 | |
Sid | |
SID group types.
TOKEN_GROUPS structure
Namespace: Xcalibur.NativeMethods.V2.Security
Assembly: Xcalibur.NativeMethods.V2 (in Xcalibur.NativeMethods.V2.dll) Version: 1.0.1.0
SyntaxMembers| Member name | Value | Description |
|---|---|---|
| Mandatory | 1 | The SID cannot have the attribute cleared by a call to the function. However, you can use the CreateRestrictedToken function to convert a mandatory SID to a deny-only SID. |
| EnabledByDefault | 2 | The SID is enabled by default. |
| Enabled | 4 | The SID is enabled for access checks. When the system performs an access check, it checks for access-allowed and access-denied access control entries (ACEs) that apply to the SID. A SID without this attribute is ignored during an access check unless the attribute is set. |
| Owner | 8 | The SID identifies a group account for which the user of the token is the owner of the group, or the SID can be assigned as the owner of the token or objects. |
| UseForDenyOnly | 16 | The SID is a deny-only SID in a restricted token. When the system performs an access check, it checks for access-denied ACEs that apply to the SID; it ignores access-allowed ACEs for the SID. If this attribute is set, is not set, and the SID cannot be reenabled. |
| Integrity | 32 | The SID is a mandatory integrity SID. |
| IntegrityEnabled | 64 | The SID is enabled for mandatory integrity checks. |
| Resource | 536,870,912 | The SID identifies a domain-local group. |
| LogonId | 3,221,225,472 | The SID is a logon SID that identifies the logon session associated with an access token. |
See Also