private static NtToken DuplicateForAccessCheck(NtToken token) { if (token.IsPseudoToken) { // This is a pseudo token, pass along as no need to duplicate. return(token); } if (token.TokenType == TokenType.Primary) { return(token.DuplicateToken(TokenType.Impersonation, SecurityImpersonationLevel.Identification, TokenAccessRights.Query)); } else if (!token.IsAccessGranted(TokenAccessRights.Query)) { return(token.Duplicate(TokenAccessRights.Query)); } else { // If we've got query access rights already just create a shallow clone. return(token.ShallowClone()); } }