An interface to the win32 security API's
-
Compose one or more service principal names to be registered using win32security::DsWriteAccountSpn
-
Associates a set of service principal names with an account
-
Creates a connection to a directory service
-
Closes a directory services handle created by win32security::DsBind
-
Returns the name of a domain controller (DC) in a specified domain.
You can supply DC selection criteria to this function to indicate preference for a DC with particular characteristics.
-
Converts an array of directory service object names from one format to another.
-
Lists miscellaneous information for a server.
-
-
-
-
-
-
Creates a new PyACL object.
-
Creates a new PySID object.
-
Creates a new PySECURITY_ATTRIBUTES object.
-
Creates a new PySECURITY_DESCRIPTOR object.
-
Impersonates a named-pipe client application.
-
Impersonates a logged on user.
-
Cause a thread to act in the security context of an anonymous token
-
Checks if a token contains restricted sids
-
Terminates the impersonation of a client application.
-
Attempts to log a user on to the local computer, that is, to the computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer.
-
Log a user onto the local machine,
-
Accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found.
-
Accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found.
-
Accepts a SID string (eg: S-1-5-32-544) and returns the SID as a PySID object.
-
Sets security info for an object by handle
-
Retrieve security info for an object by handle
-
Sets security info for an object by name
-
Retrieve security info for an object by name
-
Opens the access token associated with a process.
-
Retrieves the locally unique id for a privilege name
-
return the text name for a privilege LUID
-
Returns long description for a privilege name
-
Enables or disables privileges for an access token.
-
Sets the groups associated to an access token.
-
Retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
-
Opens the access token associated with a thread.
-
Assigns an impersonation token to a thread. The function
can also cause a thread to stop using an impersonation token.
-
Obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.
-
Sets information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.
-
Obtains specified information about the security of a user object. The information obtained is constrained by the caller's access rights and privileges.
-
Sets information about the security of a user object. The information obtained is constrained by the caller's access rights and privileges.
-
Obtains specified information about the security of a kernel object. The information obtained is constrained by the caller's access rights and privileges.
-
Sets information about the security of a kernel object. The information obtained is constrained by the caller's access rights and privileges.
-
Set a specified type of information in an access token
-
Opens a policy handle for the specified system
-
Closes a policy handle created by win32security::LsaOpenPolicy
-
Retrieves information from the policy handle
-
Sets policy options
-
Adds a list of privileges to an account
-
Removes privs from an account
-
Lists privileges held by SID
-
LsaEnumerateAccountsWithUserRight
Return SIDs that hold specified priv
-
Return string representation of a SID
-
Creates a SID from a string representation
-
ConvertSecurityDescriptorToStringSecurityDescriptor
Return string representation of a SECURITY_DESCRIPTOR
-
ConvertStringSecurityDescriptorToSecurityDescriptor
Turns string representation of a SECURITY_DESCRIPTOR into the real thing
-
Stores encrypted unicode data under specified Lsa registry key. Returns None on success
-
Retreives encrypted unicode data from Lsa registry key.
-
LsaRegisterPolicyChangeNotification
Register an event handle to receive policy change events
-
LsaUnregisterPolicyChangeNotification
Stop receiving policy change notification
-
List cryptography providers
-
List available security packages as a sequence of dictionaries representing SecPkgInfo structures
-
Creates a new LUID
-
Assigns an impersonation token for current security context to current process
-
Creates a copy of an access token with specified impersonation level
-
Extended version of DuplicateToken.
-
Checks if a SID is enabled in a token
-
Creates a restricted copy of an access token with reduced privs - requires win2K or higher
-
Creates a trusted connection to LSA
-
Creates untrusted connection to LSA
-
Closes connection to LSA server
-
LsaLookupAuthenticationPackage
Retrieves the unique id for an authentication package
-
Lists all current logon ids
-
Returns information about a logon session
-
Creates a handle to credentials for use with SSPI
-
Creates a security context based on credentials created by AcquireCredentialsHandle
-
Builds security context between server and client
-
Retrieves parameters for a security package
-
Requests the services of an authentication package
-
Converts a directory service object name from one format to another.
-
Returns one of the predefined well known sids
-
Translates generic access rights into specific rights
const win32security.ACCESS_ALLOWED_ACE_TYPE;
Access-allowed ACE that uses the ACCESS_ALLOWED_ACE structure.
const win32security.ACCESS_ALLOWED_OBJECT_ACE_TYPE;
Windows 2000/XP: Object-specific access-allowed ACE that uses the ACCESS_ALLOWED_OBJECT_ACE structure.
const win32security.ACCESS_DENIED_ACE_TYPE;
Access-denied ACE that uses the ACCESS_DENIED_ACE structure.
const win32security.ACCESS_DENIED_OBJECT_ACE_TYPE;
Windows 2000/XP: Object-specific access-denied ACE that uses the ACCESS_DENIED_OBJECT_ACE structure.
win32security.ACL
PyACL = ACL(bufSize) Creates a new PyACL object.
-
bufSize=64 : int
The size of the buffer for the ACL.
const win32security.ACL_REVISION;
const win32security.ACL_REVISION_DS;
win32security.AcceptSecurityContext
(int, long, int) = AcceptSecurityContext(Credential, Context
, pInput
, ContextReq
, TargetDataRep
, NewContext
, pOutput
) Builds security context between server and client
-
Credential : PyCredHandle
Handle to server's credentials (see AcquireCredentialsHandle)
-
Context : PyCtxtHandle
Use None on initial call, then handle returned in NewContext thereafter
-
pInput : PySecBufferDesc
Data buffer received from client
-
ContextReq : int
Combination of ASC_REQ_* flags
-
TargetDataRep : int
One of SECURITY_NATIVE_DREP,SECURITY_NETWORK_DREP
-
NewContext : PyCtxtHandle
Uninitialized context handle to receive output
-
pOutput : PySecBufferDesc
Buffer that receives output data, to be passed back as pInput on subsequent calls
Returns a tuple of (return code, context attributes, context expiration time)
win32security.AcquireCredentialsHandle
(PyCredHandle,PyTime) = AcquireCredentialsHandle(Principal, Package
, CredentialUse
, LogonID
, AuthData
) Creates a handle to credentials for use with SSPI
-
Principal : str/unicode
Use None for current security context
-
Package : str/unicode
Name of security package that credentials will be used with
-
CredentialUse : int
Intended use of requested credentials, SECPKG_CRED_INBOUND, SECPKG_CRED_OUTBOUND, or SECPKG_CRED_BOTH
-
LogonID : long
LUID representing a logon session, can be None
-
AuthData : tuple
Sequence of 3 strings: (User, Domain, Password) - use none for existing credentials
Returns credential handle and credential's expiration time
win32security.AdjustTokenGroups
PyTOKEN_GROUPS = AdjustTokenGroups(TokenHandle, ResetToDefault
, NewState
) Sets the groups associated to an access token.
