public static unsafe extern Boolean32 CreateRestrictedToken(
AccessToken ExistingTokenHandle,
uint Flags,
uint DisableSidCount,
SID_AND_ATTRIBUTES *SidsToDisable,
uint DeletePrivilegeCount,
LuidAndAttributes *PrivilegesToDelete,
uint RestrictedSidCount,
SID_AND_ATTRIBUTES *SidsToRestrict,
out AccessToken NewTokenHandle);
public unsafe static AccessToken CreateRestrictedToken(this AccessToken token, params SID[] sidsToDisable)
{
if (sidsToDisable == null || sidsToDisable.Length == 0)
{
throw new ArgumentNullException();
}
SID_AND_ATTRIBUTES *sids = stackalloc SID_AND_ATTRIBUTES[sidsToDisable.Length];
fixed(SID *sid = sidsToDisable)
{
for (int i = 0; i < sidsToDisable.Length; i++)
{
sids[i].Sid = &sid[i];
}
if (!Imports.CreateRestrictedToken(token, 0, (uint)sidsToDisable.Length, sids, 0, null, 0, null, out AccessToken restricted))
{
throw Error.GetExceptionForLastError();
}
return(restricted);
}
}
public static extern HRESULT CreateAppContainerProfile([NativeTypeName("PCWSTR")] ushort *pszAppContainerName, [NativeTypeName("PCWSTR")] ushort *pszDisplayName, [NativeTypeName("PCWSTR")] ushort *pszDescription, [NativeTypeName("PSID_AND_ATTRIBUTES")] SID_AND_ATTRIBUTES *pCapabilities, [NativeTypeName("DWORD")] uint dwCapabilityCount, [NativeTypeName("PSID *")] void **ppSidAppContainerSid);
public static extern int CreateRestrictedToken([NativeTypeName("HANDLE")] IntPtr ExistingTokenHandle, [NativeTypeName("DWORD")] uint Flags, [NativeTypeName("DWORD")] uint DisableSidCount, [NativeTypeName("PSID_AND_ATTRIBUTES")] SID_AND_ATTRIBUTES *SidsToDisable, [NativeTypeName("DWORD")] uint DeletePrivilegeCount, [NativeTypeName("PLUID_AND_ATTRIBUTES")] LUID_AND_ATTRIBUTES *PrivilegesToDelete, [NativeTypeName("DWORD")] uint RestrictedSidCount, [NativeTypeName("PSID_AND_ATTRIBUTES")] SID_AND_ATTRIBUTES *SidsToRestrict, [NativeTypeName("PHANDLE")] IntPtr *NewTokenHandle);
