DeriveCapabilitySidsFromName function (securitybaseapi.h)
This function constructs two arrays of SIDs out of a capability name. One is an array group SID with NT Authority, and the other is an array of capability SIDs with AppAuthority.
BOOL DeriveCapabilitySidsFromName( [in] LPCWSTR CapName, [out] PSID **CapabilityGroupSids, [out] DWORD *CapabilityGroupSidCount, [out] PSID **CapabilitySids, [out] DWORD *CapabilitySidCount );
Name of the capability in string form.
The GroupSids with NTAuthority.
The count of GroupSids in the array.
CapabilitySids with AppAuthority.
The count of CapabilitySid with AppAuthority.
If the function succeeds, it returns TRUE.
If the function fails, it returns FALSE. To get extended error information, call GetLastError.
The caller is expected to free the individual SIDs returned in each array by calling
LocalFree, as well as memory allocated for the array itself.
The SID computed for the application capability of legacy capabilities (published prior to Win10) will be the same as the published SIDs but the SID for the service group capability SID will be hash based.
|Minimum supported client||Windows XP [desktop apps | UWP apps]|
|Minimum supported server||Windows Server 2003 [desktop apps | UWP apps]|
|Header||securitybaseapi.h (include Windows.h)|