrustGetDefaultForUsage function to retrieve callback information for a provider's default usage.
CRYPT_PROVIDER_FUNCTIONS

Defines the functions used by a cryptographic service provider (CSP) for WinTrust operations.
CRYPT_PROVIDER_PRIVDATA

Contains private data to be used by a provider.
CRYPT_PROVIDER_REF

Contains information about a cryptographic interface that a provider supports.
CRYPT_PROVIDER_REFS

Contains a collection of provider references.
CRYPT_PROVIDER_REG

Used to contain registration information for a CNG provider.
CRYPT_PROVIDER_REGDEFUSAGE

Used by the WintrustAddDefaultForUsage function to register callback information about a provider's default usage.
CRYPT_PROVIDER_SGNR

Provides information about a signer or countersigner.
CRYPT_PROVIDER_SIGSTATE

Is used to communicate between policy providers and Wintrust.
CRYPT_PROVIDERS

Contains information about the registered CNG providers.
CRYPT_PROVUI_DATA

Provides user interface (UI) data for a provider. This structure is used by the CRYPT_PROVUI_FUNCS structure.
CRYPT_PROVUI_FUNCS

Provides information about the user interface (UI) functions of a provider. This structure is used by the CRYPT_PROVIDER_FUNCTIONS structure.
CRYPT_PSOURCE_ALGORITHM

Identifies the algorithm and (optionally) the value of the label for an RSAES-OAEP key encryption.
CRYPT_RC2_CBC_PARAMETERS

Contains information used with szOID_RSA_RC2CBC encryption.
CRYPT_REGISTER_ACTIONID

Provides information about the functions of a provider.
CRYPT_RETRIEVE_AUX_INFO

Contains optional information to pass to the CryptRetrieveObjectByUrl function.
CRYPT_RSA_SSA_PSS_PARAMETERS

Contains the parameters for an RSA PKCS
CRYPT_RSAES_OAEP_PARAMETERS

Contains the parameters for an RSAES-OAEP key encryption.
CRYPT_SEQUENCE_OF_ANY

Contains an arbitrary list of encoded BLOBs.
CRYPT_SIGN_MESSAGE_PARA

The CRYPT_SIGN_MESSAGE_PARA structure contains information for signing messages using a specified signing certificate context.
CRYPT_SMART_CARD_ROOT_INFO

Contains the smart card and session IDs associated with a certificate context.
CRYPT_SMIME_CAPABILITIES

Contains a prioritized array of supported capabilities.
CRYPT_SMIME_CAPABILITY

The CRYPT_SMIME_CAPABILITY structure specifies a single capability and its associated parameters. Single capabilities are grouped together into a list of CRYPT_SMIME_CAPABILITIES which can specify a prioritized list of capability preferences.
CRYPT_TIME_STAMP_REQUEST_INFO

Used for time stamping.
CRYPT_TIMESTAMP_ACCURACY

Is used by the CRYPT_TIMESTAMP_INFO structure to represent the accuracy of the time deviation around the UTC time at which the time stamp token was created by the Time Stamp Authority (TSA).
CRYPT_TIMESTAMP_CONTEXT

Contains both the encoded and decoded representations of a time stamp token.
CRYPT_TIMESTAMP_INFO

Contains a signed data content type in Cryptographic Message Syntax (CMS) format.
CRYPT_TIMESTAMP_PARA

Defines additional parameters for the time stamp request.
CRYPT_TIMESTAMP_REQUEST

Defines a time stamp request structure that corresponds to the Abstract Syntax Notation One (ASN.1) definition of a TimeStampReq type.
CRYPT_TIMESTAMP_RESPONSE

Is used internally to encapsulate an Abstract Syntax Notation One (ASN.1) Distinguished Encoding Rules (DER) encoded response.
CRYPT_TRUST_REG_ENTRY

Identifies a provider function by DLL name and function name.
CRYPT_URL_INFO

Contains information about groupings of URLs.
CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO

Contains the length, in bits, of the public key and the names of the signing and hashing algorithms used for strong signing.
CRYPT_VERIFY_MESSAGE_PARA

The CRYPT_VERIFY_MESSAGE_PARA structure contains information needed to verify signed messages.
CRYPT_X942_OTHER_INFO

The CRYPT_X942_OTHER_INFO structure contains additional key generation information.
CRYPT_XML_ALGORITHM

Specifies the algorithm used to sign or transform the message.
CRYPT_XML_ALGORITHM_INFO

Contains algorithm information.
CRYPT_XML_BLOB

Contains an arbitrary array of bytes.
CRYPT_XML_CRYPTOGRAPHIC_INTERFACE

Exposes the implemented CryptXML functions.
CRYPT_XML_DATA_BLOB

Contains XML encoded data.
CRYPT_XML_DATA_PROVIDER

Specifies the interface to the XML data provider.
CRYPT_XML_DOC_CTXT

Defines document context information.
CRYPT_XML_ISSUER_SERIAL

Contains an X.509 issued distinguished name�serial number pair.
CRYPT_XML_KEY_DSA_KEY_VALUE

Defines a Digital Signature Algorithm (DSA) key value. The CRYPT_XML_KEY_DSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure.
CRYPT_XML_KEY_ECDSA_KEY_VALUE

Defines an Elliptic Curve Digital Signature Algorithm (ECDSA) key value. The CRYPT_XML_KEY_ECDSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure.
CRYPT_XML_KEY_INFO

Encapsulates key information data.
CRYPT_XML_KEY_INFO_ITEM

Encapsulates key information data that corresponds to a KeyInfo element. The KeyInfo element enables the recipient to obtain the key needed to validate the signature.
CRYPT_XML_KEY_RSA_KEY_VALUE

Defines an RSA key value. The CRYPT_XML_KEY_RSA_KEY_VALUE structure is used as element of the key value union in the CRYPT_XML_KEY_VALUE structure.
CRYPT_XML_KEY_VALUE

Contains a single public key that may be useful in validating the signature.
CRYPT_XML_KEYINFO_PARAM

Is used by the CryptXmlSign function to specify the members of the KeyInfo element to be encoded.
CRYPT_XML_OBJECT

Describes an Object element in the signature.
CRYPT_XML_PROPERTY

Contains information about a CryptXML property.
CRYPT_XML_REFERENCE

Contains information used to populate the Reference element.
CRYPT_XML_REFERENCES

Defines an array of CRYPT_XML_REFERENCE structures.
CRYPT_XML_SIGNATURE

Contains information used to populate the Signature element.
CRYPT_XML_SIGNED_INFO

Describes an XML encoded SignedInfo element.
CRYPT_XML_STATUS

Returns information about the signature validation status, summary status information about a SignedInfo element, or summary status information about an array of Reference elements.
CRYPT_XML_TRANSFORM_CHAIN_CONFIG

Contains application defined transforms that are allowed for use in the XML digital signature.
CRYPT_XML_TRANSFORM_INFO

Contains information that is used when applying the data transform.
CRYPT_XML_X509DATA

Represents the sequence of choices in the X509Data element.
CRYPT_XML_X509DATA_ITEM

Represents X.509 data that is to be encoded in an X509Data named element.
CRYPTCATATTRIBUTE

The CRYPTCATATTRIBUTE structure defines a catalog attribute. This structure is used by the CryptCATEnumerateAttr and CryptCATEnumerateCatAttr functions.
CRYPTCATCDF

Contains information used to create a signed catalog file (.cat) from a catalog definition file (CDF).
CRYPTCATMEMBER

The CRYPTCATMEMBER structure provides information about a catalog member. This structure is used by the CryptCATGetMemberInfo and CryptCATEnumerateAttr functions.
CRYPTCATSTORE

Represents a catalog file.
CRYPTNET_URL_CACHE_FLUSH_INFO

Contains expiry information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry.
CRYPTNET_URL_CACHE_PRE_FETCH_INFO

Contains update information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry.
CRYPTNET_URL_CACHE_RESPONSE_INFO

Contains response information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry.
CRYPTO_SETTINGS

Indicates disabled cryptographic settings.
CRYPTPROTECT_PROMPTSTRUCT

Provides the text of a prompt and information about when and where that prompt is to be displayed when using the CryptProtectData and CryptUnprotectData functions.
CRYPTUI_CERT_MGR_STRUCT

