14#define DELETE 0x00010000L
15#define READ_CONTROL 0x00020000L
16#define WRITE_DAC 0x00040000L
17#define WRITE_OWNER 0x00080000L
18#define SYNCHRONIZE 0x00100000L
19#define STANDARD_RIGHTS_REQUIRED 0x000F0000L
20#define STANDARD_RIGHTS_READ READ_CONTROL
21#define STANDARD_RIGHTS_WRITE READ_CONTROL
22#define STANDARD_RIGHTS_EXECUTE READ_CONTROL
23#define STANDARD_RIGHTS_ALL 0x001F0000L
24#define SPECIFIC_RIGHTS_ALL 0x0000FFFFL
25#define ACCESS_SYSTEM_SECURITY 0x01000000L
26#define MAXIMUM_ALLOWED 0x02000000L
27#define GENERIC_READ 0x80000000L
28#define GENERIC_WRITE 0x40000000L
29#define GENERIC_EXECUTE 0x20000000L
30#define GENERIC_ALL 0x10000000L
40#define ACL_REVISION_DS 4
42#define ACL_REVISION1 1
43#define ACL_REVISION2 2
44#define ACL_REVISION3 3
45#define ACL_REVISION4 4
46#define MIN_ACL_REVISION ACL_REVISION2
47#define MAX_ACL_REVISION ACL_REVISION4
58#define SECURITY_DESCRIPTOR_REVISION (1)
59#define SECURITY_DESCRIPTOR_REVISION1 (1)
62#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
63#define SE_PRIVILEGE_ENABLED (0x00000002L)
64#define SE_PRIVILEGE_REMOVED (0x00000004L)
65#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
67#define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
68 SE_PRIVILEGE_ENABLED | \
69 SE_PRIVILEGE_REMOVED | \
70 SE_PRIVILEGE_USED_FOR_ACCESS)
83#define PRIVILEGE_SET_ALL_NECESSARY (1)
98#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
99#define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
100#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
101#define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
103#define SECURITY_DYNAMIC_TRACKING (TRUE)
104#define SECURITY_STATIC_TRACKING (FALSE)
123#define OWNER_SECURITY_INFORMATION (0x00000001L)
124#define GROUP_SECURITY_INFORMATION (0x00000002L)
125#define DACL_SECURITY_INFORMATION (0x00000004L)
126#define SACL_SECURITY_INFORMATION (0x00000008L)
127#define LABEL_SECURITY_INFORMATION (0x00000010L)
129#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
130#define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
131#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
132#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
135#define SEF_DACL_AUTO_INHERIT 0x01
136#define SEF_SACL_AUTO_INHERIT 0x02
137#define SEF_DEFAULT_DESCRIPTOR_FOR_OBJECT 0x04
138#define SEF_AVOID_PRIVILEGE_CHECK 0x08
139#define SEF_AVOID_OWNER_CHECK 0x10
140#define SEF_DEFAULT_OWNER_FROM_PARENT 0x20
141#define SEF_DEFAULT_GROUP_FROM_PARENT 0x40
142#define SEF_MACL_NO_WRITE_UP 0x100
143#define SEF_MACL_NO_READ_UP 0x200
144#define SEF_MACL_NO_EXECUTE_UP 0x400
145#define SEF_AI_USE_EXTRA_PARAMS 0x800
146#define SEF_AVOID_OWNER_RESTRICTION 0x1000
147#define SEF_MACL_VALID_FLAGS (SEF_MACL_NO_WRITE_UP | SEF_MACL_NO_READ_UP | SEF_MACL_NO_EXECUTE_UP)
154#define DISABLE_MAX_PRIVILEGE 0x1
155#define SANDBOX_INERT 0x2
156#if (NTDDI_VERSION >= NTDDI_LONGHORN)
158#define WRITE_RESTRICTED 0x8
165typedef enum _SECURITY_OPERATION_CODE {
166 SetSecurityDescriptor,
167 QuerySecurityDescriptor,
168 DeleteSecurityDescriptor,
169 AssignSecurityDescriptor
172#define INITIAL_PRIVILEGE_COUNT 3
180#define SE_MIN_WELL_KNOWN_PRIVILEGE 2
181#define SE_CREATE_TOKEN_PRIVILEGE 2
182#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
183#define SE_LOCK_MEMORY_PRIVILEGE 4
184#define SE_INCREASE_QUOTA_PRIVILEGE 5
185#define SE_MACHINE_ACCOUNT_PRIVILEGE 6
186#define SE_TCB_PRIVILEGE 7
187#define SE_SECURITY_PRIVILEGE 8
188#define SE_TAKE_OWNERSHIP_PRIVILEGE 9
189#define SE_LOAD_DRIVER_PRIVILEGE 10
190#define SE_SYSTEM_PROFILE_PRIVILEGE 11
191#define SE_SYSTEMTIME_PRIVILEGE 12
192#define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
193#define SE_INC_BASE_PRIORITY_PRIVILEGE 14
194#define SE_CREATE_PAGEFILE_PRIVILEGE 15
195#define SE_CREATE_PERMANENT_PRIVILEGE 16
196#define SE_BACKUP_PRIVILEGE 17
197#define SE_RESTORE_PRIVILEGE 18
198#define SE_SHUTDOWN_PRIVILEGE 19
199#define SE_DEBUG_PRIVILEGE 20
200#define SE_AUDIT_PRIVILEGE 21
201#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
202#define SE_CHANGE_NOTIFY_PRIVILEGE 23
