Microsoft KB Archive/119669

{|
 * width="100%"|

HOWTO: List Account Privileges

 * }

Q119669

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), used with:
 * Microsoft Windows NT Server versions 3.1, 3.5, 3.51, 4.0
 * Microsoft Windows NT Workstation versions 3.1, 3.5, 3.51, 4.0
 * the operating system: Microsoft Windows 2000

-

SUMMARY
This article demonstrates how to list the privileges contained within the access token of a process.

MORE INFORMATION
When a user starts a process, that process takes on the security attributes of the user. These attributes are stored within the access token for the process. The security attributes inherited from the user include account privileges, which control access to system services. To list the privileges belonging to a process (and thus to the current user), perform the following steps:


 * 1) Call the GetCurrentProcess function to obtain a handle to the current process.
 * 2) Call the GetProcessToken function to obtain the process's access token.
 * 3) Call the GetTokenInformation function to obtain the list of privileges.
 * 4) Cycle through the list of privileges, by using the LookupPrivilegeName and LookupPrivilegeDisplayName functions to obtain textual privilege names for each privilege in the list.

Sample Code
The following sample code lists the privilege name, along with a user friendly description of the privilege (called a display name), for each privilege contained within the access token of the current process. The privilege names and display names are defined in the Winnt.h header file.

#include 
 * 1) include 


 * 1) define NAME_SIZE 255

void main(void) {

HANDLE           hToken        = NULL; DWORD            cbTokenInfo   = 0; PTOKEN_PRIVILEGES ptiPrivileges = NULL;

char szPrivilegeName[NAME_SIZE]; DWORD cbPrivilegeName; char szDisplayName[NAME_SIZE]; DWORD cbDisplayName; DWORD dwLangId; UINT nIndex;

__try {

// Retrieve a handle for the process's access token. if (!OpenProcessToken(GetCurrentProcess, TOKEN_READ, &hToken)) {

printf("OpenProcessToken failed. Error %d\n",                GetLastError); __leave; }

// Determine required size of buffer for token privileges. if (GetTokenInformation(hToken, TokenPrivileges, NULL, 0, &cbTokenInfo)) {

// Call should have failed due to zero-length buffer. __leave; } else {

// Call should have failed due to zero-length buffer. if (GetLastError != ERROR_INSUFFICIENT_BUFFER) { printf("GetTokenInformation failed. Error %d\n",                  GetLastError); __leave; }     }

// Allocate a buffer for the token privileges. ptiPrivileges = (PTOKEN_PRIVILEGES) HeapAlloc(GetProcessHeap,           HEAP_ZERO_MEMORY, cbTokenInfo); if (!ptiPrivileges) { printf("HeapAlloc failed. Error %d\n", GetLastError); __leave; }

// Retrieve the token privileges. if (!GetTokenInformation(hToken, TokenPrivileges, ptiPrivileges, cbTokenInfo, &cbTokenInfo)) { printf("GetTokenInformation failed. Error %d\n",                GetLastError); __leave; }     // Display the privileges. printf("%-32s %s\n", "PRIVILEGE NAME", "DISPLAY NAME"); printf("%-32s %s\n", "--", "");

// Scan through all of the LUIDs. for (nIndex = 0; nIndex < ptiPrivileges->PrivilegeCount;         nIndex++) {

// Retrieve the privilege name associated with this LUID. cbPrivilegeName = NAME_SIZE; if (!LookupPrivilegeName(NULL, &ptiPrivileges->Privileges[nIndex].Luid, szPrivilegeName, &cbPrivilegeName)) { printf("LookupPrivilegeName failed. Error %d\n",                  GetLastError); __leave; }

// Retrieve the display name associated with this LUID. cbDisplayName = NAME_SIZE; if (!LookupPrivilegeDisplayName(NULL, szPrivilegeName, szDisplayName, &cbDisplayName, &dwLangId)) { printf("LookupPrivilegeDisplayName failed. Error %d\n",                  GetLastError); __leave; }

printf("%-32s %s\n", szPrivilegeName, szDisplayName); }  } __finally {

// Free resources. if (hToken) CloseHandle(hToken);

if (!ptiPrivileges) HeapFree(GetProcessHeap, 0, ptiPrivileges); }  return; } Additional query words: 3.10 3.50

Keywords : kbAccCtrl kbAPI kbKernBase kbOSWinNT350 kbOSWinNT351 kbOSWinNT400 kbOSWin2000 kbSecurity kbDSupport kbGrpDSKernBase

Issue type : kbhowto

Technology : kbAudDeveloper kbWin32sSearch kbWin32API