Contains information about a certificate manager dialog box.
CRYPTUI_INITDIALOG_STRUCT

Supports the CRYPTUI_VIEWCERTIFICATE_STRUCT structure.
CRYPTUI_VIEWCERTIFICATE_STRUCTA

Contains information about a certificate to view. This structure is used in the CryptUIDlgViewCertificate function. (ANSI)
CRYPTUI_VIEWCERTIFICATE_STRUCTW

Contains information about a certificate to view. This structure is used in the CryptUIDlgViewCertificate function. (Unicode)
CRYPTUI_WIZ_DIGITAL_SIGN_BLOB_INFO

Contains information about the public key BLOB used by the CryptUIWizDigitalSign function.
CRYPTUI_WIZ_DIGITAL_SIGN_CERT_PVK_INFO

Contains information about the PVK file that contains the certificates used by the CryptUIWizDigitalSign function.
CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT

Used with the CryptUIWizDigitalSign function to contain information about a BLOB.
CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO

Used with the CRYPTUI_WIZ_DIGITAL_SIGN_INFO structure to contain extended information about a signature.
CRYPTUI_WIZ_DIGITAL_SIGN_INFO

Contains information about digital signing.
CRYPTUI_WIZ_DIGITAL_SIGN_PVK_FILE_INFO

Used with the CRYPTUI_WIZ_DIGITAL_SIGN_INFO structure to contain information about the PVK file used by the digital signature wizard.
CRYPTUI_WIZ_DIGITAL_SIGN_STORE_INFO

Contains information about the certificate store used by the digital signature wizard.
CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO

Contains information that controls the operation of the CryptUIWizExport function when a certificate is the object being exported.
CRYPTUI_WIZ_EXPORT_INFO

Contains information that controls the operation of the CryptUIWizExport function.
CRYPTUI_WIZ_IMPORT_SRC_INFO

Contains the subject to import into the CryptUIWizImport function.
CTL_ANY_SUBJECT_INFO

Contains a SubjectAlgorithm to be matched in the certificate trust list (CTL) and the SubjectIdentifier to be matched in one of the CTL entries in calls to CertFindSubjectInCTL.
CTL_CONTEXT

The CTL_CONTEXT structure contains both the encoded and decoded representations of a CTL.
CTL_ENTRY

An element of a certificate trust list (CTL).
CTL_FIND_SUBJECT_PARA

Contains data used by CertFindCTLInStore with a dwFindType parameter of CTL_FIND_SUBJECT to find a Certificate Trust List (CTL).
CTL_FIND_USAGE_PARA

A member of the CTL_FIND_SUBJECT_PARA structure and it is used by CertFindCTLInStore.
CTL_INFO

Contains the information stored in a Certificate Trust List (CTL).
CTL_MODIFY_REQUEST

Contains a request to modify a certificate trust list (CTL). This structure is used in the CertModifyCertificatesToTrust function.
CTL_USAGE

Contains an array of object identifiers (OIDs) for Certificate Trust List (CTL) extensions.
CTL_USAGE_MATCH

Provides parameters for finding certificate trust lists (CTL) used to build a certificate chain.
CTL_VERIFY_USAGE_PARA

The CTL_VERIFY_USAGE_PARA structure contains parameters used by CertVerifyCTLUsage to establish the validity of a CTL's usage.
CTL_VERIFY_USAGE_STATUS

Contains information about a Certificate Trust List (CTL) returned by CertVerifyCTLUsage.
DHPRIVKEY_VER3

Contains information specific to the particular private key contained in the key BLOB.
DHPUBKEY

Contains information specific to the particular Diffie-Hellman public key contained in the key BLOB.
DHPUBKEY_VER3

Contains information specific to the particular public key contained in the key BLOB.
DIAGNOSTIC_DATA_EVENT_BINARY_STATS

A resource that describes this binary and the amount of diagnostic data it has sent.
DIAGNOSTIC_DATA_EVENT_CATEGORY_DESCRIPTION

A resource that represents a category, defined by an identifier and a name. A category is an organizational construct to categorize records for a given producer. For example, "Browsing Data" could be a category for the producer "Microsoft Edge".
DIAGNOSTIC_DATA_EVENT_PRODUCER_DESCRIPTION

A resource that represents a producer. A Producer is an OS component, application or service that emits events. For example, “Microsoft Edge” is the Producer ID for the Microsoft Edge browser.
DIAGNOSTIC_DATA_EVENT_TAG_DESCRIPTION

A resource that describes a tag, defined by the tag's name and its description.
DIAGNOSTIC_DATA_EVENT_TAG_STATS

A resource that includes a privacy tag and how many events have this privacy tag.
DIAGNOSTIC_DATA_EVENT_TRANSCRIPT_CONFIGURATION

Event transcript configuration details such as maximum storage size and hours of data history.
DIAGNOSTIC_DATA_GENERAL_STATS

This resource contains general statistics about a set of diagnostic data records.
DIAGNOSTIC_DATA_RECORD

This resource describes an individual diagnostic data record (event).
DIAGNOSTIC_DATA_SEARCH_CRITERIA

This resource contains details of the search criteria when fetching a diagnostic data record.
DIAGNOSTIC_REPORT_DATA

This resource contains information about a diagnostic report.
DIAGNOSTIC_REPORT_PARAMETER

Resource that describes the parameters for an error report.
DIAGNOSTIC_REPORT_SIGNATURE

This resource describes the signature for a diagnostic report.
DOMAIN_PASSWORD_INFORMATION

Contains information about a domain's password policy, such as the minimum length for passwords and how unique passwords must be.
DSSSEED

Holds the seed and counter values that can be used to verify the primes of the DSS public key.
EFFPERM_RESULT_LIST

Lists the effective permissions.
ENCRYPTED_CREDENTIALW

Represents an encrypted credential.
ENUM_SERVICE_STATUS_PROCESSA

Contains the name of a service in a service control manager database and information about the service. It is used by the EnumServicesStatusEx function. (ANSI)
ENUM_SERVICE_STATUS_PROCESSW

Contains the name of a service in a service control manager database and information about the service. It is used by the EnumServicesStatusEx function. (Unicode)
ENUM_SERVICE_STATUSA

Contains the name of a service in a service control manager database and information about that service. It is used by the EnumDependentServices and EnumServicesStatus functions. (ANSI)
ENUM_SERVICE_STATUSW

Contains the name of a service in a service control manager database and information about that service. It is used by the EnumDependentServices and EnumServicesStatus functions. (Unicode)
EV_EXTRA_CERT_CHAIN_POLICY_PARA

Specifies the parameters that are passed in for EV policy validation. Applications use this structure to pass hints to the API that indicate which of the policy qualifier flags of the extended validation certificates are important to the application.
EV_EXTRA_CERT_CHAIN_POLICY_STATUS

Contains policy flags returned from a call to the CertVerifyCertificateChainPolicy function.
EXPLICIT_ACCESS_A

Defines access control information for a specified trustee. (ANSI)
EXPLICIT_ACCESS_W

Defines access control information for a specified trustee. (Unicode)
GENERIC_MAPPING

Defines the mapping of generic access rights to specific and standard access rights for an object.
HMAC_INFO

The HMAC_INFO structure specifies the hash algorithm and the inner and outer strings that are to be used to calculate the HMAC hash.
HTTPSPolicyCallbackData

Holds policy information used in the verification of Secure Sockets Layer (SSL) client/server certificate chains.
INHERITED_FROMA

Provides information about an object's inherited access control entry (ACE). (ANSI)
INHERITED_FROMW

Provides information about an object's inherited access control entry (ACE). (Unicode)
KERB_ADD_BINDING_CACHE_ENTRY_EX_REQUEST

Allows the user to bind to a specific domain controller (DC), overriding the Kerberos domain binding cache.
KERB_ADD_BINDING_CACHE_ENTRY_REQUEST

Specifies a message to add a binding cache entry.
KERB_ADD_CREDENTIALS_REQUEST

Specifies a message to add, remove, or replace an extra server credential for a logon session.
KERB_ADD_CREDENTIALS_REQUEST_EX

