Enables or disables privileges in the specified access token
#include <Security.au3>
_Security__AdjustTokenPrivileges ( $hToken, $bDisableAll, $tNewState, $iBufferLen [, $tPrevState = 0 [, $pRequired = 0]] )
| $hToken | Handle to the access token that contains privileges to be modified |
| $bDisableAll | If True, the function disables all privileges and ignores the NewState parameter. If False, the function modifies privileges based on the information pointed to by the $pNewState parameter. |
| $tNewState | A $tagTOKEN_PRIVILEGES structure or a pointer to it that contains the privilege and it's attributes |
| $iBufferLen | Size, in bytes, of the buffer pointed to by $pNewState |
| $tPrevState | [optional] A $tagTOKEN_PRIVILEGES structure or a pointer to it that specifies the previous state of the privilege that the function modified. This can be 0. |
| $pRequired | [optional] Pointer to a variable that receives the required size, in bytes, of the buffer pointed to by $tPrevState. This parameter can be 0 if $tPrevState is 0. |
| Success: | True. |
| Failure: | False. |
This function cannot add new privileges to an access token. It can only enable or disable the token's existing privileges.
Search AdjustTokenPrivileges in MSDN Library.
#RequireAdmin ; for this example to have sense
#include <MsgBoxConstants.au3>
#include <Security.au3>
#include <SecurityConstants.au3>
#include <WinAPIHobj.au3>
Local $hToken = _Security__OpenProcessToken(_WinAPI_GetCurrentProcess(), $TOKEN_ALL_ACCESS)
If $hToken Then
; $hToken is this process' token with $TOKEN_ALL_ACCESS access
; Disable all privileges for this token
If _Security__AdjustTokenPrivileges($hToken, True, 0, 0) Then
;... Do whatever with this token now and here...
MsgBox($MB_SYSTEMMODAL, "TokenPrivileges", "All TokenPrivileges disabled!")
EndIf
; Close handle when done
_WinAPI_CloseHandle($hToken)
EndIf