-
TokenHandle : PyHANDLE
The handle to access token to be modified
-
ResetToDefault : boolean
Sets groups to default enabled/disabled states,
-
NewState : PyTOKEN_GROUPS
Groups and attributes to be set for token
Accepts keyword args.
Returns previous state of groups modified
win32security.AdjustTokenPrivileges
PyTOKEN_PRIVILEGES = AdjustTokenPrivileges(TokenHandle, bDisableAllPrivileges
, NewState
) Enables or disables privileges for an access token.
-
TokenHandle : PyHANDLE
Handle to an access token
-
bDisableAllPrivileges : int
Flag for disabling all privileges
-
NewState : PyTOKEN_PRIVILEGES
The new state, can be None if bDisableAllPrivileges is True
Accepts keyword args.
Returns modified privileges for later restoral. Privileges deleted from the token using
SE_PRIVILEGE_REMOVED are not returned.
win32security.AllocateLocallyUniqueId
AllocateLocallyUniqueId() Creates a new LUID
const win32security.AuditCategoryAccountLogon;
const win32security.AuditCategoryAccountManagement;
const win32security.AuditCategoryDetailedTracking;
const win32security.AuditCategoryDirectoryServiceAccess;
const win32security.AuditCategoryLogon;
const win32security.AuditCategoryObjectAccess;
const win32security.AuditCategoryPolicyChange;
const win32security.AuditCategoryPrivilegeUse;
const win32security.AuditCategorySystem;
const win32security.CONTAINER_INHERIT_ACE;
win32security.CheckTokenMembership
bool = CheckTokenMembership(TokenHandle, SidToCheck
) Checks if a SID is enabled in a token
-
TokenHandle : PyHANDLE
Handle to an access token, current process token used if None
-
SidToCheck : PySID
Sid to be checked for presence in token
win32security.ConvertSecurityDescriptorToStringSecurityDescriptor
string = ConvertSecurityDescriptorToStringSecurityDescriptor(SecurityDescriptor, RequestedStringSDRevision
, SecurityInformation
) Return string representation of a SECURITY_DESCRIPTOR
-
SecurityDescriptor : PySECURITY_DESCRIPTOR
PySECURITY_DESCRIPTOR object
-
RequestedStringSDRevision : int
Only SDDL_REVISION_1 currently valid
-
SecurityInformation : int
Combination of bit flags from SECURITY_INFORMATION enum
win32security.ConvertSidToStringSid
string = ConvertSidToStringSid(Sid) Return string representation of a SID
-
Sid : PySID
PySID object
win32security.ConvertStringSecurityDescriptorToSecurityDescriptor
PySECURITY_DESCRIPTOR = ConvertStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor, StringSDRevision
) Turns string representation of a SECURITY_DESCRIPTOR into the real thing
-
StringSecurityDescriptor : string
String representation of a SECURITY_DESCRIPTOR
-
StringSDRevision : int
Only SDDL_REVISION_1 currently valid
win32security.ConvertStringSidToSid
PySID = ConvertStringSidToSid(StringSid) Creates a SID from a string representation
-
StringSid : string
String representation of a SID
win32security.CreateRestrictedToken
PyHANDLE = CreateRestrictedToken(ExistingTokenHandle, Flags
, SidsToDisable
, PrivilegesToDelete
, SidsToRestrict
) Creates a restricted copy of an access token with reduced privs - requires win2K or higher
-
ExistingTokenHandle : PyHANDLE
Handle to an access token (see win32security::LogonUser,win32security::OpenProcessToken
-
Flags : int
Valid values are zero or a combination of DISABLE_MAX_PRIVILEGE and SANDBOX_INERT
-
SidsToDisable : (PySID_AND_ATTRIBUTES,...)
Ssequence of PySID_AND_ATTRIBUTES tuples, or None
-
PrivilegesToDelete : (PyLUID_AND_ATTRIBUTES,...)
Privilege LUIDS to remove from token (attributes are ignored), or None
-
SidsToRestrict : (PySID_AND_ATTRIBUTES,...)
Sequence of PySID_AND_ATTRIBUTES tuples (attributes must be 0). Can be None.
win32security.CreateWellKnownSid
PySID = CreateWellKnownSid(WellKnownSidType, DomainSid
) Returns one of the predefined well known sids
-
WellKnownSidType : int
One of the Win*Sid constants
-
DomainSid=None : PySID
Domain for the new SID, or None for local machine
win32security.CryptEnumProviders
[(PyUnicode,int),...] = CryptEnumProviders() List cryptography providers
Returns a sequence of tuples containing provider name and type
const win32security.DACL_SECURITY_INFORMATION;
Indicates the discretionary ACL of the object is being referenced.
const win32security.DENY_ACCESS;
const win32security.DISABLE_MAX_PRIVILEGE;
const win32security.DS_SPN_ADD_SPN_OP;
const win32security.DS_SPN_DELETE_SPN_OP;
const win32security.DS_SPN_DNS_HOST;
const win32security.DS_SPN_DN_HOST;
const win32security.DS_SPN_DOMAIN;
const win32security.DS_SPN_NB_DOMAIN;
const win32security.DS_SPN_NB_HOST;
const win32security.DS_SPN_REPLACE_SPN_OP;
const win32security.DS_SPN_SERVICE;
win32security.DsBind
PyDS_HANDLE = DsBind(DomainController, DnsDomainName
) Creates a connection to a directory service
-
DomainController : PyUnicode
Name of domain controller to contact, can be None
-
DnsDomainName : PyUnicode
Dotted name of domain to bind to, can be None
win32security.DsCrackNames
[ (status, domain, name) ] = DsCrackNames(hds, flags
, formatOffered
, formatDesired
, names
) Converts an array of directory service object names from one format to another.
-
hds : PyDS_HANDLE
Directory service handle as returned by win32security::DsBind
-
flags : int
-
formatOffered : int
-
formatDesired : int
-
names : [name, ...]
win32security.DsGetDcName
dict = DsGetDcName(computerName, domainName
, domainGUID
, siteName
, flags
) Returns the name of a domain controller (DC) in a specified domain.
You can supply DC selection criteria to this function to indicate preference for a DC with particular characteristics.