Specifies a message to add, remove, or replace an extra server credential for a logon session, and the service principal names (SPNs) to be associated with that credential.
KERB_BINDING_CACHE_ENTRY_DATA

Specifies the data for the binding cache entry.
KERB_CERTIFICATE_HASHINFO

Provides the payload information of the certificate hash.
KERB_CERTIFICATE_INFO

Contains the certificate information.
KERB_CERTIFICATE_LOGON

Contains information about a smart card logon session. (KERB_CERTIFICATE_LOGON)
KERB_CERTIFICATE_S4U_LOGON

Contains information about the certificate for a service for user (S4U) logon.
KERB_CERTIFICATE_UNLOCK_LOGON

Contains information used to unlock a workstation that has been locked during an interactive smart card logon session.
KERB_CHANGEPASSWORD_REQUEST

Contains information used to change a password.
KERB_CLEANUP_MACHINE_PKINIT_CREDS_REQUEST

Cleans up the PKINIT device credentials from the computer.
KERB_CRYPTO_KEY

Contains information about a Kerberos cryptographic session key.
KERB_EXTERNAL_NAME

Contains information about an external name.
KERB_EXTERNAL_TICKET

Contains information about an external ticket.
KERB_INTERACTIVE_LOGON

Contains information about an interactive logon session.
KERB_INTERACTIVE_PROFILE

The KERB_INTERACTIVE_PROFILE structure contains information about an interactive logon profile. This structure is used by the LsaLogonUser function.
KERB_INTERACTIVE_UNLOCK_LOGON

Contains information used to unlock a workstation that has been locked during an interactive logon session.
KERB_PURGE_BINDING_CACHE_REQUEST

Deletes the request for the binding cache.
KERB_PURGE_TKT_CACHE_REQUEST

Contains information used to delete entries from the ticket cache.
KERB_QUERY_BINDING_CACHE_REQUEST

Contains information used to query the binding cache.
KERB_QUERY_BINDING_CACHE_RESPONSE

Contains the results of querying the binding cache.
KERB_QUERY_DOMAIN_EXTENDED_POLICIES_REQUEST

Contains information used to query the domain for the extended policies.
KERB_QUERY_DOMAIN_EXTENDED_POLICIES_RESPONSE

Contains the results of querying for the extended policies of the specified domain.
KERB_QUERY_TKT_CACHE_REQUEST

Contains information used to query the ticket cache.
KERB_QUERY_TKT_CACHE_RESPONSE

Contains the results of querying the ticket cache.
KERB_RETRIEVE_TKT_REQUEST

Contains information used to retrieve a ticket.
KERB_RETRIEVE_TKT_RESPONSE

Contains the response from retrieving a ticket.
KERB_S4U_LOGON

Contains information about a service for user (S4U) logon.
KERB_SMART_CARD_LOGON

Contains information about a smart card logon session. (KERB_SMART_CARD_LOGON)
KERB_SMART_CARD_UNLOCK_LOGON

Contains information used to unlock a workstation that has been locked during a smart card logon session.
KERB_TICKET_CACHE_INFO

Contains information about a cached Kerberos ticket. The Kerberos ticket is defined in Internet RFC 4120. For more information, see http://www.ietf.org.
KERB_TICKET_LOGON

Contains profile information for a network logon.
KERB_TICKET_PROFILE

The KERB_TICKET_PROFILE structure contains information about an interactive logon profile. This structure is returned by LsaLogonUser.
KERB_TICKET_UNLOCK_LOGON

Contains information to unlock a workstation.
KeyCredentialManagerInfo

Data structure returned from KeyCredentialManagerGetInformation.
LSA_AUTH_INFORMATION

The LSA_AUTH_INFORMATION structure contains authentication information for a trusted domain.
LSA_DISPATCH_TABLE

Contains pointers to the Local Security Authority (LSA) functions that Windows authentication packages can call.
LSA_ENUMERATION_INFORMATION

The LSA_ENUMERATION_INFORMATION structure is used with the LsaEnumerateAccountsWithUserRight function to return a pointer to a SID.
LSA_FOREST_TRUST_BINARY_DATA

Contains binary data used in Local Security Authority forest trust operations.
LSA_FOREST_TRUST_COLLISION_INFORMATION

Contains information about Local Security Authority forest trust collisions.
LSA_FOREST_TRUST_COLLISION_RECORD

Contains information about a Local Security Authority forest trust collision.
LSA_FOREST_TRUST_DOMAIN_INFO

Contains identifying information for a domain.
LSA_FOREST_TRUST_INFORMATION

Contains Local Security Authority forest trust information.
LSA_FOREST_TRUST_RECORD

Represents a Local Security Authority forest trust record.
LSA_LAST_INTER_LOGON_INFO

Contains information about a logon session. (LSA_LAST_INTER_LOGON_INFO)
LSA_OBJECT_ATTRIBUTES

The LSA_OBJECT_ATTRIBUTES structure is used with the LsaOpenPolicy function to specify the attributes of the connection to the Policy object.
LSA_REFERENCED_DOMAIN_LIST

The LSA_REFERENCED_DOMAIN_LIST structure contains information about the domains referenced in a lookup operation.
LSA_SECPKG_FUNCTION_TABLE

Contains pointers to the LSA functions that a security package can call. The Local Security Authority (LSA) passes this structure to a security package when it calls the package's SpInitialize function.
LSA_STRING

Used by Local Security Authority (LSA) functions to specify an ANSI string.
LSA_TOKEN_INFORMATION_NULL

Used in cases where a non-authenticated system access is needed.
LSA_TOKEN_INFORMATION_V1

Contains information an authentication package can place in a Version 2 Windows token object and has superceded LSA_TOKEN_INFORMATION_V1.
LSA_TOKEN_INFORMATION_V3

Adds claim support to the LSA token and contains information an authentication package can place in a Version 3 Windows token object and has superceded LSA_TOKEN_INFORMATION_V1.
LSA_TRANSLATED_NAME

Used with the LsaLookupSids function to return information about the account identified by a SID.
LSA_TRANSLATED_SID

Used with the LsaLookupNames function to return information about the SID that identifies an account.
LSA_TRANSLATED_SID2

Contains SIDs that are retrieved based on account names.
LSA_TRUST_INFORMATION

Identifies a domain.
LSA_UNICODE_STRING

The LSA_UNICODE_STRING structure is used by various Local Security Authority (LSA) functions to specify a Unicode string.
LUID_AND_ATTRIBUTES

Represents a locally unique identifier (LUID) and its attributes.
MS_ADDINFO_BLOB

Provides additional information for in-memory BLOB subject types.
MS_ADDINFO_CATALOGMEMBER

Provides additional information for catalog member subject types.
MS_ADDINFO_FLAT

Provides additional information about flat or end-to-end subject types.
MSA_INFO_0

Specifies information about a managed service account.
MSV1_0_INTERACTIVE_LOGON

Contains information about an interactive logon.
MSV1_0_INTERACTIVE_PROFILE

The MSV1_0_INTERACTIVE_PROFILE structure contains information about an interactive logon profile. This structure is used by the LsaLogonUser function.
MSV1_0_LM20_LOGON

Contains logon information used in network logons.
MSV1_0_LM20_LOGON_PROFILE

Contains information about a network logon session.
MSV1_0_SUBAUTH_LOGON

Used by subauthentication DLLs.
MSV1_0_SUBAUTH_REQUEST

Contains information to pass to a subauthentication package.
MSV1_0_SUBAUTH_RESPONSE

Contains the response from a subauthentication package.
MSV1_0_SUPPLEMENTAL_CREDENTIAL

The MSV1_0_SUPPLEMENTAL_CREDENTIAL structure is used to pass credentials into MSV1_0 from Kerberos or custom authentication package.
NCRYPT_ALLOC_PARA

Enables you to specify custom functions that can be used to allocate and free data.
NCRYPT_KEY_BLOB_HEADER

Contains a key BLOB.
NCRYPT_PROTECT_STREAM_INFO

Is used by the NCryptStreamOpenToProtect and NCryptStreamOpenToUnprotect functions to pass blocks of processed data to your application.
NCRYPT_SUPPORTED_LENGTHS

Used with the NCRYPT_LENGTHS_PROPERTY property to contain length information for a key.
NCRYPT_UI_POLICY

Used with the NCRYPT_UI_POLICY_PROPERTY property to contain strong key user interface information for a key.
NCryptAlgorithmName

Used to contain information about a CNG algorithm.
NCryptKeyName

Used to contain information about a CNG key.
NCryptProviderName

Used to contain the name of a CNG key storage provider.
NETCONNECTINFOSTRUCT

The NETCONNECTINFOSTRUCT structure contains information about the performance of a network. It is used by the NPGetConnectionPerformance function.
NETLOGON_LOGON_IDENTITY_INFO

Used to pass information about a user for logon subauthentication.
NETRESOURCEA

The following structure contains information about a network resource. It is used by several of the network provider functions, including NPOpenEnum and NPAddConnection. (ANSI)
NETRESOURCEW

The following structure contains information about a network resource. It is used by several of the network provider functions, including NPOpenEnum and NPAddConnection. (Unicode)
NOTIFYADD

The NOTIFYADD structure contains the details of a network connect operation. It is used by the AddConnectNotify function.
NOTIFYCANCEL

The NOTIFYCANCEL structure contains the details of a network disconnect operation. It is used by the CancelConnectNotify function.
NOTIFYINFO

The NOTIFYINFO structure contains status information about a network connect or disconnect operation. It is used by the AddConnectNotify and CancelConnectNotify functions.
OBJECT_TYPE_LIST

Identifies an object type element in a hierarchy of object types.
OBJECTS_AND_NAME_A

Contains a string that identifies a trustee by name and additional strings that identify the object types of an object-specific access control entry (ACE). (ANSI)
OBJECTS_AND_NAME_W

Contains a string that identifies a trustee by name and additional strings that identify the object types of an object-specific access control entry (ACE). (Unicode)
OBJECTS_AND_SID

Contains a security identifier (SID) that identifies a trustee and GUIDs that identify the object types of an object-specific access control entry (ACE).
OCSP_BASIC_RESPONSE_ENTRY

Contains the current certificate status for a single certificate.
OCSP_BASIC_RESPONSE_INFO

Contains a basic online certificate status protocol (OCSP) response as specified by RFC 2560.
OCSP_BASIC_REVOKED_INFO

Contains the reason a certificate was revoked.
OCSP_BASIC_SIGNED_RESPONSE_INFO

Contains a basic online certificate status protocol (OCSP) response with a signature.
OCSP_CERT_ID

Contains information to identify a certificate in an online certificate status protocol (OCSP) request or response.
OCSP_REQUEST_ENTRY

Contains information about a single certificate in an online certificate status protocol (OCSP) request.
OCSP_REQUEST_INFO

Contains information for an online certificate status protocol (OCSP) request as specified by RFC 2560.
OCSP_RESPONSE_INFO

Indicates the success or failure of the corresponding online certificate status protocol (OCSP) request. For successful requests, it contains the type and value of response information.
OCSP_SIGNATURE_INFO

Contains a signature for an online certificate status protocol (OCSP) request or response.
OCSP_SIGNED_REQUEST_INFO

Contains information for an online certificate status protocol (OCSP) request with optional signature information.
OLD_LARGE_INTEGER

Is used to represent a 64-bit signed integer value as two 32-bit integers.
OPENCARD_SEARCH_CRITERIAA

The OPENCARD_SEARCH_CRITERIA structure is used by the SCardUIDlgSelectCard function in order to recognize cards that meet the requirements set forth by the caller. You can, however, call SCardUIDlgSelectCard without using this structure. (ANSI)
OPENCARD_SEARCH_CRITERIAW

The OPENCARD_SEARCH_CRITERIA structure is used by the SCardUIDlgSelectCard function in order to recognize cards that meet the requirements set forth by the caller. You can, however, call SCardUIDlgSelectCard without using this structure. (Unicode)
OPENCARDNAME_EXA

The OPENCARDNAME_EX structure contains the information that the SCardUIDlgSelectCard function uses to initialize a smart card Select Card dialog box. (ANSI)
OPENCARDNAME_EXW

The OPENCARDNAME_EX structure contains the information that the SCardUIDlgSelectCard function uses to initialize a smart card Select Card dialog box. (Unicode)
OPENCARDNAMEA

Contains the information that the GetOpenCardName function uses to initialize a smart card Select Card dialog box. (ANSI)
OPENCARDNAMEW

Contains the information that the GetOpenCardName function uses to initialize a smart card Select Card dialog box. (Unicode)
PKCS12_PBES2_EXPORT_PARAMS

Passed to the PFXExportCertStoreEx function as pvPara when the PKCS12_EXPORT_PBES2_PARAMS flag is set for dwFlags to provide information about the encryption algorithm to use.
PKU2U_CERT_BLOB

Specifies PKU2U certificate data.
PKU2U_CERTIFICATE_S4U_LOGON

Specifies a certificate used for S4U logon.
PKU2U_CREDUI_CONTEXT

Specifies a PKU2U client context.
POLICY_ACCOUNT_DOMAIN_INFO

Used to set and query the name and SID of the system's account domain.
POLICY_AUDIT_EVENTS_INFO

The POLICY_AUDIT_EVENTS_INFO structure is used to set and query the system's auditing rules.
POLICY_AUDIT_SID_ARRAY

Specifies an array of SID structures that represent Windows users or groups.
POLICY_DNS_DOMAIN_INFO

The POLICY_DNS_DOMAIN_INFO structure is used to set and query Domain Name System (DNS) information about the primary domain associated with a Policy object.
POLICY_LSA_SERVER_ROLE_INFO

Used to set and query the role of an LSA server.
POLICY_MODIFICATION_INFO

The POLICY_MODIFICATION_INFO structure is used to query information about the creation time and last modification of the LSA database.
POLICY_PRIMARY_DOMAIN_INFO

The PolicyPrimaryDomainInformation value and POLICY_PRIMARY_DOMAIN_INFO structure are obsolete. Use the PolicyDnsDomainInformation and POLICY_DNS_DOMAIN_INFO structure instead.
PRIVILEGE_SET

Specifies a set of privileges.
PROCESS_MACHINE_INFORMATION

Specifies the architecture of a process and if that architecture of code can run in user mode, kernel mode, and/or under WoW64 on the host operating system.
PROV_ENUMALGS

Used with the CryptGetProvParam function when the PP_ENUMALGS parameter is retrieved to contain information about an algorithm supported by a cryptographic service provider (CSP).
PROV_ENUMALGS_EX

Used with the CryptGetProvParam function when the PP_ENUMALGS_EX parameter is retrieved to contain information about an algorithm supported by a cryptographic service provider (CSP).
QUERY_SERVICE_CONFIGA

Contains configuration information for an installed service. It is used by the QueryServiceConfig function. (ANSI)
QUERY_SERVICE_CONFIGW

Contains configuration information for an installed service. It is used by the QueryServiceConfig function. (Unicode)
QUERY_SERVICE_LOCK_STATUSA

Contains information about the lock status of a service control manager database. It is used by the QueryServiceLockStatus function. (ANSI)
QUERY_SERVICE_LOCK_STATUSW

Contains information about the lock status of a service control manager database. It is used by the QueryServiceLockStatus function. (Unicode)
QUOTA_LIMITS

Describes the amount of system resources available to a user.
REMOTE_NAME_INFOA

The REMOTE_NAME_INFO structure contains information about the remote form of a universal name. It is used by the NPGetUniversalName function. (ANSI)
REMOTE_NAME_INFOW

The REMOTE_NAME_INFO structure contains information about the remote form of a universal name. It is used by the NPGetUniversalName function. (Unicode)
ROOT_INFO_LUID

Contains a locally unique identifier (LUID) for Cryptographic Smart Card Root Information.
RSAPUBKEY

The RSAPUBKEY structure contains information specific to the particular public key contained in the key BLOB.
SAFER_CODE_PROPERTIES_V1

Contains code image information and criteria to be checked on the code image. (SAFER_CODE_PROPERTIES_V1)
SAFER_CODE_PROPERTIES_V2