203#define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
204#define SE_UNDOCK_PRIVILEGE 25
205#define SE_SYNC_AGENT_PRIVILEGE 26
206#define SE_ENABLE_DELEGATION_PRIVILEGE 27
207#define SE_MANAGE_VOLUME_PRIVILEGE 28
208#define SE_IMPERSONATE_PRIVILEGE 29
209#define SE_CREATE_GLOBAL_PRIVILEGE 30
210#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31
211#define SE_RELABEL_PRIVILEGE 32
212#define SE_INC_WORKING_SET_PRIVILEGE 33
213#define SE_TIME_ZONE_PRIVILEGE 34
214#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35
215#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
256#define SE_MAX_AUDIT_PARAMETERS 32
257#define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
259#define SE_ADT_OBJECT_ONLY 0x1
261#define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
262#define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
263#define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
264#define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
265#define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
267#define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \
268 ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
269 (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) )
341#define SE_UNSOLICITED_INPUT_PRIVILEGE 6
346typedef enum _WELL_KNOWN_SID_TYPE {
350 WinCreatorOwnerSid = 3,
351 WinCreatorGroupSid = 4,
352 WinCreatorOwnerServerSid = 5,
353 WinCreatorGroupServerSid = 6,
354 WinNtAuthoritySid = 7,
358 WinInteractiveSid = 11,
360 WinAnonymousSid = 13,
362 WinEnterpriseControllersSid = 15,
364 WinAuthenticatedUserSid = 17,
365 WinRestrictedCodeSid = 18,
366 WinTerminalServerSid = 19,
367 WinRemoteLogonIdSid = 20,
369 WinLocalSystemSid = 22,
370 WinLocalServiceSid = 23,
371 WinNetworkServiceSid = 24,
372 WinBuiltinDomainSid = 25,
373 WinBuiltinAdministratorsSid = 26,
374 WinBuiltinUsersSid = 27,
375 WinBuiltinGuestsSid = 28,
376 WinBuiltinPowerUsersSid = 29,
377 WinBuiltinAccountOperatorsSid = 30,
378 WinBuiltinSystemOperatorsSid = 31,
379 WinBuiltinPrintOperatorsSid = 32,
380 WinBuiltinBackupOperatorsSid = 33,
381 WinBuiltinReplicatorSid = 34,
382 WinBuiltinPreWindows2000CompatibleAccessSid = 35,
383 WinBuiltinRemoteDesktopUsersSid = 36,
384 WinBuiltinNetworkConfigurationOperatorsSid = 37,
385 WinAccountAdministratorSid = 38,
386 WinAccountGuestSid = 39,
387 WinAccountKrbtgtSid = 40,
388 WinAccountDomainAdminsSid = 41,
389 WinAccountDomainUsersSid = 42,
390 WinAccountDomainGuestsSid = 43,
391 WinAccountComputersSid = 44,
392 WinAccountControllersSid = 45,
393 WinAccountCertAdminsSid = 46,
394 WinAccountSchemaAdminsSid = 47,
395 WinAccountEnterpriseAdminsSid = 48,
396 WinAccountPolicyAdminsSid = 49,
397 WinAccountRasAndIasServersSid = 50,
398 WinNTLMAuthenticationSid = 51,
399 WinDigestAuthenticationSid = 52,
400 WinSChannelAuthenticationSid = 53,
401 WinThisOrganizationSid = 54,
402 WinOtherOrganizationSid = 55,
403 WinBuiltinIncomingForestTrustBuildersSid = 56,
404 WinBuiltinPerfMonitoringUsersSid = 57,
405 WinBuiltinPerfLoggingUsersSid = 58,
406 WinBuiltinAuthorizationAccessSid = 59,
407 WinBuiltinTerminalServerLicenseServersSid = 60,
408 WinBuiltinDCOMUsersSid = 61,
409 WinBuiltinIUsersSid = 62,
411 WinBuiltinCryptoOperatorsSid = 64,
412 WinUntrustedLabelSid = 65,
414 WinMediumLabelSid = 67,
415 WinHighLabelSid = 68,
416 WinSystemLabelSid = 69,
417 WinWriteRestrictedCodeSid = 70,
418 WinCreatorOwnerRightsSid = 71,
419 WinCacheablePrincipalsGroupSid = 72,
420 WinNonCacheablePrincipalsGroupSid = 73,
421 WinEnterpriseReadonlyControllersSid = 74,
422 WinAccountReadonlyControllersSid = 75,
423 WinBuiltinEventLogReadersGroup = 76,
424 WinNewEnterpriseReadonlyControllersSid = 77,
425 WinBuiltinCertSvcDComAccessGroup = 78,
426 WinMediumPlusLabelSid = 79,
427 WinLocalLogonSid = 80,
428 WinConsoleLogonSid = 81,
429 WinThisOrganizationCertificateSid = 82,
430 WinApplicationPackageAuthoritySid = 83,
431 WinBuiltinAnyPackageSid = 84,
432 WinCapabilityInternetClientSid = 85,
433 WinCapabilityInternetClientServerSid = 86,
434 WinCapabilityPrivateNetworkClientServerSid = 87,
435 WinCapabilityPicturesLibrarySid = 88,
