IsTokenRestricted function

The IsTokenRestricted function indicates whether a token contains a list of restricted security identifiers (SIDs).

Syntax

BOOL IsTokenRestricted(
  HANDLE TokenHandle
);

Parameters

TokenHandle

A handle to an access token to test.

Return value

If the token contains a list of restricting SIDs, the return value is nonzero.

If the token does not contain a list of restricting SIDs, the return value is zero.

If an error occurs, the return value is zero. To get extended error information, call GetLastError.

Remarks

The CreateRestrictedToken function can restrict a token by disabling SIDs, deleting privileges, and specifying a list of restricting SIDs. The IsTokenRestricted function checks only for the list of restricting SIDs. If a token does not have any restricting SIDs, IsTokenRestricted returns FALSE, even though the token was created by a call to CreateRestrictedToken.

Requirements

   
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header securitybaseapi.h (include Windows.h)
Library Advapi32.lib
DLL Advapi32.dll

See also

Access Control Overview

Basic Access Control Functions

CreateRestrictedToken