Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The SeTokenSetNoChildProcessRestricted routine sets the TOKEN_NO_CHILD_PROCESS_UNLESS_SECURE or TOKEN_AUDIT_NO_CHILD_PROCESS flags in the token.
Syntax
void SeTokenSetNoChildProcessRestricted(
[in] PACCESS_TOKEN Token,
[in] BOOLEAN UnlessSecure,
[in] BOOLEAN AuditOnly
);
Parameters
[in] Token
Specifies a pointer to the access token.
[in] UnlessSecure
A pointer to a boolean that indicates that secure process creation should always be enabled.
[in] AuditOnly
A pointer to a boolean that indicates if the mitigation should be enabled in audit-only mode.
Return value
None
Remarks
Note that both flags cannot be set at the same time and it is possible to upgrade from audit-only mode to enforcement mode but not vice-versa.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 10, version 1709. |
| Target Platform | Windows |
| Header | ntifs.h (include Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |