Home/ Questions/Q 8761253
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T15:14:31+00:00

MSDN article, Enabling and Disabling Privileges in C++ , provided a code example to

  • 0

MSDN article, Enabling and Disabling Privileges in C++, provided a code example to show how to enable or disable a privilege in an access token.

I quote the part in questioned:

tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
    tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
    tp.Privileges[0].Attributes = 0;

What is the meaning of the zero value for Attributes member?

According to the documentation of TOKEN_PRIVILEGES structure, the attributes of a privilege can be a combination of the following values:

  • SE_PRIVILEGE_ENABLED  (it is 0x00000002L in WinNT.h)
  • SE_PRIVILEGE_ENABLED_BY_DEFAULT  (it is 0x00000001L in WinNT.h)
  • SE_PRIVILEGE_REMOVED  (it is 0x00000004L in WinNT.h)
  • SE_PRIVILEGE_USED_FOR_ACCESS  (it is 0x80000000L in WinNT.h)

So, we don’t see any valid constant with a value of zero. I guess, the zero is equal to SE_PRIVILEGE_REMOVED.

Once more, if the zero means disabling all privileges, I doubt it because disabling all privileges can be done simply by setting DisableAllPrivileges parameter of AdjustTokenPrivileges() to TRUE.

Anybody here could explain what the zero value really does?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If SE_PRIVILEGE_REMOVED was equivalent to zero it would be defined as such. Given the definitions that are there, I would suggest that a zero values means no privileges have ever been enabled, or subsequently used/removed: There are, and never have been, any token privileges.

    • 0