-
computerName=None : PyUnicode
-
domainName=None : PyUnicode
-
domainGUID=None : PyIID
-
siteName=None : PyUnicode
-
flags=0 : int
This function supports keyword arguments.
win32security.DsGetSpn
(PyUnicode,...) = DsGetSpn(ServiceType, ServiceClass
, ServiceName
, InstancePort
, InstanceNames
, InstancePorts
) Compose one or more service principal names to be registered using win32security::DsWriteAccountSpn
-
ServiceType : int
Type of Spn to create, one of the DS_SPN_* constants
-
ServiceClass : PyUnicode
Arbitrary string that describes type of service, eg http
-
ServiceName : PyUnicode
Name of service, can be None (not required for DS_SPN_*_HOST Spn's)
-
InstancePort=0 : int
Port nbr for service instance, use 0 for no port
-
InstanceNames=None : (PyUnicode,...)
A sequence of service instance names, can be None - not required for for host Spn's
-
InstancePorts=None : (int,...)
A sequence of extra instance ports. If specified, must be same length as InstanceNames.
win32security.DsListDomainsInSite
[ PyDS_NAME_RESULT_ITEM, ...] = DsListDomainsInSite(hds)
-
hds : PyDS_HANDLE
Directory service handle as returned by win32security::DsBind
win32security.DsListInfoForServer
[ PyDS_NAME_RESULT_ITEM, ...] = DsListInfoForServer(hds, server
) Lists miscellaneous information for a server.
-
hds : PyDS_HANDLE
Directory service handle as returned by win32security::DsBind
-
server : PyUnicode
win32security.DsListRoles
[ PyDS_NAME_RESULT_ITEM, ...] = DsListRoles(hds)
-
hds : PyDS_HANDLE
Directory service handle as returned by win32security::DsBind
win32security.DsListServersInSite
[ PyDS_NAME_RESULT_ITEM, ...] = DsListServersInSite(hds, site
)
-
hds : PyDS_HANDLE
Directory service handle as returned by win32security::DsBind
-
site : PyUnicode
win32security.DsListServersInSite
[ PyDS_NAME_RESULT_ITEM, ...] = DsListServersInSite(hds, domain
, site
)
-
hds : PyDS_HANDLE
Directory service handle as returned by win32security::DsBind
-
domain : PyUnicode
-
site : PyUnicode
win32security.DsListServersInSite
[ PyDS_NAME_RESULT_ITEM, ...] = DsListServersInSite(hds)
-
hds : PyDS_HANDLE
Directory service handle as returned by win32security::DsBind
win32security.DsUnBind
DsUnBind(hDS) Closes a directory services handle created by win32security::DsBind
-
hDS : PyDS_HANDLE
A handle to a directory service as returned by win32security::DsBind
win32security.DsWriteAccountSpn
DsWriteAccountSpn(hDS, Operation, Account, Spns) Associates a set of service principal names with an account
-
hDS : PyDS_HANDLE
Directory service handle as returned from win32security::DsBind
-
Operation : int
Constant from DS_SPN_WRITE_OP enum
-
Account : PyUnicode
Distinguished name of account whose Spn's will be modified
-
Spns : (PyUnicode,...)
A sequence of target Spn's as returned by win32security::DsGetSpn
win32security.DuplicateToken
PyHANDLE = DuplicateToken(ExistingTokenHandle, ImpersonationLevel
) Creates a copy of an access token with specified impersonation level
-
ExistingTokenHandle : PyHANDLE
Handle to an access token (see win32security::LogonUser,win32security::OpenProcessToken)
-
ImpersonationLevel : int
A value from SECURITY_IMPERSONATION_LEVEL enum
win32security.DuplicateTokenEx
PyHANDLE = DuplicateTokenEx(ExistingToken, ImpersonationLevel
, DesiredAccess
, TokenType
, TokenAttributes
) Extended version of DuplicateToken.
-
ExistingToken : PyHANDLE
Logon token opened with TOKEN_DUPLICATE access
-
ImpersonationLevel : int
One of win32security.Security* values
-
DesiredAccess : int
Type of access required for the handle, combination of win32security.TOKEN_* flags
-
TokenType : int
Type of token to be created, TokenPrimary or TokenImpersonation
-
TokenAttributes=None : PySECURITY_ATTRIBUTES
Specifies security and inheritance for the new handle. None results in default DACL and no inheritance,
Accepts keyword arguments
win32security.EnumerateSecurityPackages
(dict,...) = EnumerateSecurityPackages() List available security packages as a sequence of dictionaries representing SecPkgInfo structures
const win32security.FAILED_ACCESS_ACE_FLAG;
const win32security.GRANT_ACCESS;
const win32security.GROUP_SECURITY_INFORMATION;
Indicates the primary group identifier of the object is being referenced.
win32security.GetBinarySid
PySID = GetBinarySid(SID) Accepts a SID string (eg: S-1-5-32-544) and returns the SID as a PySID object.
-
SID : string
Textual representation of a SID. Textual SID example: S-1-5-32-544
win32security.GetFileSecurity
PySECURITY_DESCRIPTOR = GetFileSecurity(filename, info
) Obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.
-
filename : string
The name of the file
-
info=OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION : int
Flags that specify the information requested.
This function reportedly will not return the INHERITED_ACE flag on some Windows XP SP1 systems
Use GetNamedSecurityInfo if you encounter this problem.
win32security.GetKernelObjectSecurity
PySECURITY_DESCRIPTOR = GetKernelObjectSecurity(handle, info
) Obtains specified information about the security of a kernel object. The information obtained is constrained by the caller's access rights and privileges.
-
handle : PyHANDLE
The handle to the object
-
info=OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION : int
Flags that specify the information requested.
win32security.GetNamedSecurityInfo
PySECURITY_DESCRIPTOR = GetNamedSecurityInfo(ObjectName, ObjectType
, SecurityInfo
) Retrieve security info for an object by name
-
ObjectName : str/unicode
Name of object
-
ObjectType : int
Value from SE_OBJECT_TYPE enum
-
SecurityInfo : int
Combination of SECURITY_INFORMATION constants
Separate owner, group, dacl, and sacl are not returned as they can be easily retrieved from
the returned PySECURITY_DESCRIPTOR
win32security.GetSecurityInfo
PySECURITY_DESCRIPTOR = GetSecurityInfo(handle, ObjectType
, SecurityInfo
) Retrieve security info for an object by handle
-
handle : int/PyHANDLE
Handle to object
-
ObjectType : int
Value from SE_OBJECT_TYPE enum
-
SecurityInfo : int
Combination of SECURITY_INFORMATION constants
Separate owner, group, dacl, and sacl are not returned as they can be easily retrieved from
the returned PySECURITY_DESCRIPTOR
win32security.GetTokenInformation
object = GetTokenInformation(TokenHandle, TokenInformationClass
) Retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
-
TokenHandle : PyHANDLE
Handle to an access token.
-
TokenInformationClass : int
Specifies a value from the TOKEN_INFORMATION_CLASS enumerated type identifying the type of information the function retrieves.
The following types are supported
win32security.GetUserObjectSecurity
PySECURITY_DESCRIPTOR = GetUserObjectSecurity(handle, info
) Obtains specified information about the security of a user object. The information obtained is constrained by the caller's access rights and privileges.
-
handle : PyHANDLE
The handle to the object
-
info=OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION : int
Flags that specify the information requested.
const win32security.INHERITED_ACE;
const win32security.INHERIT_ONLY_ACE;
win32security.ImpersonateAnonymousToken
ImpersonateAnonymousToken(ThreadHandle) Cause a thread to act in the security context of an anonymous token
-
ThreadHandle : PyHANDLE
Handle to thread that will
win32security.ImpersonateLoggedOnUser
ImpersonateLoggedOnUser(handle) Impersonates a logged on user.
-
handle : PyHANDLE
Handle to a token that represents a logged-on user
win32security.ImpersonateNamedPipeClient
ImpersonateNamedPipeClient(handle) Impersonates a named-pipe client application.
-
handle : int
handle of a named pipe.
win32security.ImpersonateSelf
ImpersonateSelf(ImpersonationLevel) Assigns an impersonation token for current security context to current process
-
ImpersonationLevel : int
A value from SECURITY_IMPERSONATION_LEVEL enum
win32security.InitializeSecurityContext
(int, int, PyTime) = InitializeSecurityContext(Credential, Context
, TargetName
, ContextReq
, TargetDataRep
, pInput
, NewContext
, pOutput
) Creates a security context based on credentials created by AcquireCredentialsHandle
-
Credential : PyCredHandle
A credentials handle as returned by win32security::AcquireCredentialsHandle
-
Context : PyCtxtHandle
Use None on initial call, then handle returned in NewContext thereafter
-
TargetName : str/unicode
Target of context, security package specific - Use None with NTLM
-
ContextReq : int
Combination of ISC_REQ_* flags
-
TargetDataRep : int
One of SECURITY_NATIVE_DREP,SECURITY_NETWORK_DREP
-
pInput : PySecBufferDesc
Data buffer - use None initially
-
NewContext : PyCtxtHandle
Uninitialized context handle to receive output
-
pOutput : PySecBufferDesc
Buffer that receives output data for subsequent calls
Return value is a tuple of (return code, attribute flags, expiration time)
win32security.IsTokenRestricted
bool = IsTokenRestricted(TokenHandle) Checks if a token contains restricted sids
-
TokenHandle : PyHANDLE
Handle to an access token
const win32security.LABEL_SECURITY_INFORMATION;
const win32security.LOGON32_LOGON_BATCH;
This logon type is intended for batch servers, where processes may be executing on behalf of a user without their direct intervention; or for higher performance servers that process many clear-text authentication attempts at a time, such as mail or web servers. LogonUser does not cache credentials for this logon type.
const win32security.LOGON32_LOGON_INTERACTIVE;
This logon type is intended for users who will be interactively using the machine, such as a user being logged on by a terminal server, remote shell, or similar process. This logon type has the additional expense of caching logon information for disconnected operation, and is therefore inappropriate for some client/server applications, such as a mail server.
const win32security.LOGON32_LOGON_NETWORK;
This logon type is intended for high performance servers to authenticate clear text passwords. LogonUser does not cache credentials for this logon type. This is the fastest logon path, but there are two limitations. First, the function returns an impersonation token, not a primary token. You cannot use this token directly in the CreateProcessAsUser function. However, you can call the DuplicateTokenEx function to convert the token to a primary token, and then use it in CreateProcessAsUser. Second, if you convert the token to a primary token and use it in CreateProcessAsUser to start a process, the new process will not be able to access other network resources, such as remote servers or printers, through the redirector.
const win32security.LOGON32_LOGON_NETWORK_CLEARTEXT;
const win32security.LOGON32_LOGON_NEW_CREDENTIALS;
const win32security.LOGON32_LOGON_SERVICE;
Indicates a service-type logon. The account provided must have the service privilege enabled.
const win32security.LOGON32_LOGON_UNLOCK;
const win32security.LOGON32_PROVIDER_DEFAULT;
Use the standard logon provider for the system. This is the recommended value for the dwLogonProvider parameter. It provides maximum compatibility with current and future releases of Windows NT.
const win32security.LOGON32_PROVIDER_WINNT35;
Use the Windows NT 3.5 logon provider.
const win32security.LOGON32_PROVIDER_WINNT40;
Use the Windows NT 4.0 logon provider
const win32security.LOGON32_PROVIDER_WINNT50;
Use the Negotiate protocol
win32security.LogonUser
PyHANDLE = LogonUser(Username, Domain
, Password
, LogonType
, LogonProvider
) Attempts to log a user on to the local computer, that is, to the computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer.
-
Username : PyUnicode
The name of the user account to log on to.
This may also be a marshalled credential (see win32cred::CredMarshalCredential).
-
Domain : PyUnicode
The name of the domain, or None for the current domain
-
Password : PyUnicode
User's password. Use a blank string if Username contains a marshalled credential.
-
LogonType : int
One of LOGON32_LOGON_* values
-
LogonProvider : int
One of LOGON32_PROVIDER_* values
Accepts keyword args
On Windows 2000 and earlier, the calling process must have SE_TCB_NAME privilege.
win32security.LogonUserEx
(PyHANDLE, PySID, str, dict) = LogonUserEx(Username, Domain
, Password
, LogonType
, LogonProvider
) Log a user onto the local machine,
-
Username : PyUnicode
User account, may be specified as a UPN ([email protected]).
This may also be a marshalled credential (see win32cred::CredMarshalCredential).
-
Domain : PyUnicode
User's domain. Can be None if Username is a full UPN.
-
Password : PyUnicode
User's password. Use a blank string if Username contains a marshalled credential.
-
LogonType : int
One of LOGON32_LOGON_* values
-
LogonProvider : int
One of LOGON32_PROVIDER_* values
Requires Windows XP or later
Accepts keyword args
Returns access token, logon sid, profile buffer, and process quotas.
Format of the profile buffer is not known, so returned object is subject to change.
win32security.LookupAccountName
PySID, string, int = LookupAccountName(systemName, accountName
) Accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found.
