NtPrivilegeCheck function (ntifs.h)
NtPrivilegeCheck is reserved for system use.
Syntax
__kernel_entry NTSYSCALLAPI NTSTATUS NtPrivilegeCheck(
[in] HANDLE ClientToken,
[in, out] PPRIVILEGE_SET RequiredPrivileges,
[out] PBOOLEAN Result
);
Parameters
[in] ClientToken
A handle to a token object representing a client attempting access. This handle must be obtained from a communication session layer, such as from an LPC Port or Local Named Pipe, to prevent possible security policy violations.
[in, out] RequiredPrivileges
Pointer to a PRIVILEGE_SET structure. The Privilege member of this structure is an array of LUID_AND_ATTRIBUTES structures. Before calling SePrivilegeCheck, use the Privilege array to indicate the set of privileges to check. Set the Control member to PRIVILEGE_SET_ALL_NECESSARY if all of the privileges must be enabled; or set it to zero if it is sufficient that any one of the privileges be enabled.
[out] Result
Receives a boolean flag indicating whether the client has all the specified privileges. A value of TRUE indicates the client has all the specified privileges; otherwise a value of FALSE is returned.
Return value
NtPrivilegeCheck returns STATUS_SUCCESS on successful completion. Otherwise, it returns an error code, such as the following.
| Return code | Description |
|---|---|
| STATUS_PRIVILEGE_NOT_HELD | The caller does not have sufficient privilege to use this privileged system service. |
Remarks
An access token contains a list of the privileges held by the account associated with the token. These privileges can be enabled or disabled; most are disabled by default. NtPrivilegeCheck checks only for enabled privileges. To get a list of all the enabled and disabled privileges held by an access token, call SeQueryInformationToken.
For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP |
| Header | ntifs.h |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |