2.4.8 TOKEN_MANDATORY_POLICY

Article
04/04/2023

The TOKEN_MANDATORY_POLICY structure specifies the mandatory integrity policy for a token.

 typedef struct _TOKEN_MANDATORY_POLICY {
   DWORD Policy;
 } TOKEN_MANDATORY_POLICY,
  *PTOKEN_MANDATORY_POLICY;

Policy: The Policy member contains a value denoting the mandatory integrity policy of the token; these values are mutually exclusive.

Value	Meaning
TOKEN_MANDATORY_POLICY_OFF 0x00000000	No mandatory integrity policy is enforced for the token.
TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x00000001	A process associated with the token cannot write to objects that have a greater mandatory integrity level.
TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x00000002	A process created with the token has an integrity level that is the lesser of the parent-process integrity level and the executable-file integrity level.

Value

Meaning

TOKEN_MANDATORY_POLICY_OFF

0x00000000

No mandatory integrity policy is enforced for the token.

TOKEN_MANDATORY_POLICY_NO_WRITE_UP

0x00000001

A process associated with the token cannot write to objects that have a greater mandatory integrity level.

TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN

0x00000002

A process created with the token has an integrity level that is the lesser of the parent-process integrity level and the executable-file integrity level.

2.4.8 TOKEN_MANDATORY_POLICY

Additional resources