-
systemName : string
The system name, or None
-
accountName : string
The account name
The result is a tuple of new SID object, the domain name where the account was found, and the type of account the SID is for.
win32security.LookupAccountSid
string, string, int = LookupAccountSid(systemName, sid
) Accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found.
-
systemName : string
The system name, or None
-
sid : PySID
The SID
The result is a tuple of the name, the domain name where the account was found, and the type of account the SID is for.
win32security.LookupPrivilegeDisplayName
PyUnicode = LookupPrivilegeDisplayName(SystemName, Name
) Returns long description for a privilege name
-
SystemName : string/PyUnicode
System name, local system assumed if not specified
-
Name : string/PyUnicode
Name of privilege, Se...Privilege string constants (win32security.SE_*_NAME)
win32security.LookupPrivilegeName
PyUnicode = LookupPrivilegeName(SystemName, luid
) return the text name for a privilege LUID
-
SystemName : string/PyUnicode
System name, local system assumed if not specified
-
luid : LARGE_INTEGER
64 bit value representing a privilege
win32security.LookupPrivilegeValue
LARGE_INTEGER = LookupPrivilegeValue(systemName, privilegeName
) Retrieves the locally unique id for a privilege name
-
systemName : string
String specifying the system, use None for local machine
-
privilegeName : string
String specifying the privilege (win32security.SE_*_NAME)
win32security.LsaAddAccountRights
LsaAddAccountRights(PolicyHandle, AccountSid, UserRights) Adds a list of privileges to an account
-
PolicyHandle : PyLSA_HANDLE
An LSA policy handle as returned by win32security::LsaOpenPolicy
-
AccountSid : PySID
Account to which privs will be added
-
UserRights : (str/unicode,...)
Sequence of privilege names (SE_*_NAME unicode constants)
Account is created if it doesn't already exist.
Accepts keyword args.
win32security.LsaCallAuthenticationPackage
LsaCallAuthenticationPackage(LsaHandle, AuthenticationPackage, MessageType, ProtocolSubmitBuffer) Requests the services of an authentication package
-
LsaHandle : PyLsaLogon_HANDLE
Lsa handle as returned by win32security::LsaRegisterLogonProcess or win32security::LsaConnectUntrusted
-
AuthenticationPackage : int
Id of authentication package to call, as returned by win32security::LsaLookupAuthenticationPackage
-
MessageType : int
Type of request that is being made, Kerb*Message or MsV1_0* constant
-
ProtocolSubmitBuffer : object
Type is dependent on MessageType
Message type is embedded in different types of submit buffers in the API call, but passed separately
from python for simplicity of parsing input
MessageType
Input type
KerbQueryTicketCacheMessagelong - a logon id, use 0 for current logon session
KerbRetrieveTicketMessagelong - a logon id, use 0 for current logon session
KerbPurgeTicketCacheMessage(long, PyUnicode, PyUnicode) - tuple containing (LogonId, ServerName, RealmName)
KerbRetrieveEncodedTicketMessage(LogonId, TargetName, TicketFlags, CacheOptions, EncryptionType, CredentialsHandle)
(int, PyUnicode, int, int, int, PyCredHandle)
MessageType
Return type
KerbQueryTicketCacheMessage(dict,...) - Returns all tickets for the specified logon session (form is KERB_TICKET_CACHE_INFO)
KerbPurgeTicketCacheMessageNone
KerbRetrieveTicketMessageReturns the ticket granting ticket for the logon session as a KERB_EXTERNAL_TICKET
KerbRetrieveEncodedTicketMessageReturns specified ticket as a KERB_EXTERNAL_TICKET
Type of returned object is dependent on MessageType
win32security.LsaClose
LsaClose(PolicyHandle) Closes a policy handle created by win32security::LsaOpenPolicy
-
PolicyHandle : PyHANDLE
An LSA policy handle as returned by win32security::LsaOpenPolicy
win32security.LsaConnectUntrusted
PyLsaLogon_HANDLE = LsaConnectUntrusted() Creates untrusted connection to LSA
You don't need SeTcbPrivilege to execute this function as you do with
LsaRegisterLogonProcess, but functionality of handle is limited
win32security.LsaDeregisterLogonProcess
LsaDeregisterLogonProcess(LsaHandle) Closes connection to LSA server
-
LsaHandle : PyLsaLogon_HANDLE
An Lsa handle as returned by win32security::LsaConnectUntrusted or win32security::LsaRegisterLogonProcess
win32security.LsaEnumerateAccountRights
[PyUnicode, ...] = LsaEnumerateAccountRights(PolicyHandle, AccountSid
) Lists privileges held by SID
-
PolicyHandle : PyLSA_HANDLE
An LSA policy handle as returned by win32security::LsaOpenPolicy
-
AccountSid : PySID
Security identifier of account for which to list privs
win32security.LsaEnumerateAccountsWithUserRight
(PySID,...) = LsaEnumerateAccountsWithUserRight(PolicyHandle, UserRight
) Return SIDs that hold specified priv
-
PolicyHandle : PyLSA_HANDLE
An LSA policy handle as returned by win32security::LsaOpenPolicy
-
UserRight : str/unicode
Name of privilege (SE_*_NAME unicode constant)
win32security.LsaEnumerateLogonSessions
(long,...) = LsaEnumerateLogonSessions() Lists all current logon ids
win32security.LsaGetLogonSessionData
(dict,...) = LsaGetLogonSessionData(LogonId) Returns information about a logon session
-
LogonId : PyLARGE_INTEGER
An LUID identifying a logon session
Returns a dictionary representing a SECURITY_LOGON_SESSION_DATA structure
win32security.LsaLookupAuthenticationPackage
int = LsaLookupAuthenticationPackage(LsaHandle, PackageName
) Retrieves the unique id for an authentication package
-
LsaHandle : PyLsaLogon_HANDLE
An Lsa handle as returned by win32security::LsaConnectUntrusted or win32security::LsaRegisterLogonProcess
-
PackageName : string
Name of security package to be identified
win32security.LsaOpenPolicy
PyLSA_HANDLE = LsaOpenPolicy(system_name, access_mask
) Opens a policy handle for the specified system
-
system_name : string/PyUnicode
System name, local system assumed if not specified
-
access_mask : int
Bitmask of requested access types
win32security.LsaQueryInformationPolicy
LsaQueryInformationPolicy(PolicyHandle, InformationClass) Retrieves information from the policy handle
-
PolicyHandle : PyLSA_HANDLE
An LSA policy handle as returned by win32security::LsaOpenPolicy
-
InformationClass : int
POLICY_INFORMATION_CLASS value
win32security.LsaRegisterLogonProcess
PyLsaLogon_HANDLE = LsaRegisterLogonProcess(LogonProcessName) Creates a trusted connection to LSA
-
LogonProcessName : string
Name to use for this logon process
Requires SeTcbPrivilege (and must be enabled)
win32security.LsaRegisterPolicyChangeNotification
LsaRegisterPolicyChangeNotification(InformationClass, NotificationEventHandle) Register an event handle to receive policy change events
-
InformationClass : int
One of POLICY_NOTIFICATION_INFORMATION_CLASS contants
-
NotificationEventHandle : PyHANDLE
Event handle to receives notification
win32security.LsaRemoveAccountRights
LsaRemoveAccountRights(PolicyHandle, AccountSid, AllRights, UserRights) Removes privs from an account
-
PolicyHandle : PyLSA_HANDLE
An LSA policy handle as returned by win32security::LsaOpenPolicy
-
AccountSid : PySID
Account whose privileges will be removed
-
AllRights : int
Boolean value indicating if all privs should be removed from account
-
UserRights : (str/unicode,...)
List of privilege names to be removed (SE_*_NAME unicode constants)
If AllRights parm is true, account is *deleted*
Accepts keyword args.
win32security.LsaRetrievePrivateData
PyUnicode = LsaRetrievePrivateData(PolicyHandle, KeyName
) Retreives encrypted unicode data from Lsa registry key.
-
PolicyHandle : PyLSA_HANDLE
An LSA policy handle as returned by win32security::LsaOpenPolicy
-
KeyName : string
Registry key to read
win32security.LsaSetInformationPolicy
LsaSetInformationPolicy(PolicyHandle, InformationClass, Information) Sets policy options
-
PolicyHandle : PyLSA_HANDLE
An LSA policy handle as returned by win32security::LsaOpenPolicy
-
InformationClass : int
POLICY_INFORMATION_CLASS value
-
Information : object
Type is dependent on InformationClass
InformationClass
Type of input expected
PolicyAuditEventsInformation(boolean, (int, ...))
First member imdicates whether auditing is enabled or not.
win32security.LsaStorePrivateData
LsaStorePrivateData(PolicyHandle, KeyName, PrivateData) Stores encrypted unicode data under specified Lsa registry key. Returns None on success
-
PolicyHandle : PyLSA_HANDLE
An LSA policy handle as returned by win32security::LsaOpenPolicy
-
KeyName : string
Registry key in which to store data
-
PrivateData : PyUNICODE
Unicode string to be encrypted and stored
win32security.LsaUnregisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification(InformationClass, NotificationEventHandle) Stop receiving policy change notification
-
InformationClass : int
POLICY_NOTIFICATION_INFORMATION_CLASS constant
-
NotificationEventHandle : PyHANDLE
Event handle previously registered to receive policy change events
win32security.MapGenericMask
int = MapGenericMask(AccessMask, GenericMapping
) Translates generic access rights into specific rights
-
AccessMask : int
A bitmask of generic rights to be interpreted according to GenericMapping
-
GenericMapping : (int,int,int,int)
A tuple of 4 bitmasks (GenericRead, GenericWrite, GenericExecute, GenericAll)
containing the standard and specific rights that correspond to the generic rights.
The input AccessMask will be returned with any generic access rights translated into specific equivalents
const win32security.NOT_USED_ACCESS;
const win32security.NO_INHERITANCE;
const win32security.NO_PROPAGATE_INHERIT_ACE;
const win32security.OBJECT_INHERIT_ACE;
const win32security.OWNER_SECURITY_INFORMATION;
Indicates the owner identifier of the object is being referenced.
win32security.OpenProcessToken
PyHANDLE = OpenProcessToken(processHandle, desiredAccess
) Opens the access token associated with a process.
-
processHandle : int
The handle of the process to open.
-
desiredAccess : int
Desired access to process
win32security.OpenThreadToken
PyHandle = OpenThreadToken(handle, desiredAccess
, openAsSelf
) Opens the access token associated with a thread.
-
handle : PyHANDLE
handle to thread
-
desiredAccess : int
access to process
-
openAsSelf : int
Flag for process or thread security
const win32security.POLICY_ALL_ACCESS;
const win32security.POLICY_AUDIT_EVENT_FAILURE;
Generate audit records for failed attempts to cause an event of this type to occur.
const win32security.POLICY_AUDIT_EVENT_NONE;
Do not generate audit records for events of this type.
const win32security.POLICY_AUDIT_EVENT_SUCCESS;
Generate audit records for successful events of this type.
const win32security.POLICY_AUDIT_EVENT_UNCHANGED;
For set operations, specify this value to leave the current options unchanged. This is the default.
const win32security.POLICY_AUDIT_LOG_ADMIN;
const win32security.POLICY_CREATE_ACCOUNT;
const win32security.POLICY_CREATE_PRIVILEGE;
const win32security.POLICY_CREATE_SECRET;
const win32security.POLICY_EXECUTE;
const win32security.POLICY_GET_PRIVATE_INFORMATION;
const win32security.POLICY_LOOKUP_NAMES;
const win32security.POLICY_NOTIFICATION;
const win32security.POLICY_READ;
const win32security.POLICY_SERVER_ADMIN;
const win32security.POLICY_SET_AUDIT_REQUIREMENTS;
const win32security.POLICY_SET_DEFAULT_QUOTA_LIMITS;
const win32security.POLICY_TRUST_ADMIN;
const win32security.POLICY_VIEW_AUDIT_INFORMATION;
const win32security.POLICY_VIEW_LOCAL_INFORMATION;
const win32security.POLICY_WRITE;
const win32security.PROTECTED_DACL_SECURITY_INFORMATION;
const win32security.PROTECTED_SACL_SECURITY_INFORMATION;
const win32security.PolicyAccountDomainInformation;
const win32security.PolicyAuditEventsInformation;
const win32security.PolicyAuditFullQueryInformation;
const win32security.PolicyAuditFullSetInformation;
const win32security.PolicyAuditLogInformation;
const win32security.PolicyDefaultQuotaInformation;
const win32security.PolicyDnsDomainInformation;
const win32security.PolicyLsaServerRoleInformation;
const win32security.PolicyModificationInformation;
const win32security.PolicyNotifyAccountDomainInformation;
const win32security.PolicyNotifyAuditEventsInformation;
const win32security.PolicyNotifyDnsDomainInformation;
const win32security.PolicyNotifyDomainEfsInformation;
const win32security.PolicyNotifyDomainKerberosTicketInformation;
const win32security.PolicyNotifyMachineAccountPasswordInformation;
const win32security.PolicyNotifyServerRoleInformation;
const win32security.PolicyPdAccountInformation;
const win32security.PolicyPrimaryDomainInformation;
const win32security.PolicyReplicaSourceInformation;
const win32security.PolicyServerDisabled;
const win32security.PolicyServerDisabled;
const win32security.PolicyServerEnabled;
const win32security.PolicyServerEnabled;
const win32security.PolicyServerRoleBackup;
const win32security.PolicyServerRolePrimary;
win32security.QuerySecurityPackageInfo
dict = QuerySecurityPackageInfo(PackageName) Retrieves parameters for a security package
-
PackageName : PyUNICODE
Name of the security package to query
Returns a dictionary representing a SecPkgInfo struct
const win32security.REVOKE_ACCESS;
win32security.RevertToSelf
RevertToSelf() Terminates the impersonation of a client application.
