Enables or disables privileges in the specified access token
#include <WinAPIProc.au3>
_WinAPI_AdjustTokenPrivileges ( $hToken, $aPrivileges, $iAttributes, ByRef $aAdjust )
| $hToken | Handle to the access token that contains the privileges to be modified. The handle must have $TOKEN_ADJUST_PRIVILEGES and $TOKEN_QUERY accesses to the token. |
| $aPrivileges | The variable that specifies a privileges. If this parameter is (-1), the function disables of the token's privileges and ignores the $iAttributes parameter. $aPrivileges can be one of the following types. The privilege constant ($SE_*). 1D array of $SE_* constants. 2D array of $SE_* constants and their attributes (see below). [0][0] - Privilege [0][1] - Attributes [n][0] - Privilege [n][1] - Attributes |
| $iAttributes | The privilege attributes. If $aPrivileges parameter is 1D array, $iAttributes applied to the entire array. If $aPrivileges parameter is (-1) or 2D array, the function ignores this parameter and will use the attributes that specified in this array. This parameter can be 0 (disables privilege) or any combination of the following values: $SE_PRIVILEGE_ENABLED $SE_PRIVILEGE_ENABLED_BY_DEFAULT $SE_PRIVILEGE_REMOVED $SE_PRIVILEGE_USED_FOR_ACCESS |
| $aAdjust | 2D array of the previous state of any privileges that the function modifies. That is, if a privilege has been modified by this function, the privilege and its previous state are contained in this array. |
| Success: | 1 and sets the @extended flag to the following values. |
| @extended : | 0 - The function adjusted all specified privileges. 1 - The token does not have one or more of the privileges specified in the $aPrivileges parameter. |
| Failure: | 0 and sets the @error flag to non-zero. |
This function cannot add new privileges to the access token. It can only enable or disable the token's existing privileges.
To determine whether the function success and adjusted all of the specified privileges, check the @error and @extended flags both, for example:
If Not (@error Or @extended) Then
...
EndIf
Search AdjustTokenPrivileges in MSDN Library.
#include <APIRegConstants.au3>
#include <Debug.au3>
#include <WinAPIError.au3>
#include <WinAPIHObj.au3>
#include <WinAPIProc.au3>
#include <WinAPIReg.au3>
#RequireAdmin
_DebugSetup(Default, True)
Example()
Func Example()
Local $aPrivileges[2] = [$SE_BACKUP_NAME, $SE_RESTORE_NAME]
; Enable "SeBackupPrivilege" and "SeRestorePrivilege" privileges to save and restore registry hive
Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
Local $aAdjust
_WinAPI_AdjustTokenPrivileges($hToken, $aPrivileges, $SE_PRIVILEGE_ENABLED, $aAdjust)
If @error Or @extended Then
_DebugReport('Error' & @TAB & 'You do not have the required privileges.' & @CRLF)
Exit
EndIf
; Save "HKEY_CURRENT_USER\Software\AutoIt v3" to reg.dat
Local $hKey = _WinAPI_RegOpenKey($HKEY_CURRENT_USER, 'Software\AutoIt v3', $KEY_READ)
If _WinAPI_RegSaveKey($hKey, @TempDir & '\reg.dat', 1) Then
_DebugReport('- "HKEY_CURRENT_USER\Software\AutoIt v3" has been saved to reg.dat.' & @CRLF)
Else
_DebugReport("! RegSaveKey @error =" & @error & @TAB & _WinAPI_GetErrorMessage(@extended) & @CRLF)
EndIf
_WinAPI_RegCloseKey($hKey)
; Restore "HKEY_CURRENT_USER\Software\AutoIt v3" to "HKEY_CURRENT_USER\Software\AutoIt v3 (Duplicate)"
$hKey = _WinAPI_RegCreateKey($HKEY_CURRENT_USER, 'Software\AutoIt v3 (Duplicate)', $KEY_WRITE)
If _WinAPI_RegRestoreKey($hKey, @TempDir & '\reg.dat') Then
_DebugReport('- "HKEY_CURRENT_USER\Software\AutoIt v3" has been restored to "HKEY_CURRENT_USER\Software\AutoIt v3 (Duplicate)".' & @CRLF)
Else
_DebugReport("! RegRestoreKey @error =" & @error & @TAB & _WinAPI_GetErrorMessage(@extended) & @CRLF)
EndIf
_WinAPI_RegCloseKey($hKey)
; Restore "SeBackupPrivilege" and "SeRestorePrivilege" privileges by default
_WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
_WinAPI_CloseHandle($hToken)
FileDelete(@TempDir & '\reg.dat')
EndFunc ;==>Example