Contains code image information and criteria to be checked on the code image.S
SAFER_HASH_IDENTIFICATION

Represents a hash identification rule.
SAFER_IDENTIFICATION_HEADER

SAFER_IDENTIFICATION_HEADER structure is used as the header for the SAFER_PATHNAME_IDENTIFICATION, SAFER_HASH_IDENTIFICATION, and SAFER_URLZONE_IDENTIFICATION structures.
SAFER_PATHNAME_IDENTIFICATION

Represents a path identification rule.
SAFER_URLZONE_IDENTIFICATION

Represents a URL zone identification rule.
SC_ACTION

Represents an action that the service control manager can perform.
SCARD_ATRMASK

Used by the SCardLocateCardsByATR function to locate cards.
SCARD_READERSTATEA

Used by functions for tracking smart cards within readers. (ANSI)
SCARD_READERSTATEW

Used by functions for tracking smart cards within readers. (Unicode)
SCESVC_ANALYSIS_INFO

Contains the analysis information.
SCESVC_ANALYSIS_LINE

The SCESVC_ANALYSIS_LINE structure contains the key, value, and value length for a specific line specified by an SCESVC_ANALYSIS_INFO structure.
SCESVC_CALLBACK_INFO

The SCESVC_CALLBACK_INFO structure contains an opaque database handle and callback function pointers to query, set, and free information.
SCESVC_CONFIGURATION_INFO

The SCESVC_CONFIGURATION_INFO structure provides configuration information for a service. This structure is used by the PFSCE_QUERY_INFO and PFSCE_SET_INFO functions when the configuration information is specified.
SCESVC_CONFIGURATION_LINE

The SCESVC_CONFIGURATION_LINE structure contains information about a line of configuration data. It is used by the SCESVC_CONFIGURATION_INFO structure.
SCH_CRED_PUBLIC_CERTCHAIN

The SCH_CRED_PUBLIC_CERTCHAIN structure contains a single certificate. A certification chain can be built from this certificate.
SCH_CRED_SECRET_PRIVKEY

Contains private key information needed to authenticate a client or server.
SCH_CREDENTIALS

Contains the data for an Schannel credential. (SCH_CREDENTIALS)
SCHANNEL_ALERT_TOKEN

Generates a Secure Sockets Layer Protocol (SSL) or Transport Layer Security Protocol (TLS) alert to be sent to the target of a call to either the InitializeSecurityContext (Schannel) function or the AcceptSecurityContext (Schannel) function.
SCHANNEL_ALG

The SCHANNEL_ALG structure contains algorithm and key size information. It is used as the structure passed as pbData in CryptSetKeyParam when dwParam is set to KP_SCHANNEL_ALG.
SCHANNEL_CERT_HASH

Contains the hash store data for the certificate that Schannel uses.
SCHANNEL_CERT_HASH_STORE

Contains the hash store data for the certificate that Schannel uses in kernel-mode.
SCHANNEL_CLIENT_SIGNATURE

Specifies a client signature when a call to the InitializeSecurityContext (Schannel) function cannot access the private key for a client certificate (in this case, the function returns SEC_I_SIGNATURE_NEEDED).
SCHANNEL_CRED

Contains the data for an Schannel credential. (SCHANNEL_CRED)
SCHANNEL_SESSION_TOKEN

Specifies whether reconnections are enabled for an authentication session created by calling either the InitializeSecurityContext (Schannel) function or the AcceptSecurityContext (Schannel) function.
SEC_APPLICATION_PROTOCOL_LIST

Stores a list of application protocols.
SEC_APPLICATION_PROTOCOLS

Stores an array of application protocol lists.
SEC_CERTIFICATE_REQUEST_CONTEXT

Stores the certificate request context.
SEC_CHANNEL_BINDINGS

Specifies channel binding information for a security context.
SEC_DTLS_MTU

Stores the DTLS MTU.
SEC_FLAGS

Contains the security flags.
SEC_NEGOTIATION_INFO

Stores the security negotiation information.
SEC_PRESHAREDKEY

Contains the pre-shared key information.
SEC_PRESHAREDKEY_IDENTITY

Contains the identity for a pre-shared key.
SEC_SRTP_MASTER_KEY_IDENTIFIER

Stores the SRTP master key identifier.
SEC_SRTP_PROTECTION_PROFILES

Stores the SRTP protection profiles.
SEC_TOKEN_BINDING

Stores the token binding information.
SEC_TRAFFIC_SECRETS

Contains the traffic secrets for a connection.
SEC_WINNT_AUTH_BYTE_VECTOR

Specifies the byte offset and array length of the data in an authentication structure.
SEC_WINNT_AUTH_CERTIFICATE_DATA

Specifies serialized certificate information.
SEC_WINNT_AUTH_DATA

Specifies authentication data.
SEC_WINNT_AUTH_DATA_PASSWORD

Specifies a serialized password.
SEC_WINNT_AUTH_DATA_TYPE_SMARTCARD_CONTEXTS_DATA

Contains the authentication data for a smartcard context.
SEC_WINNT_AUTH_FIDO_DATA

Contains data for FIDO authentication.
SEC_WINNT_AUTH_IDENTITY_A

Allows you to pass a particular user name and password to the run-time library for the purpose of authentication. (ANSI)
SEC_WINNT_AUTH_IDENTITY_EX2

Contains information about an authentication identity.
SEC_WINNT_AUTH_IDENTITY_EXA

The SEC_WINNT_AUTH_IDENTITY_EXA (ANSI) structure contains information about a user.
SEC_WINNT_AUTH_IDENTITY_EXW

The SEC_WINNT_AUTH_IDENTITY_EXW (Unicode) structure contains information about a user.
SEC_WINNT_AUTH_IDENTITY_INFO

Contains the identity information for authentication.
SEC_WINNT_AUTH_IDENTITY_W

Allows you to pass a particular user name and password to the run-time library for the purpose of authentication. (Unicode)
SEC_WINNT_AUTH_NGC_DATA

Contains the NGC data for authentication.
SEC_WINNT_AUTH_PACKED_CREDENTIALS

Specifies serialized credentials.
SEC_WINNT_AUTH_PACKED_CREDENTIALS_EX

Specifies serialized credentials and a list of security packages that support the credentials.
SEC_WINNT_AUTH_SHORT_VECTOR

Specifies the offset and number of characters in an array of USHORT values.
SEC_WINNT_CREDUI_CONTEXT

Specifies unserialized credential information.
SEC_WINNT_CREDUI_CONTEXT_VECTOR

Specifies the offset and size of the credential context data in a SEC_WINNT_CREDUI_CONTEXT structure.
SecBuffer

Describes a buffer allocated by a transport application to pass to a security package.
SecBufferDesc

The SecBufferDesc structure describes an array of SecBuffer structures to pass from a transport application to a security package.
SecHandle

Represents a security handle.
SECPKG_BYTE_VECTOR

Specifies the byte vector information.
SECPKG_CALL_INFO

Contains information about a currently executing call.
SECPKG_CLIENT_INFO

The SECPKG_CLIENT_INFO structure holds information about a security package's client. This structure is used by the GetClientInfo function.
SECPKG_CONTEXT_THUNKS

The SECPKG_CONTEXT_THUNKS structure contains information about QueryContextAttributes (General) calls to be executed in LSA mode.This structure is used by the SpGetExtendedInformation and SpSetExtendedInformation functions.
SECPKG_CREDENTIAL

Specifies the credentials.
SECPKG_DLL_FUNCTIONS

The SECPKG_DLL_FUNCTIONS structure contains pointers to the LSA functions that a security package can call while executing in-process with a client/server application.
SECPKG_EVENT_NOTIFY

The SECPKG_EVENT_NOTIFY structure contains information about security events. This structure is passed to a function registered to receive event notifications. Event notification functions are registered by calling the RegisterNotification function.
SECPKG_EVENT_PACKAGE_CHANGE

The SECPKG_EVENT_PACKAGE_CHANGE structure contains information about changes in security package availability.
SECPKG_EXTENDED_INFORMATION

The SECPKG_EXTENDED_INFORMATION structure is used to hold information about optional package capabilities.This structure is used by the SpGetExtendedInformation and SpSetExtendedInformation functions.
SECPKG_EXTRA_OIDS