const win32security.SACL_SECURITY_INFORMATION;
Indicates the system ACL of the object is being referenced.
const win32security.SANDBOX_INERT;
const win32security.SDDL_REVISION_1;
const win32security.SECPKG_CRED_BOTH;
const win32security.SECPKG_CRED_INBOUND;
const win32security.SECPKG_CRED_OUTBOUND;
const win32security.SECPKG_FLAG_ACCEPT_WIN32_NAME;
const win32security.SECPKG_FLAG_CLIENT_ONLY;
const win32security.SECPKG_FLAG_CONNECTION;
const win32security.SECPKG_FLAG_DATAGRAM;
const win32security.SECPKG_FLAG_EXTENDED_ERROR;
const win32security.SECPKG_FLAG_IMPERSONATION;
const win32security.SECPKG_FLAG_INTEGRITY;
const win32security.SECPKG_FLAG_MULTI_REQUIRED;
const win32security.SECPKG_FLAG_PRIVACY;
const win32security.SECPKG_FLAG_STREAM;
const win32security.SECPKG_FLAG_TOKEN_ONLY;
win32security.SECURITY_ATTRIBUTES
PySECURITY_ATTRIBUTES = SECURITY_ATTRIBUTES() Creates a new PySECURITY_ATTRIBUTES object.
const win32security.SECURITY_CREATOR_SID_AUTHORITY;
win32security.SECURITY_DESCRIPTOR
PySECURITY_DESCRIPTOR = SECURITY_DESCRIPTOR() Creates a new PySECURITY_DESCRIPTOR object.
const win32security.SECURITY_LOCAL_SID_AUTHORITY;
const win32security.SECURITY_NON_UNIQUE_AUTHORITY;
const win32security.SECURITY_NT_AUTHORITY;
const win32security.SECURITY_NULL_SID_AUTHORITY;
const win32security.SECURITY_RESOURCE_MANAGER_AUTHORITY;
const win32security.SECURITY_WORLD_SID_AUTHORITY;
const win32security.SET_ACCESS;
const win32security.SET_AUDIT_FAILURE;
const win32security.SET_AUDIT_SUCCESS;
const win32security.SE_DACL_AUTO_INHERITED;
win2k and up
const win32security.SE_DACL_DEFAULTED;
const win32security.SE_DACL_PRESENT;
const win32security.SE_DACL_PROTECTED;
win2k and up
const win32security.SE_DS_OBJECT;
const win32security.SE_DS_OBJECT_ALL;
const win32security.SE_FILE_OBJECT;
const win32security.SE_GROUP_DEFAULTED;
const win32security.SE_GROUP_ENABLED;
const win32security.SE_GROUP_ENABLED_BY_DEFAULT;
const win32security.SE_GROUP_LOGON_ID;
const win32security.SE_GROUP_MANDATORY;
const win32security.SE_GROUP_OWNER;
const win32security.SE_GROUP_RESOURCE;
const win32security.SE_GROUP_USE_FOR_DENY_ONLY;
const win32security.SE_KERNEL_OBJECT;
const win32security.SE_LMSHARE;
const win32security.SE_OWNER_DEFAULTED;
const win32security.SE_PRINTER;
const win32security.SE_PRIVILEGE_ENABLED;
const win32security.SE_PRIVILEGE_ENABLED_BY_DEFAULT;
const win32security.SE_PRIVILEGE_REMOVED;
const win32security.SE_PRIVILEGE_USED_FOR_ACCESS;
const win32security.SE_PROVIDER_DEFINED_OBJECT;
const win32security.SE_REGISTRY_KEY;
const win32security.SE_REGISTRY_WOW64_32KEY;
const win32security.SE_SACL_AUTO_INHERITED;
win2k and up
const win32security.SE_SACL_DEFAULTED;
const win32security.SE_SACL_PRESENT;
const win32security.SE_SACL_PROTECTED;
win2k and up
const win32security.SE_SELF_RELATIVE;
const win32security.SE_SERVICE;
const win32security.SE_UNKNOWN_OBJECT_TYPE;
const win32security.SE_WINDOW_OBJECT;
const win32security.SE_WMIGUID_OBJECT;
win32security.SID
PySID = SID() Creates a new PySID object.
const win32security.STYPE_DEVICE;
const win32security.STYPE_DISKTREE;
const win32security.STYPE_IPC;
const win32security.STYPE_PRINTQ;
const win32security.STYPE_SPECIAL;
const win32security.STYPE_TEMPORARY;
const win32security.SUB_CONTAINERS_AND_OBJECTS_INHERIT;
const win32security.SUB_CONTAINERS_ONLY_INHERIT;
const win32security.SUB_OBJECTS_ONLY_INHERIT;
const win32security.SUCCESSFUL_ACCESS_ACE_FLAG;
const win32security.SYSTEM_AUDIT_ACE_TYPE;
System-audit ACE that uses the SYSTEM_AUDIT_ACE structure.
const win32security.SYSTEM_AUDIT_OBJECT_ACE_TYPE;
const win32security.SecurityAnonymous;
const win32security.SecurityDelegation;
const win32security.SecurityIdentification;
const win32security.SecurityImpersonation;
win32security.SetFileSecurity
SetFileSecurity(filename, info, security) Sets information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.
-
filename : string
The name of the file
-
info : int
The type of information to set.
-
security : PySECURITY_DESCRIPTOR
The security information
win32security.SetKernelObjectSecurity
SetKernelObjectSecurity(handle, info, security) Sets information about the security of a kernel object. The information obtained is constrained by the caller's access rights and privileges.