436 WinCapabilityVideosLibrarySid = 89,
437 WinCapabilityMusicLibrarySid = 90,
438 WinCapabilityDocumentsLibrarySid = 91,
439 WinCapabilitySharedUserCertificatesSid = 92,
440 WinCapabilityEnterpriseAuthenticationSid = 93,
441 WinCapabilityRemovableStorageSid = 94,
442 WinBuiltinRDSRemoteAccessServersSid = 95,
443 WinBuiltinRDSEndpointServersSid = 96,
444 WinBuiltinRDSManagementServersSid = 97,
445 WinUserModeDriversSid = 98,
446 WinBuiltinHyperVAdminsSid = 99,
447 WinAccountCloneableControllersSid = 100,
448 WinBuiltinAccessControlAssistanceOperatorsSid = 101,
449 WinBuiltinRemoteManagementUsersSid = 102,
450 WinAuthenticationAuthorityAssertedSid = 103,
451 WinAuthenticationServiceAssertedSid = 104,
452 WinLocalAccountSid = 105,
453 WinLocalAccountAndAdministratorSid = 106,
454 WinAccountProtectedUsersSid = 107,
460#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
461#define SID_IDENTIFIER_AUTHORITY_DEFINED
481#define SID_REVISION 1
482#define SID_MAX_SUB_AUTHORITIES 15
483#define SID_RECOMMENDED_SUB_AUTHORITIES 1
486#define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof($ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof($ULONG)))
513#define SID_HASH_SIZE 32
524#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
527#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
530#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
533#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
536#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
538#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
540#define SECURITY_NULL_RID (0x00000000L)
541#define SECURITY_WORLD_RID (0x00000000L)
542#define SECURITY_LOCAL_RID (0x00000000L)
543#define SECURITY_LOCAL_LOGON_RID (0x00000001L)
545#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
546#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
547#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
548#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
549#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
554#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
556#define SECURITY_DIALUP_RID (0x00000001L)
557#define SECURITY_NETWORK_RID (0x00000002L)
558#define SECURITY_BATCH_RID (0x00000003L)
559#define SECURITY_INTERACTIVE_RID (0x00000004L)
560#define SECURITY_LOGON_IDS_RID (0x00000005L)
561#define SECURITY_LOGON_IDS_RID_COUNT (3L)
562#define SECURITY_SERVICE_RID (0x00000006L)
563#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
564#define SECURITY_PROXY_RID (0x00000008L)
565#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
566#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
567#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
568#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
569#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
570#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
571#define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
572#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
573#define SECURITY_IUSER_RID (0x00000011L)
574#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
575#define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
576#define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
577#define SECURITY_NT_NON_UNIQUE (0x00000015L)
578#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
579#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
581#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
582#define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
585#define SECURITY_PACKAGE_BASE_RID (0x00000040L)
586#define SECURITY_PACKAGE_RID_COUNT (2L)
587#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
588#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
589#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
591#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
592#define SECURITY_CRED_TYPE_RID_COUNT (2L)
593#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
595#define SECURITY_MIN_BASE_RID (0x00000050L)
596#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
597#define SECURITY_SERVICE_ID_RID_COUNT (6L)