Contains the object identifiers (OIDs) for the extended security package.
SECPKG_FUNCTION_TABLE

The SECPKG_FUNCTION_TABLE structure contains pointers to the LSA functions that a security package must implement. The Local Security Authority (LSA) obtains this structure from an SSP/AP DLL when it calls the SpLsaModeInitialize function.
SECPKG_GSS_INFO

A SECPKG_GSS_INFO structure contains information used for GSS-compatible negotiations.
SECPKG_MUTUAL_AUTH_LEVEL

The SECPKG_MUTUAL_AUTH_LEVEL structure contains the authentication level used by a security package.
SECPKG_NEGO2_INFO

Contains extended package information used for NEGO2 negotiations.
SECPKG_PARAMETERS

The SECPKG_PARAMETERS structure contains information about the computer system. This structure is used by the SpInitialize function.
SECPKG_PRIMARY_CRED

The SECPKG_PRIMARY_CRED structure contains the primary credentials. This structure is used by the LsaApLogonUserEx2 and SpAcceptCredentials functions.
SECPKG_SERIALIZED_OID

Contains the security package's object identifier (OID).
SECPKG_SHORT_VECTOR

Specifies the short vector information.
SECPKG_SUPPLEMENTAL_CRED

The SECPKG_SUPPLEMENTAL_CRED structure contains supplemental credentials recognized by the security package.
SECPKG_SUPPLEMENTAL_CRED_ARRAY

The SECPKG_SUPPLEMENTAL_CRED_ARRAY structure contains supplemental credentials information. This structure is used by the LsaApLogonUserEx2 and UpdateCredentials functions.
SECPKG_SUPPLIED_CREDENTIAL

Specifies the supplied credentials.
SECPKG_TARGETINFO

Specifies the target of an authentication request.
SECPKG_USER_FUNCTION_TABLE

The SECPKG_USER_FUNCTION_TABLE structure contains pointers to the functions that a security package implements to support executing in process with client/server applications. This structure is provided by the SpUserModeInitialize function.
SECPKG_WOW_CLIENT_DLL

Contains the path to the WOW-aware 32-bit DLL.
SecPkgContext_AccessToken

Returns a handle to the access token for the current security context.
SecPkgContext_ApplicationProtocol

Contains information about the application protocol of the security context.
SecPkgContext_AuthorityA

The SecPkgContext_Authority structure contains the name of the authenticating authority if one is available. (ANSI)
SecPkgContext_AuthorityW

The SecPkgContext_Authority structure contains the name of the authenticating authority if one is available. (Unicode)
SecPkgContext_AuthzID

Contains information about the AuthzID of the security context.
SecPkgContext_Bindings

Specifies a structure that contains channel binding information for a security context.
SecPkgContext_CipherInfo

Cipher info structure. This is returned by SECPKG_ATTR_CIPHER_INFO ulAttribute from the QueryContextAttributes (Schannel) function.
SecPkgContext_ClientCreds

Specifies client credentials when calling the QueryContextAttributes (CredSSP) function.
SecPkgContext_ClientSpecifiedTarget

Specifies the service principal name (SPN) of the initial target when calling the QueryContextAttributes (Digest) function.
SecPkgContext_ConnectionInfo

The SecPkgContext_ConnectionInfo structure contains protocol and cipher information. This structure is used by the InitializeSecurityContext (Schannel) function.This attribute is supported only by the Schannel security support provider (SSP).
SecPkgContext_CredentialNameA

Contains the credential name and type.
SecPkgContext_CredentialNameW

Information about the credential name of the security context.
SecPkgContext_CredInfo

Specifies the type of credentials used to create a client context.
SecPkgContext_DceInfo

The SecPkgContext_DceInfo structure contains authorization data used by DCE services. The QueryContextAttributes (General) function uses this structure.
SecPkgContext_EapKeyBlock

Contains key data used by the EAP TLS Authentication Protocol.
SecPkgContext_EapPrfInfo

Specifies the pseudorandom function (PRF) and extracts key data used by the Extensible Authentication Protocol (EAP) Transport Layer Security protocol (TLS) Authentication Protocol.
SecPkgContext_EarlyStart

The SecPkgContext_EarlyStart structure contains information about whether to attempt to use the False Start feature in a security context.
SecPkgContext_Flags

The SecPkgContext_Flags structure contains information about the flags in the current security context. This structure is returned by QueryContextAttributes (General).
SecPkgContext_IssuerListInfoEx

The SecPkgContext_IssuerListInfoEx structure holds a list of trusted certification authorities (CAs).
SecPkgContext_KeyInfoA

The SecPkgContext_KeyInfo structure contains information about the session keys used in a security context. (ANSI)
SecPkgContext_KeyInfoW

The SecPkgContext_KeyInfo structure contains information about the session keys used in a security context. (Unicode)
SecPkgContext_KeyingMaterial

The SecPkgContext_KeyingMaterial structure.
SecPkgContext_KeyingMaterialInfo

The SecPkgContext_KeyingMaterialInfo structure contains information about the exportable keying material in a security context.
SecPkgContext_LastClientTokenStatus

Specifies whether the token from the most recent call to the InitializeSecurityContext function is the last token from the client.
SecPkgContext_Lifespan

The SecPkgContext_Lifespan structure indicates the life span of a security context. The QueryContextAttributes (General) function uses this structure.
SecPkgContext_LogoffTime

The logoff time of the security context.
SecPkgContext_NamesA

The SecPkgContext_Names structure indicates the name of the user associated with a security context. The QueryContextAttributes (General) function uses this structure. (ANSI)
SecPkgContext_NamesW

The SecPkgContext_Names structure indicates the name of the user associated with a security context. The QueryContextAttributes (General) function uses this structure. (Unicode)
SecPkgContext_NativeNamesA

Contains the client and server principal names.
SecPkgContext_NativeNamesW

The native names of the client and server in the security context.
SecPkgContext_NegoKeys

Holds the negotiated security package keys.
SecPkgContext_NegoPackageInfo

Holds information about the negotiated application package.
SecPkgContext_NegoStatus

Specifies the error status of the last attempt to create a client context.
SecPkgContext_NegotiatedTlsExtensions

The SecPkgContext_NegotiatedTlsExtensions structure contains information about the (D)TLS extensions negotiated for the current (D)TLS connection.
SecPkgContext_NegotiationInfoA

The SecPkgContext_NegotiationInfo structure contains information on the security package that is being set up or has been set up, and also gives the status on the negotiation to set up the security package. (ANSI)
SecPkgContext_NegotiationInfoW

The SecPkgContext_NegotiationInfo structure contains information on the security package that is being set up or has been set up, and also gives the status on the negotiation to set up the security package. (Unicode)
SecPkgContext_PackageInfoA

Holds application package information.
SecPkgContext_PackageInfoW

Holds package information.
SecPkgContext_PasswordExpiry

The SecPkgContext_PasswordExpiry structure contains information about the expiration of a password or other credential used for the security context. This structure is returned by QueryContextAttributes (General).
SecPkgContext_ProtoInfoA

The SecPkgContext_ProtoInfo structure holds information about the protocol in use. (ANSI)
SecPkgContext_ProtoInfoW

The SecPkgContext_ProtoInfo structure holds information about the protocol in use. (Unicode)
SecPkgContext_SessionAppData

Stores application data for a session context.
SecPkgContext_SessionInfo

Specifies whether the session is a reconnection and retrieves a value that identifies the session.
SecPkgContext_SessionKey

The SecPkgContext_SessionKey structure contains information about the session key used for the security context. This structure is returned by the QueryContextAttributes (General) function.
SecPkgContext_Sizes

The SecPkgContext_Sizes structure indicates the sizes of important structures used in the message support functions. The QueryContextAttributes (General) function uses this structure.
SecPkgContext_StreamSizes

Indicates the sizes of the various parts of a stream for use with the message support functions. The QueryContextAttributes (General) function uses this structure.
SecPkgContext_SubjectAttributes

Returns the security attribute information.
SecPkgContext_SupportedSignatures

Specifies the signature algorithms supported by an Schannel connection.
SecPkgContext_Target

