+static
+BOOL
+ScmEnableBackupRestorePrivileges(
+ _In_ HANDLE hToken,
+ _In_ BOOL bEnable)
+{
+ PTOKEN_PRIVILEGES pTokenPrivileges = NULL;
+ DWORD dwSize;
+ BOOL bRet = FALSE;
+
+ DPRINT("ScmEnableBackupRestorePrivileges(%p %d)\n", hToken, bEnable);
+
+ dwSize = sizeof(TOKEN_PRIVILEGES) + 2 * sizeof(LUID_AND_ATTRIBUTES);
+ pTokenPrivileges = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize);
+ if (pTokenPrivileges == NULL)
+ {
+ DPRINT1("Failed to allocate the privilege buffer!\n");
+ goto done;
+ }
+
+ pTokenPrivileges->PrivilegeCount = 2;
+ pTokenPrivileges->Privileges[0].Luid.LowPart = SE_BACKUP_PRIVILEGE;
+ pTokenPrivileges->Privileges[0].Luid.HighPart = 0;
+ pTokenPrivileges->Privileges[0].Attributes = (bEnable ? SE_PRIVILEGE_ENABLED : 0);
+ pTokenPrivileges->Privileges[1].Luid.LowPart = SE_RESTORE_PRIVILEGE;
+ pTokenPrivileges->Privileges[1].Luid.HighPart = 0;
+ pTokenPrivileges->Privileges[1].Attributes = (bEnable ? SE_PRIVILEGE_ENABLED : 0);
+
+ bRet = AdjustTokenPrivileges(hToken, FALSE, pTokenPrivileges, 0, NULL, NULL);
+ if (!bRet)
+ {
+ DPRINT1("AdjustTokenPrivileges() failed with error %lu\n", GetLastError());
+ }
+ else if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
+ {
+ DPRINT1("AdjustTokenPrivileges() succeeded, but with not all privileges assigned\n");
+ bRet = FALSE;
+ }
+
+done:
+ if (pTokenPrivileges != NULL)
+ HeapFree(GetProcessHeap(), 0, pTokenPrivileges);
+
+ return bRet;
+}
+
+