{
PAGED_CODE();
- return (((PTOKEN)Token)->TokenFlags & TOKEN_WRITE_RESTRICTED) != 0;
+ // NOTE: Win7+ instead really checks the list of groups in the token
+ // (since TOKEN_HAS_ADMIN_GROUP == TOKEN_WRITE_RESTRICTED ...)
+ return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_ADMIN_GROUP) != 0;
}
/*
/*
* @implemented
+ * @note First introduced in NT 5.1 SP2 x86 (5.1.2600.2622), absent in NT 5.2,
+ * then finally re-introduced in Vista+.
*/
BOOLEAN
NTAPI
{
PAGED_CODE();
- return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_RESTORE_PRIVILEGE) != 0;
+ // NOTE: NT 5.1 SP2 x86 checks the SE_BACKUP_PRIVILEGES_CHECKED flag
+ // while Vista+ checks the TOKEN_WRITE_RESTRICTED flag as one expects.
+ return (((PTOKEN)Token)->TokenFlags & SE_BACKUP_PRIVILEGES_CHECKED) != 0;
}
/* SYSTEM CALLS ***************************************************************/
* is correct either. -Gunnar
* This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI
* NOTE for readers: http://hex.pp.ua/nt/NtDuplicateToken.php is therefore
- * wrong in that regard.
+ * wrong in that regard, while MSDN documentation is correct.
*/
NTSTATUS NTAPI
NtDuplicateToken(IN HANDLE ExistingTokenHandle,
/* end winnt.h */
-#define TOKEN_HAS_ADMIN_GROUP 0x08
-
#if (VER_PRODUCTBUILD >= 1381)
#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
#endif /* (VER_PRODUCTBUILD >= 1381) */
#define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
#define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
#define TOKEN_WRITE_RESTRICTED 0x0008
+#define TOKEN_HAS_ADMIN_GROUP TOKEN_WRITE_RESTRICTED
#define TOKEN_IS_RESTRICTED 0x0010
#define TOKEN_SESSION_NOT_REFERENCED 0x0020
#define TOKEN_SANDBOX_INERT 0x0040