Holds target information.
SecPkgContext_TargetInformation

Returns information about the credential used for the security context.
SecPkgContext_UserFlags

Holds the user flags.
SecPkgCredentials_Cert

Specifies the certificate credentials. The QueryCredentialsAttributes function uses this structure.
SecPkgCredentials_KdcProxySettingsW

Specifies the Kerberos proxy settings for the credentials.
SecPkgCredentials_NamesA

The SecPkgCredentials_Names structure holds the name of the user associated with a context. The QueryCredentialsAttributes function uses this structure. (ANSI)
SecPkgCredentials_NamesW

The SecPkgCredentials_Names structure holds the name of the user associated with a context. The QueryCredentialsAttributes function uses this structure. (Unicode)
SecPkgCredentials_SSIProviderA

The SecPkgCredentials_SSIProvider structure holds the SSI provider information associated with a context. The QueryCredentialsAttributes function uses this structure. (ANSI)
SecPkgCredentials_SSIProviderW

The SecPkgCredentials_SSIProvider structure holds the SSI provider information associated with a context. The QueryCredentialsAttributes function uses this structure. (Unicode)
SecPkgInfoA

The SecPkgInfo structure provides general information about a security package, such as its name and capabilities. (ANSI)
SecPkgInfoW

The SecPkgInfo structure provides general information about a security package, such as its name and capabilities. (Unicode)
SECURITY_CAPABILITIES

Defines the security capabilities of the app container.
SECURITY_DESCRIPTOR

Contains the security information associated with an object.
SECURITY_INTEGER

SECURITY_INTEGER is a structure that holds a numeric value. It is used in defining other types.
SECURITY_LOGON_SESSION_DATA

Contains information about a logon session. (SECURITY_LOGON_SESSION_DATA)
SECURITY_OBJECT

Contains the security object information.
SECURITY_PACKAGE_OPTIONS

Specifies information about a security package.
SECURITY_QUALITY_OF_SERVICE

Contains information used to support client impersonation.
SECURITY_STRING

Used as the string interface for kernel operations and is a clone of the UNICODE_STRING structure.
SECURITY_USER_DATA

The SecurityUserData structure contains information about the user of a security support provider/authentication package. This structure is used by the SpGetUserInfo function.
SecurityFunctionTableA

The SecurityFunctionTable structure is a dispatch table that contains pointers to the functions defined in SSPI. (ANSI)
SecurityFunctionTableW

The SecurityFunctionTable structure is a dispatch table that contains pointers to the functions defined in SSPI. (Unicode)
SERVICE_CONTROL_STATUS_REASON_PARAMSA

Contains service control parameters. (ANSI)
SERVICE_CONTROL_STATUS_REASON_PARAMSW

Contains service control parameters. (Unicode)
SERVICE_DELAYED_AUTO_START_INFO

Contains the delayed auto-start setting of an auto-start service.
SERVICE_DESCRIPTIONA

Contains a service description. (ANSI)
SERVICE_DESCRIPTIONW

Contains a service description. (Unicode)
SERVICE_FAILURE_ACTIONS_FLAG

Contains the failure actions flag setting of a service. This setting determines when failure actions are to be executed.
SERVICE_FAILURE_ACTIONSA

Represents the action the service controller should take on each failure of a service. A service is considered failed when it terminates without reporting a status of SERVICE_STOPPED to the service controller. (ANSI)
SERVICE_FAILURE_ACTIONSW

Represents the action the service controller should take on each failure of a service. A service is considered failed when it terminates without reporting a status of SERVICE_STOPPED to the service controller. (Unicode)
SERVICE_LAUNCH_PROTECTED_INFO

Indicates a service protection type.
SERVICE_NOTIFY_2A

Represents service status notification information. (ANSI)
SERVICE_NOTIFY_2W

Represents service status notification information. (Unicode)
SERVICE_PREFERRED_NODE_INFO

Represents the preferred node on which to run a service.
SERVICE_PRESHUTDOWN_INFO

Contains preshutdown settings.
SERVICE_REQUIRED_PRIVILEGES_INFOA

Represents the required privileges for a service. (ANSI)
SERVICE_REQUIRED_PRIVILEGES_INFOW

Represents the required privileges for a service. (Unicode)
SERVICE_SID_INFO

Represents a service security identifier (SID).
SERVICE_STATUS

Contains status information for a service.
SERVICE_STATUS_PROCESS

Contains process status information for a service. The ControlServiceEx, EnumServicesStatusEx, NotifyServiceStatusChange, and QueryServiceStatusEx functions use this structure.
SERVICE_TABLE_ENTRYA

Specifies the ServiceMain function for a service that can run in the calling process. It is used by the StartServiceCtrlDispatcher function. (ANSI)
SERVICE_TABLE_ENTRYW

Specifies the ServiceMain function for a service that can run in the calling process. It is used by the StartServiceCtrlDispatcher function. (Unicode)
SERVICE_TIMECHANGE_INFO

Contains system time change settings.
SERVICE_TRIGGER

Represents a service trigger event. This structure is used by the SERVICE_TRIGGER_INFO structure.
SERVICE_TRIGGER_INFO

Contains trigger event information for a service. This structure is used by the ChangeServiceConfig2 and QueryServiceConfig2 functions.
SERVICE_TRIGGER_SPECIFIC_DATA_ITEM

Contains trigger-specific data for a service trigger event.
SI_ACCESS

Contains information about an access right or default access mask for a securable object.
SI_INHERIT_TYPE

Contains information about how access control entries (ACEs) can be inherited by child objects.
SI_OBJECT_INFO

Used to initialize the access control editor.
SID

Used to uniquely identify users or groups.
SID_AND_ATTRIBUTES

Represents a security identifier (SID) and its attributes.
SID_AND_ATTRIBUTES_HASH

Specifies a hash values for the specified array of security identifiers (SIDs).
SID_IDENTIFIER_AUTHORITY

Represents the top-level authority of a security identifier (SID).
SID_INFO

Contains the list of common names corresponding to the SID structures returned by ISecurityInformation2::LookupSids.
SID_INFO_LIST

Contains a list of SID_INFO structures.
SIP_ADD_NEWPROVIDER

Defines a subject interface package (SIP). This structure is used by the CryptSIPAddProvider function.
SIP_CAP_SET_V2

The SIP_CAP_SET_V2 structure defines the capabilities of a subject interface package (SIP). (SIP_CAP_SET_V2 structure)
SIP_CAP_SET_V3

The SIP_CAP_SET_V3 structure defines the capabilities of a subject interface package (SIP). (SIP_CAP_SET_V3 structure)
SIP_DISPATCH_INFO

Contains a set of function pointers assigned by the CryptSIPLoad function that your application uses to perform subject interface package (SIP) operations.
SIP_INDIRECT_DATA

Contains the digest of the hashed subject information.
SIP_SUBJECTINFO

Specifies subject information data to the subject interface package (SIP) APIs.
SL_ACTIVATION_INFO_HEADER

Specifies the product activation information.
SL_AD_ACTIVATION_INFO

Specifies information used for the retail or Active Directory phone activation of a license.
SL_LICENSING_STATUS

Represents the licensing status. (SL_LICENSING_STATUS)
SL_NONGENUINE_UI_OPTIONS

Specifies an application that displays a dialog box when the SLIsGenuineLocal function indicates that an installation is not genuine.
SPC_INDIRECT_DATA_CONTENT

Is used in Authenticode signatures to store the digest and other attributes of the signed file.
SR_SECURITY_DESCRIPTOR

The SR_SECURITY_DESCRIPTOR structure contains information about the security privileges of the user.
SSL_F12_EXTRA_CERT_CHAIN_POLICY_STATUS

The SSL_F12_EXTRA_CERT_CHAIN_POLICY_STATUS structure checks if any certificates in the chain have weak cryptography and checks if a third party root certificate is compliant with the Microsoft Root Program requirements.
SYSTEM_ALARM_ACE

The SYSTEM_ALARM_ACE structure is reserved for future use.
SYSTEM_ALARM_CALLBACK_ACE

The SYSTEM_ALARM_CALLBACK_ACE structure is reserved for future use.
SYSTEM_ALARM_CALLBACK_OBJECT_ACE