598#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
599#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
600#define SECURITY_APPPOOL_ID_RID_COUNT (6L)
601#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
602#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
603#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
604#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
605#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
606#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
607#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
608#define SECURITY_WMIHOST_ID_RID_COUNT (6L)
609#define SECURITY_TASK_ID_BASE_RID (0x00000057L)
610#define SECURITY_NFS_ID_BASE_RID (0x00000058L)
611#define SECURITY_COM_ID_BASE_RID (0x00000059L)
612#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
614#define SECURITY_MAX_BASE_RID (0x0000006FL)
616#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
617#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
619#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
621#define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
625#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
627#define FOREST_USER_RID_MAX (0x000001F3L)
631#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
632#define DOMAIN_USER_RID_GUEST (0x000001F5L)
633#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
635#define DOMAIN_USER_RID_MAX (0x000003E7L)
639#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
640#define DOMAIN_GROUP_RID_USERS (0x00000201L)
641#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
642#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
643#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
644#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
645#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
646#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
647#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
648#define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
652#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
653#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
654#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
655#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
657#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
658#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
659#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
660#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
662#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
663#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
664#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
665#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
666#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
667#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
669#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
670#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
671#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
672#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
673#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
675#define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
676#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
677#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
678#define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
679#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
680#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
682#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
683#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
684#define SECURITY_MANDATORY_LOW_RID (0x00001000L)
685#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
686#define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
687#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
688#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
693#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
695#define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
700#define SYSTEM_LUID {0x3e7, 0x0}
701#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
702#define LOCALSERVICE_LUID {0x3e5, 0x0}
