Location: Symbol Reference > Classes > TJwSecurityToken Class
JWSCL Documentation
ContentsIndexHome
TJwSecurityToken Properties
TJwSecurityToken Class  Legend
TJwSecurityToken Properties
TJwSecurityToken Class
 
Name 
Description 
 
AccessMask 
AccessMask contains the access flags that was specified when the token was created or opened 
 
ElevationType 
ElevationType returns the elavation type of the process on a Windows Vista system. If the system is not a supported the exception EJwsclUnsupportedWindowsVersionException will be raised 
 
ImpersonationLevel 
ImpersonationLevel returns the impersonation level of an impersonated token. If the token is a primary token, the result is always DEFAULT_IMPERSONATION_LEVEL 
 
IsImpersonationToken 
IsImpersonationToken returns true if the current token instance is a impersonated token; otherwise false. Same as IsThreadToken 
 
IsPrimaryToken 
IsPrimaryToken returns true if the current token instance is a primary token; otherwise false. 
 
IsRestricted 
IsRestricted returns true if the token was created by CreateRestrictedToken (or by the equivalent winapi function); otherwise false The call just checks for deny SIDs in the token groups and if it finds any deny SID it returns true. Removed privileges are not detectable. 
 
IsThreadToken 
IsThreadToken returns true if the current token instance is a thread token; otherwise false; Same as IsImpersonationToken
 
IsTokenMemberShip 
IsTokenMemberShip[aSID checks if a user is listed in the tokens user list 
 
LinkedToken 
LinkedToken returns the linked token of this token. In vista every token can have a second token that has more or less rights. The UAC uses this token to assign it to a new process with elevated rights. However this token is useless for non privileged tokens because SetThreadToken and other functions which get this token checks whether the user can use this token or not. 
 
MandatoryPolicy 
MandatoryPolicy returns the mandatory policy of the token. This property can have one the following values (from MSDN: http://msdn2.microsoft.com/en-us/library/bb394728.aspx):
  • TOKEN_MANDATORY_POLICY_OFF No mandatory integrity policy is enforced for the token.
  • TOKEN_MANDATORY_POLICY_NO_WRITE_UP A process associated with the token cannot write to objects that have a greater mandatory integrity level.
  • TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN A process created with the token has an integrity level that is the lesser of the parent-process integrity level and the executable-file integrity level.
  • TOKEN_MANDATORY_POLICY_VALID_MASK A combination of TOKEN_MANDATORY_POLICY_NO_WRITE_UP and TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN
 
 
PrimaryGroup 
PrimaryGroup sets or gets the primary group. To set the value the token needs TOKEN_ADJUST_DEFAULT privilege 
 
PrivilegeAvailable 
PrivilegeAvailable[Name checks whether a defined privilege is available in the token. It returns true if the privilege was found; otherwise false. 
 
PrivilegeEnabled 
PrivilegeEnabled[Name sets or gets a privilege of the token. If you plan to use this property extensivly try GetTokenPrivileges instead.
EJwsclPrivilegeNotFoundException will be raised if you try to set a privilege that is unknown or not available in the token. If you try to read a privilege that could not be found in the privilege list the return value will be false. 
 
RunElevation 
RunElevation returns the elavation status of the process on a Windows Vista system. If the system is not a supported the exception EJwsclUnsupportedWindowsVersionException will be raised 
 
Shared 
Shared is a user defined boolean state that defines whether the token handle is used out of this instance scope. If true some methods do not work because they closes the handle which would lead to unpredictable results. 
 
TokenDefaultDacl 
TOKEN_ADJUST_DEFAULT 
 
TokenGroups 
TokenGroups contains the groups which the token belongs to. The caller is responsible to free the returned security id list. Do not use members of TokenGroups directly without using a variable. Every call of members directly will result into a new list!
The token handle must be valid otherwise EJwsclInvalidTokenHandle will be raised.
Get: see GetTokenInformation for more information about exceptions. Set: EJwsclNILParameterException is raised if the given list is nil. EJwsclWinCallFailedException is raised if a call to AdjustTokenGroups failed. 
 
TokenGroupsAttributes 
TokenGroupsAttributes[Index sets or gets the token groups attributes. Through these attributes a token group can be activated to let AccessCheck use it in its checking. This property raises EListError if the Index could not be found. For further information and exceptions see TokenGroups
 
TokenGroupsAttributesBySid 
TokenGroupsAttributesBySid[Sid sets or gets the token groups attributes. Through these attributes a token group can be activated to let AccessCheck use it in its checking. This property raises EListError if the Sid could not be found. For further information and exceptions see TokenGroups
 
TokenHandle 
TokenHandle contains a handle to the opened token. It can be zero. 
 
TokenIntegrityLevel 
TokenIntegrityLevel returns the integrity level of the token. 
 
TokenIntegrityLevelType 
TokenIntegrityLevelType sets or gets the TokenIntegrityLevel in an easier way. This property uses iltLow, iltMedium, iltHigh, iltSystem and iltProtected to get or set the integrity level. 
 
TokenOrigin 
TokenOrigin sets or gets the token origin. The value can only be set if it has not been already set. The process or thread needs the SE_TCB_NAME privilege to set a value. 
 
TokenOwner 
TokenOwner sets or gets the token owner. To set the value the token needs TOKEN_ADJUST_DEFAULT privilege.
Returned Sid must be freed. 
 
TokenRestrictedSids 
TokenRestrictedSids contains all users that have restricted rights on the token. The user must free the list 
 
TokenSessionId 
TokenSessionId sets or gets the Session ID of the token. To set the value the token needs SE_TCB_NAME privilege.
A write call on a Windows 2000 is ignored! A write call on needs the SE_TCB_NAME privilege.
To set the SessionID in an existing token you need to create a duplicate first and set the ID of the duplicated token. Use CreateDuplicateExistingToken for this reason.
See http://msdn2.microsoft.com/en-us/library/aa379591.aspx for more information. 
 
TokenType 
TokenTypes gets the token type. The result can be one of these values : TokenPrimary, TokenImpersonation 
 
TokenUser 
TokenUser contains the user that holds the token. A read call creates a new TJwSecurityId that must be destroyed! 
 
TokenUserName 
TokenUserName returns the username stored in the token. This value may differ from the API function GetCurrentUserName 
 
UserName 
UserName returns the logged on user name of the current logon session. The return value may differ from TokenUserName because it gets the username from the logon session and not from the username stored in the token. 
 
VirtualizationAllowed 
VirtualizationAllowed returns the status of allowance of virtualization of the process on a Windows Vista system. If the system is not a supported the exception EJwsclUnsupportedWindowsVersionException will be raised 
 
VirtualizationEnabled 
VirtualizationEnabled returns the status of status of virtualization. It is either on or off and only works on a Windows Vista system. If the system is not a supported the exception EJwsclUnsupportedWindowsVersionException will be raised 
Copyright (c) 2010. All rights reserved.
This help was created by Doc-O-Matic sponsored by toolsfactory software inc.
Contents | Index | Home