Overview
Group
Quick Info

Windows NT
Yes
Win95
No
Win32s
No
Import Library
advapi32.lib
Header File
winbase.h
Unicode
No
Platform Notes
None

OpenThreadToken

The OpenThreadToken function opens the access token associated with a thread.

BOOL OpenThreadToken(

HANDLE ThreadHandle,
// handle to thread
DWORD DesiredAccess,
// access to process
BOOL OpenAsSelf,
// flag for process or thread security
PHANDLE TokenHandle
// pointer to handle to open access token
);

Parameters

ThreadHandle

Identifies the thread whose access token is opened.

DesiredAccess

Specifies an access mask that specifies the requested types of access to the access token. These requested access types are reconciled against the token's discretionary access-control list (ACL) to determine which accesses are granted or denied. The following access rights have been defined for access tokens.

Value
Meaning
TOKEN_ADJUST_DEFAULT
Required to change the default ACL, primary group, or owner of an access token.
TOKEN_ADJUST_GROUPS
Required to change the groups specified in an access token.
TOKEN_ADJUST_PRIVILEGES
Required to change the privileges specified in an access token.
TOKEN_ALL_ACCESS
Combines the STANDARD_RIGHTS_REQUIRED standard access rights and all individual access rights for tokens.
TOKEN_ASSIGN_PRIMARY
Required to attach a primary token to a process in addition to the SE_CREATE_TOKEN_NAME privilege.
TOKEN_DUPLICATE
Required to duplicate an access token.
TOKEN_EXECUTE
Combines the STANDARD_RIGHTS_EXECUTE standard access rights and the TOKEN_IMPERSONATE access right.
TOKEN_IMPERSONATE
Required to attach an impersonation access token to a process.
TOKEN_QUERY
Required to query the contents of an access token.
TOKEN_QUERY_SOURCE
Required to query the source of an access token.
TOKEN_READ
Combines the STANDARD_RIGHTS_READ standard access rights and the TOKEN_QUERY access right.
TOKEN_WRITE
Combines the STANDARD_RIGHTS_WRITE standard access rights and the TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, and TOKEN_ADJUST_DEFAULT access rights.

OpenAsSelf

Specifies a flag indicating whether the access check is to be made against the security context of the thread calling the OpenThreadToken function or against the security context of the process for the calling thread.

If this parameter is FALSE, the access check is performed using the security context for the calling thread. If the thread is impersonating a client, this security context can be that of a client process. If this parameter is TRUE, the access check is made using the security context of the process for the calling thread.

TokenHandle

Points to a handle identifying the newly opened access token when the function returns.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The OpenAsSelf parameter allows a server process to open the access token for a client process when the client process has specified the SecurityIdentification impersonation level for the SECURITY_IMPERSONATION_LEVEL enumerated type. Without this parameter, the calling process is not be able to open the client's access token using the client's security context, because it is impossible to open executive-level objects using the SecurityIdentification impersonation level.

See Also

AdjustTokenGroups
, AdjustTokenPrivileges, GetTokenInformation, OpenProcessToken, SetThreadToken, SetTokenInformation

Software for developers
Delphi Components
.Net Components
Software for Android Developers
More information resources
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
Databases for Amazon shops developers
Amazon Categories Database
Browse Nodes Database