703#define NETWORKSERVICE_LUID {0x3e4, 0x0}
704#define IUSER_LUID {0x3e3, 0x0}
708#define SEP_LOGON_SESSION_TERMINATION_NOTIFY 0x0001
716#define ACCESS_MIN_MS_ACE_TYPE (0x0)
717#define ACCESS_ALLOWED_ACE_TYPE (0x0)
718#define ACCESS_DENIED_ACE_TYPE (0x1)
719#define SYSTEM_AUDIT_ACE_TYPE (0x2)
720#define SYSTEM_ALARM_ACE_TYPE (0x3)
721#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
722#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
723#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
724#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
725#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
726#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
727#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
728#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
729#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
730#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
731#define ACCESS_MAX_MS_ACE_TYPE (0x8)
732#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
733#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
734#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
735#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
736#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
737#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
738#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
739#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
740#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
741#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
746#define OBJECT_INHERIT_ACE (0x1)
747#define CONTAINER_INHERIT_ACE (0x2)
748#define NO_PROPAGATE_INHERIT_ACE (0x4)
749#define INHERIT_ONLY_ACE (0x8)
750#define INHERITED_ACE (0x10)
751#define VALID_INHERIT_FLAGS (0x1F)
753#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
754#define FAILED_ACCESS_ACE_FLAG (0x80)
805#define ACE_OBJECT_TYPE_PRESENT 0x00000001
806#define ACE_INHERITED_OBJECT_TYPE_PRESENT 0x00000002
808#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
809#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
810#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
811#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
812 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
813 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
815#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
819#define SE_OWNER_DEFAULTED 0x0001
820#define SE_GROUP_DEFAULTED 0x0002
821#define SE_DACL_PRESENT 0x0004
822#define SE_DACL_DEFAULTED 0x0008
823#define SE_SACL_PRESENT 0x0010
824#define SE_SACL_DEFAULTED 0x0020
825#define SE_DACL_UNTRUSTED 0x0040
826#define SE_SERVER_SECURITY 0x0080
827#define SE_DACL_AUTO_INHERIT_REQ 0x0100
828#define SE_SACL_AUTO_INHERIT_REQ 0x0200
829#define SE_DACL_AUTO_INHERITED 0x0400
830#define SE_SACL_AUTO_INHERITED 0x0800
831#define SE_DACL_PROTECTED 0x1000
832#define SE_SACL_PROTECTED 0x2000
833#define SE_RM_CONTROL_VALID 0x4000
834#define SE_SELF_RELATIVE 0x8000
862#define ACCESS_OBJECT_GUID 0
863#define ACCESS_PROPERTY_SET_GUID 1
864#define ACCESS_PROPERTY_GUID 2
865#define ACCESS_MAX_LEVEL 4
872#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
874#define ACCESS_DS_SOURCE_A "DS"
875#define ACCESS_DS_SOURCE_W L"DS"
876#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
877#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
879#define ACCESS_REASON_TYPE_MASK 0xffff0000
880#define ACCESS_REASON_DATA_MASK 0x0000ffff
904#define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
905#define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
906#define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
925#define TOKEN_ASSIGN_PRIMARY (0x0001)
926#define TOKEN_DUPLICATE (0x0002)
927#define TOKEN_IMPERSONATE (0x0004)
928#define TOKEN_QUERY (0x0008)
929#define TOKEN_QUERY_SOURCE (0x0010)
930#define TOKEN_ADJUST_PRIVILEGES (0x0020)
931#define TOKEN_ADJUST_GROUPS (0x0040)
932#define TOKEN_ADJUST_DEFAULT (0x0080)
933#define TOKEN_ADJUST_SESSIONID (0x0100)
935#define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
936 TOKEN_ASSIGN_PRIMARY |\
940 TOKEN_QUERY_SOURCE |\