The SYSTEM_ALARM_CALLBACK_OBJECT_ACE structure is reserved for future use.
SYSTEM_ALARM_OBJECT_ACE

The SYSTEM_ALARM_OBJECT_ACE structure is reserved for future use.
SYSTEM_AUDIT_ACE

Defines an access control entry (ACE) for the system access control list (SACL) that specifies what types of access cause system-level notifications.
SYSTEM_AUDIT_CALLBACK_ACE

The SYSTEM_AUDIT_CALLBACK_ACE structure defines an access control entry for the system access control list that specifies what types of access cause system-level notifications.
SYSTEM_AUDIT_CALLBACK_OBJECT_ACE

The SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure defines an access control entry for a system access control list.
SYSTEM_AUDIT_OBJECT_ACE

Defines an access control entry (ACE) for a system access control list (SACL).
SYSTEM_MANDATORY_LABEL_ACE

Defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object.
SYSTEM_RESOURCE_ATTRIBUTE_ACE

Defines an access control entry (ACE) for the system access control list (SACL) that specifies the system resource attributes for a securable object.
SYSTEM_SCOPED_POLICY_ID_ACE

Defines an access control entry (ACE) for the system access control list (SACL) that specifies the scoped policy identifier for a securable object.
TLS_PARAMETERS

Indicates TLS parameter restrictions.
TOKEN_ACCESS_INFORMATION

Specifies all the information in a token that is necessary to perform an access check.
TOKEN_APPCONTAINER_INFORMATION

Specifies all the information in a token that is necessary for an app container.
TOKEN_AUDIT_POLICY

Specifies the per user audit policy for a token.
TOKEN_CONTROL

Contains information that identifies an access token.
TOKEN_DEFAULT_DACL

Specifies a discretionary access control list (DACL).
TOKEN_DEVICE_CLAIMS

Defines the device claims for the token.
TOKEN_ELEVATION

Indicates whether a token has elevated privileges.
TOKEN_GROUPS

Contains information about the group security identifiers (SIDs) in an access token.
TOKEN_GROUPS_AND_PRIVILEGES

Contains information about the group security identifiers (SIDs) and privileges in an access token.
TOKEN_LINKED_TOKEN

Contains a handle to a token. This token is linked to the token being queried by the GetTokenInformation function or set by the SetTokenInformation function.
TOKEN_MANDATORY_LABEL

Specifies the mandatory integrity level for a token.
TOKEN_MANDATORY_POLICY

Specifies the mandatory integrity policy for a token.
TOKEN_ORIGIN

Contains information about the origin of the logon session.
TOKEN_OWNER

Contains the default owner security identifier (SID) that will be applied to newly created objects.
TOKEN_PRIMARY_GROUP

Specifies a group security identifier (SID) for an access token.
TOKEN_PRIVILEGES

Contains information about a set of privileges for an access token.
TOKEN_SOURCE

Identifies the source of an access token.
TOKEN_STATISTICS

Contains information about an access token.
TOKEN_USER

Identifies the user associated with an access token.
TOKEN_USER_CLAIMS

Defines the user claims for the token.
TOKENBINDING_IDENTIFIER

Contains the information for representing a token binding identifier that results from a token binding message exchange.
TOKENBINDING_KEY_TYPES

Contains all of the combinations of types of token binding keys that a client device or server supports.
TOKENBINDING_RESULT_DATA

Contains data about the result of generating a token binding or verifying one of the token bindings in a token binding message.
TOKENBINDING_RESULT_LIST

Contains the results for each of the token bindings that TokenBindingVerifyMessage verified.
TRUSTED_DOMAIN_AUTH_INFORMATION

The TRUSTED_DOMAIN_AUTH_INFORMATION structure is used to retrieve authentication information for a trusted domain. The LsaQueryTrustedDomainInfo function uses this structure when its InformationClass parameter is set to TrustedDomainAuthInformation.
TRUSTED_DOMAIN_FULL_INFORMATION

Used to retrieve complete information about a trusted domain.
TRUSTED_DOMAIN_INFORMATION_EX

Used to retrieve extended information about a trusted domain.
TRUSTED_DOMAIN_NAME_INFO

Used to query or set the name of a trusted domain.
TRUSTED_PASSWORD_INFO

The TRUSTED_PASSWORD_INFO structure is used to query or set the password for a trusted domain.
TRUSTED_POSIX_OFFSET_INFO

Used to query or set the value used to generate Posix user and group identifiers.
TRUSTEE_A

Identifies the user account, group account, or logon session to which an access control entry (ACE) applies. (ANSI)
TRUSTEE_W

Identifies the user account, group account, or logon session to which an access control entry (ACE) applies. (Unicode)
UNICODE_STRING

Used by various Local Security Authority (LSA) functions to specify a Unicode string.
UNIVERSAL_NAME_INFOA

The UNIVERSAL_NAME_INFO structure contains information about the UNC form of a universal name. It is used by the NPGetUniversalName function. (ANSI)
UNIVERSAL_NAME_INFOW

The UNIVERSAL_NAME_INFO structure contains information about the UNC form of a universal name. It is used by the NPGetUniversalName function. (Unicode)
USER_ALL_INFORMATION

Contains information on the session user.
USERNAME_TARGET_CREDENTIAL_INFO

The USERNAME_TARGET_CREDENTIAL_INFO structure contains a reference to a credential.
WIN_CERTIFICATE

This structure encapsulates a signature used in verifying executable files.
WINTRUST_BLOB_INFO

Used when calling WinVerifyTrust to verify a memory BLOB.
WINTRUST_CATALOG_INFO

The WINTRUST_CATALOG_INFO structure is used when calling WinVerifyTrust to verify a member of a Microsoft catalog.
WINTRUST_CERT_INFO

Used when calling WinVerifyTrust to verify a CERT_CONTEXT.
WINTRUST_DATA

Used when calling WinVerifyTrust to pass necessary information into the trust providers.
WINTRUST_FILE_INFO

The WINTRUST_FILE_INFO structure is used when calling WinVerifyTrust to verify an individual file.
WINTRUST_SGNR_INFO

Used when calling WinVerifyTrust to verify a CMSG_SIGNER_INFO structure.
WINTRUST_SIGNATURE_SETTINGS

Can be used to specify the signatures on a file.
WLX_CLIENT_CREDENTIALS_INFO_V1_0

Contains the client credentials returned by a call to WlxQueryClientCredentials or WlxQueryInetConnectorCredentials.
WLX_CLIENT_CREDENTIALS_INFO_V2_0

Contains the client credentials returned by a call to WlxQueryTsLogonCredentials.
WLX_CONSOLESWITCH_CREDENTIALS_INFO_V1_0

Contains the client credentials returned by a call to WlxGetConsoleSwitchCredentials.
WLX_DESKTOP

Used to pass desktop information between your GINA DLL and Winlogon.
WLX_DISPATCH_VERSION_1_0

Defines the format of the Winlogon version 1.0 function dispatch table passed to your GINA DLL in the WlxInitialize call.
WLX_DISPATCH_VERSION_1_1

Defines the format of the Winlogon version 1.1 function dispatch passed to your GINA DLL in the WlxInitialize call.
WLX_DISPATCH_VERSION_1_2

Defines the format of the Winlogon version 1.2 function dispatch table passed to your GINA DLL in the WlxInitialize call.
WLX_DISPATCH_VERSION_1_3

Defines the format of the Winlogon version 1.3 function dispatch table passed to your GINA DLL in the WlxInitialize call.
WLX_DISPATCH_VERSION_1_4

Defines the format of the Winlogon version 1.4 function dispatch table passed to the GINA DLL in the WlxInitialize call.
WLX_MPR_NOTIFY_INFO

Provides identification and authentication information to network providers.
WLX_NOTIFICATION_INFO

This structure stores information about a Winlogon event.
WLX_PROFILE_V1_0

Contains information used for setting up the initial environment.
WLX_PROFILE_V2_0

Contains profile information in addition to the information provided by WLX_PROFILE_V1_0.
WLX_TERMINAL_SERVICES_DATA

Used to provide GINA with Terminal Services user configuration information.
X509Certificate

Represents an X.509 certificate.