941 TOKEN_ADJUST_PRIVILEGES |\
942 TOKEN_ADJUST_GROUPS |\
943 TOKEN_ADJUST_DEFAULT)
945#if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
946#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P | TOKEN_ADJUST_SESSIONID)
948#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
951#define TOKEN_READ (STANDARD_RIGHTS_READ | TOKEN_QUERY)
953#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
954 TOKEN_ADJUST_PRIVILEGES |\
955 TOKEN_ADJUST_GROUPS |\
956 TOKEN_ADJUST_DEFAULT)
958#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
1064#define TOKEN_MANDATORY_POLICY_OFF 0x0
1065#define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
1066#define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
1068#define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
1069 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
1071#define POLICY_AUDIT_SUBCATEGORY_COUNT (56)
1077#define TOKEN_SOURCE_LENGTH 8
1084#include <pshpack4.h>
1123typedef struct _SE_ACCESS_REPLY {
1125 $ULONG ResultListCount;
1178#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
1179#define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
1180#define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
1181#define TOKEN_WRITE_RESTRICTED 0x0008
1182#define TOKEN_HAS_ADMIN_GROUP TOKEN_WRITE_RESTRICTED
1183#define TOKEN_IS_RESTRICTED 0x0010
1184#define TOKEN_SESSION_NOT_REFERENCED 0x0020
1185#define TOKEN_SANDBOX_INERT 0x0040
1186#define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
1187#define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
1188#define TOKEN_VIRTUALIZE_ALLOWED 0x0200
1189#define TOKEN_VIRTUALIZE_ENABLED 0x0400
1190#define TOKEN_IS_FILTERED 0x0800
1191#define TOKEN_UIACCESS 0x1000
1192#define TOKEN_NOT_LOW 0x2000
_SECURITY_IMPERSONATION_LEVEL
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
ACCESS_MASK * PACCESS_MASK
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
UNICODE_STRING ObjectName
ACCESS_MASK PreviouslyGrantedAccess
INITIAL_PRIVILEGE_SET InitialPrivilegeSet
PSECURITY_DESCRIPTOR SecurityDescriptor
ACCESS_MASK OriginalDesiredAccess
ACCESS_MASK RemainingDesiredAccess
PRIVILEGE_SET PrivilegeSet
BOOLEAN SecurityEvaluated
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
union _ACCESS_STATE::@4183 Privileges
UNICODE_STRING ObjectTypeName
BOOLEAN PrivilegesAllocated
ACCESS_MASK GenericExecute
LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT]
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
TOKEN_CONTROL ClientTokenControl
PACCESS_TOKEN ClientToken
SECURITY_QUALITY_OF_SERVICE SecurityQos
BOOLEAN DirectlyAccessClientToken
BOOLEAN DirectAccessEffectiveOnly
SECURITY_DESCRIPTOR_CONTROL Control
SECURITY_DESCRIPTOR_CONTROL Control
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
PACCESS_TOKEN ClientToken
PACCESS_TOKEN PrimaryToken
$ULONG ObjectTypeListCount
POBJECT_TYPE_LIST ObjectTypeList
PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor
ACCESS_MASK DesiredAccess
PGENERIC_MAPPING GenericMapping
ACCESS_MASK PreviouslyGrantedAccess
PSECURITY_DESCRIPTOR SecurityDescriptor
SE_ADT_PARAMETER_TYPE Type
UNICODE_STRING ObjectName
UNICODE_STRING SubsystemName
UNICODE_STRING ObjectTypeName
AUDIT_EVENT_TYPE AuditType
SE_AUDIT_OPERATION AuditOperation
LUID SeCreateSymbolicLinkPrivilege
PSID SeSystemMandatorySid
LUID SeUnsolicitedInputPrivilege
LUID SeIncreaseBasePriorityPrivilege
LUID SeAssignPrimaryTokenPrivilege
LUID SeTrustedCredManAccessPrivilege
LUID SeLoadDriverPrivilege
LUID SeLockMemoryPrivilege
LUID SeProfileSingleProcessPrivilege
LUID SeIncreaseQuotaPrivilege
LUID SeEnableDelegationPrivilege
LUID SeTakeOwnershipPrivilege
LUID SeSystemtimePrivilege
PSID SeUntrustedMandatorySid
PSID SeAuthenticatedUsersSid
PSID SeMediumMandatorySid
LUID SeSystemProfilePrivilege
PSID SeAliasAccountOpsSid
LUID SeCreateGlobalPrivilege
LUID SeCreatePagefilePrivilege
LUID SeIncreaseWorkingSetPrivilege
LUID SeImpersonatePrivilege
LUID SeChangeNotifyPrivilege
LUID SeSyncAgentPrivilege
LUID SeSystemEnvironmentPrivilege
LUID SeCreateTokenPrivilege
PSID SeAliasPowerUsersSid
LUID SeManageVolumePrivilege
LUID SeCreatePermanentPrivilege
LUID SeRemoteShutdownPrivilege
SECURITY_IMPERSONATION_LEVEL Level
PSECURITY_DESCRIPTOR SecurityDescriptor
PSID_AND_ATTRIBUTES SidAttr
SID_HASH_ENTRY Hash[SID_HASH_SIZE]
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
$UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) > > 1)+1]
$ULONG RestrictedSidLength
PSID_AND_ATTRIBUTES RestrictedSids
PLUID_AND_ATTRIBUTES Privileges
$ULONG RestrictedSidCount
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
LUID OriginatingLogonSession
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
LARGE_INTEGER ExpirationTime
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
_Must_inspect_result_ _In_ WDFQUEUE _In_opt_ WDFREQUEST _In_opt_ WDFFILEOBJECT _Inout_opt_ PWDF_REQUEST_PARAMETERS Parameters
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
struct _SE_AUDIT_INFO * PSE_AUDIT_INFO
struct _SYSTEM_ALARM_ACE * PSYSTEM_ALARM_ACE
struct _SE_EXPORTS * PSE_EXPORTS
ULONG_PTR * PSID_HASH_ENTRY
struct _TOKEN_PRIMARY_GROUP TOKEN_PRIMARY_GROUP
struct _ACCESS_STATE ACCESS_STATE
struct _SE_SECURITY_DESCRIPTOR SE_SECURITY_DESCRIPTOR
struct _SECURITY_CLIENT_CONTEXT SECURITY_CLIENT_CONTEXT
struct _SID_AND_ATTRIBUTES * PSID_AND_ATTRIBUTES
struct _TOKEN_SOURCE * PTOKEN_SOURCE
struct _TOKEN_GROUPS * LPTOKEN_GROUPS
struct _SECURITY_SUBJECT_CONTEXT * PSECURITY_SUBJECT_CONTEXT
struct _SE_ACCESS_REQUEST SE_ACCESS_REQUEST
struct _TOKEN_GROUPS * PTOKEN_GROUPS
SID_AND_ATTRIBUTES_ARRAY * PSID_AND_ATTRIBUTES_ARRAY
struct _INITIAL_PRIVILEGE_SET INITIAL_PRIVILEGE_SET
enum _SE_AUDIT_OPERATION SE_AUDIT_OPERATION
struct _OBJECT_TYPE_LIST * POBJECT_TYPE_LIST
enum _MANDATORY_LEVEL * PMANDATORY_LEVEL
struct _TOKEN_CONTROL TOKEN_CONTROL
@ AccessReasonDeniedParentAce
@ AccessReasonAllowedParentAce
@ AccessReasonMissingPrivilege
@ AccessReasonFromPrivilege
@ AccessReasonIntegrityLevel
struct _TOKEN_AUDIT_POLICY TOKEN_AUDIT_POLICY
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
* LPSID_IDENTIFIER_AUTHORITY
struct _SYSTEM_MANDATORY_LABEL_ACE SYSTEM_MANDATORY_LABEL_ACE
struct _SYSTEM_ALARM_ACE SYSTEM_ALARM_ACE
struct _TOKEN_USER TOKEN_USER
$ULONG SECURITY_INFORMATION
struct _TOKEN_SOURCE TOKEN_SOURCE
#define TOKEN_SOURCE_LENGTH
struct _TOKEN_STATISTICS * PTOKEN_STATISTICS
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
enum _SE_ADT_PARAMETER_TYPE * PSE_ADT_PARAMETER_TYPE
struct _INITIAL_PRIVILEGE_SET * PINITIAL_PRIVILEGE_SET
enum _SID_NAME_USE SID_NAME_USE
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES
struct _ACCESS_STATE * PACCESS_STATE
struct _TOKEN_USER * PTOKEN_USER
struct _ACCESS_DENIED_OBJECT_ACE * PACCESS_DENIED_OBJECT_ACE
struct _ACCESS_DENIED_ACE ACCESS_DENIED_ACE
@ MandatoryLevelUntrusted
@ MandatoryLevelSecureProcess
struct _SE_IMPERSONATION_STATE * PSE_IMPERSONATION_STATE
struct _ACCESS_REASONS * PACCESS_REASONS
struct _ACCESS_ALLOWED_OBJECT_ACE * PACCESS_ALLOWED_OBJECT_ACE
struct _TOKEN_MANDATORY_LABEL TOKEN_MANDATORY_LABEL
struct _TOKEN_ORIGIN TOKEN_ORIGIN
struct _ACCESS_ALLOWED_OBJECT_ACE ACCESS_ALLOWED_OBJECT_ACE
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
struct _SECURITY_CLIENT_CONTEXT * PSECURITY_CLIENT_CONTEXT
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
struct _SYSTEM_MANDATORY_LABEL_ACE * PSYSTEM_MANDATORY_LABEL_ACE
#define POLICY_AUDIT_SUBCATEGORY_COUNT
struct _GENERIC_MAPPING GENERIC_MAPPING
struct _SYSTEM_AUDIT_ACE SYSTEM_AUDIT_ACE
$USHORT * PSECURITY_DESCRIPTOR_CONTROL
@ SeAdtParmTypeLogonIdNoSid
@ SeAdtParmTypeSockAddrNoPort
@ SeAdtParmTypeLogonHours
@ SeAdtParmTypeAccessReason
@ SeAdtParmTypeAccessMask
@ SeAdtParmTypeUserAccountControl
@ SeAdtParmTypeStringList
@ SeAdtParmTypeUlongNoConv
@ SeAdtParmTypeObjectTypes
struct _SECURITY_SUBJECT_CONTEXT SECURITY_SUBJECT_CONTEXT
struct _TOKEN_PRIVILEGES * LPTOKEN_PRIVILEGES
struct _TOKEN_CONTROL * PTOKEN_CONTROL
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
BOOLEAN SECURITY_CONTEXT_TRACKING_MODE
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
struct _SE_SECURITY_DESCRIPTOR * PSE_SECURITY_DESCRIPTOR
struct _SE_ADT_OBJECT_TYPE SE_ADT_OBJECT_TYPE
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
struct _SE_ADT_OBJECT_TYPE * PSE_ADT_OBJECT_TYPE
$endif(_WDMDDK_||_WINNT_) $if(_WINNT_) $endif(_WINNT_) $if(_WDMDDK_) typedef enum _SECURITY_OPERATION_CODE
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
struct _TOKEN_GROUPS_AND_PRIVILEGES * PTOKEN_GROUPS_AND_PRIVILEGES
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
struct _LUID_AND_ATTRIBUTES * PLUID_AND_ATTRIBUTES
struct _ACCESS_REASONS ACCESS_REASONS
* PSECURITY_OPERATION_CODE
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
$ULONG * PSECURITY_INFORMATION
enum _MANDATORY_LEVEL MANDATORY_LEVEL
struct _SE_ADT_PARAMETER_ARRAY_ENTRY SE_ADT_PARAMETER_ARRAY_ENTRY
struct _TOKEN_ACCESS_INFORMATION TOKEN_ACCESS_INFORMATION
struct _TOKEN_LINKED_TOKEN TOKEN_LINKED_TOKEN
struct _TOKEN_ELEVATION * PTOKEN_ELEVATION
struct _SE_ADT_PARAMETER_ARRAY_ENTRY * PSE_ADT_PARAMETER_ARRAY_ENTRY
struct _ACE_HEADER ACE_HEADER
struct _SID_AND_ATTRIBUTES_HASH * PSID_AND_ATTRIBUTES_HASH
enum _SID_NAME_USE * PSID_NAME_USE
@ TokenSecurityAttributes
@ TokenGroupsAndPrivileges
@ TokenRestrictedDeviceClaimAttributes
@ TokenVirtualizationAllowed
@ TokenImpersonationLevel
@ TokenDeviceClaimAttributes
@ TokenRestrictedDeviceGroups
@ TokenRestrictedUserClaimAttributes
@ TokenVirtualizationEnabled
@ TokenAppContainerNumber
@ TokenUserClaimAttributes
struct _SID_AND_ATTRIBUTES_HASH SID_AND_ATTRIBUTES_HASH
SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]
struct _SE_AUDIT_INFO SE_AUDIT_INFO
$if(_WDMDDK_||_WINNT_) typedef PVOID PSECURITY_DESCRIPTOR
struct _SYSTEM_AUDIT_ACE * PSYSTEM_AUDIT_ACE
LUID_AND_ATTRIBUTES_ARRAY * PLUID_AND_ATTRIBUTES_ARRAY
struct _TOKEN_STATISTICS TOKEN_STATISTICS
struct _SE_ACCESS_REQUEST * PSE_ACCESS_REQUEST
struct _TOKEN_MANDATORY_POLICY * PTOKEN_MANDATORY_POLICY
enum _TOKEN_INFORMATION_CLASS * PTOKEN_INFORMATION_CLASS
struct _ACCESS_DENIED_ACE * PACCESS_DENIED_ACE
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
enum _ACCESS_REASON_TYPE ACCESS_REASON_TYPE
struct _ACE_HEADER * PACE_HEADER
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
* PSID_IDENTIFIER_AUTHORITY
struct _TOKEN_MANDATORY_POLICY TOKEN_MANDATORY_POLICY
struct _ACCESS_DENIED_OBJECT_ACE ACCESS_DENIED_OBJECT_ACE
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
struct _TOKEN_MANDATORY_LABEL * PTOKEN_MANDATORY_LABEL
struct _SE_ADT_ACCESS_REASON * PSE_ADT_ACCESS_REASON
@ AuditOpenObjectForDelete
@ AuditOpenObjectWithTransaction
@ AuditOpenObjectForDeleteWithTransaction
struct _TOKEN_LINKED_TOKEN * PTOKEN_LINKED_TOKEN
@ AuditEventDirectoryServiceAccess
NTSTATUS(NTAPI * PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId)
enum _TOKEN_TYPE * PTOKEN_TYPE
VOID(NTAPI * PNTFS_DEREF_EXPORTED_SECURITY_DESCRIPTOR)(_In_ PVOID Vcb, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
enum _SE_AUDIT_OPERATION * PSE_AUDIT_OPERATION
struct _TOKEN_ACCESS_INFORMATION * PTOKEN_ACCESS_INFORMATION
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
$USHORT SECURITY_DESCRIPTOR_CONTROL
struct _TOKEN_DEFAULT_DACL TOKEN_DEFAULT_DACL
struct _OBJECT_TYPE_LIST OBJECT_TYPE_LIST
struct _TOKEN_ELEVATION TOKEN_ELEVATION
struct _SE_EXPORTS SE_EXPORTS
LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
enum _AUDIT_EVENT_TYPE AUDIT_EVENT_TYPE
struct _SE_ADT_PARAMETER_ARRAY * PSE_ADT_PARAMETER_ARRAY
struct _PRIVILEGE_SET * PPRIVILEGE_SET
struct _SE_ADT_ACCESS_REASON SE_ADT_ACCESS_REASON
struct _TOKEN_GROUPS TOKEN_GROUPS
#define INITIAL_PRIVILEGE_COUNT
enum _AUDIT_EVENT_TYPE * PAUDIT_EVENT_TYPE
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
struct _TOKEN_AUDIT_POLICY * PTOKEN_AUDIT_POLICY
struct _SE_IMPERSONATION_STATE SE_IMPERSONATION_STATE
struct _PRIVILEGE_SET PRIVILEGE_SET
BOOLEAN * PSECURITY_CONTEXT_TRACKING_MODE
struct _GENERIC_MAPPING * PGENERIC_MAPPING
struct _TOKEN_GROUPS_AND_PRIVILEGES TOKEN_GROUPS_AND_PRIVILEGES
struct _SE_ADT_PARAMETER_ARRAY SE_ADT_PARAMETER_ARRAY
enum _SE_ADT_PARAMETER_TYPE SE_ADT_PARAMETER_TYPE
struct _TOKEN_OWNER TOKEN_OWNER
enum _TOKEN_TYPE TOKEN_TYPE
struct _TOKEN_OWNER * PTOKEN_OWNER
#define SE_MAX_AUDIT_PARAMETERS