-
handle : PyHANDLE
The handle to an object for which security information will be set.
-
info : int
The type of information to set - combination of SECURITY_INFORMATION values
-
security : PySECURITY_DESCRIPTOR
The security information
win32security.SetNamedSecurityInfo
SetNamedSecurityInfo(ObjectName, ObjectType, SecurityInfo, Owner, Group, Dacl, Sacl) Sets security info for an object by name
-
ObjectName : str/unicode
Name of object
-
ObjectType : int
Value from SE_OBJECT_TYPE enum
-
SecurityInfo : int
Combination of SECURITY_INFORMATION constants
-
Owner : PySID
Sid to set as owner of object, can be None
-
Group : PySID
Group Sid, can be None
-
Dacl : PyACL
Discretionary ACL to set for object, can be None
-
Sacl : PyACL
System Audit ACL to set for object, can be None
win32security.SetSecurityInfo
SetSecurityInfo(handle, ObjectType, SecurityInfo, Owner, Group, Dacl, Sacl) Sets security info for an object by handle
-
handle : int/PyHANDLE
Handle to object
-
ObjectType : int
Value from SE_OBJECT_TYPE enum
-
SecurityInfo : int
Combination of SECURITY_INFORMATION constants
-
Owner : PySID
Sid to set as owner of object, can be None
-
Group : PySID
Group Sid, can be None
-
Dacl : PyACL
Discretionary ACL to set for object, can be None
-
Sacl : PyACL
System Audit ACL to set for object, can be None
win32security.SetThreadToken
SetThreadToken(Thread, Token) Assigns an impersonation token to a thread. The function
can also cause a thread to stop using an impersonation token.
-
Thread : PyHANDLE
Handle to a thread. Use None to indicate calling thread.
-
Token : PyHANDLE
Handle to an impersonation token. Use None to end impersonation.
win32security.SetTokenInformation
SetTokenInformation(TokenHandle, TokenInformationClass, TokenInformation) Set a specified type of information in an access token
-
TokenHandle : PyHANDLE
Handle to an access token to be modified
-
TokenInformationClass : int
Specifies a value from the TOKEN_INFORMATION_CLASS enumerated type identifying the type of information to be modfied
-
TokenInformation : object
Type is dependent on TokenInformationClass
win32security.SetUserObjectSecurity
SetUserObjectSecurity(handle, info, security) Sets information about the security of a user object. The information obtained is constrained by the caller's access rights and privileges.
-
handle : PyHANDLE
The handle to an object for which security information will be set.
-
info : int
The type of information to set - combination of SECURITY_INFORMATION values
-
security : PySECURITY_DESCRIPTOR
The security information
const win32security.SidTypeAlias;
Indicates an alias SID.
const win32security.SidTypeComputer;
Indicates a computer SID
const win32security.SidTypeDeletedAccount;
Indicates an SID for a deleted account.
const win32security.SidTypeDomain;
Indicates a domain SID.
const win32security.SidTypeGroup;
Indicates a group SID.
const win32security.SidTypeInvalid;
Indicates an invalid SID.
const win32security.SidTypeUnknown;
Indicates an unknown SID type.
const win32security.SidTypeUser;
Indicates a user SID.
const win32security.SidTypeWellKnownGroup;
Indicates an SID for a well-known group.
const win32security.TOKEN_ADJUST_DEFAULT;
Required to change the default ACL, primary group, or owner of an access token.
const win32security.TOKEN_ADJUST_GROUPS;
Required to change the groups specified in an access token.
const win32security.TOKEN_ADJUST_PRIVILEGES;
Required to change the privileges specified in an access token.
const win32security.TOKEN_ALL_ACCESS;
Combines the STANDARD_RIGHTS_REQUIRED standard access rights and all individual access rights for tokens.
const win32security.TOKEN_ASSIGN_PRIMARY;
Required to attach a primary token to a process in addition to the SE_CREATE_TOKEN_NAME privilege.
const win32security.TOKEN_DUPLICATE;
Required to duplicate an access token.
const win32security.TOKEN_EXECUTE;
Combines the STANDARD_RIGHTS_EXECUTE standard access rights and the TOKEN_IMPERSONATE access right.
const win32security.TOKEN_IMPERSONATE;
Required to attach an impersonation access token to a process.
const win32security.TOKEN_QUERY;
Required to query the contents of an access token.
const win32security.TOKEN_QUERY_SOURCE;
Required to query the source of an access token.
const win32security.TOKEN_READ;
Combines the STANDARD_RIGHTS_READ standard access rights and the TOKEN_QUERY access right.
const win32security.TOKEN_WRITE;
Combines the STANDARD_RIGHTS_WRITE standard access rights and the TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, and TOKEN_ADJUST_DEFAULT access rights.
const win32security.TRUSTEE_BAD_FORM;
const win32security.TRUSTEE_IS_ALIAS;
const win32security.TRUSTEE_IS_COMPUTER;
const win32security.TRUSTEE_IS_DELETED;
const win32security.TRUSTEE_IS_DOMAIN;
const win32security.TRUSTEE_IS_GROUP;
const win32security.TRUSTEE_IS_INVALID;
const win32security.TRUSTEE_IS_NAME;
const win32security.TRUSTEE_IS_OBJECTS_AND_NAME;
const win32security.TRUSTEE_IS_OBJECTS_AND_SID;
const win32security.TRUSTEE_IS_SID;
const win32security.TRUSTEE_IS_UNKNOWN;
const win32security.TRUSTEE_IS_USER;
const win32security.TRUSTEE_IS_WELL_KNOWN_GROUP;
const win32security.TokenImpersonation;
const win32security.TokenPrimary;
win32security.TranslateName
PyUnicode = TranslateName(accountName, accountNameFormat
, accountNameFormat
, numChars
) Converts a directory service object name from one format to another.
-
accountName : PyUnicode
object name
-
accountNameFormat : int
A value from the EXTENDED_NAME_FORMAT enumeration type indicating the format of the accountName name.
-
accountNameFormat : int
A value from the EXTENDED_NAME_FORMAT enumeration type indicating the format of the desired name.
-
numChars=1024 : int
Number of Unicode characters to allocate for the return buffer.
const win32security.TrustedControllersInformation;
const win32security.TrustedDomainAuthInformation;
const win32security.TrustedDomainAuthInformationInternal;
const win32security.TrustedDomainFullInformation;
const win32security.TrustedDomainFullInformation2Internal;
const win32security.TrustedDomainFullInformationInternal;
const win32security.TrustedDomainInformationBasic;
const win32security.TrustedDomainInformationEx;
const win32security.TrustedDomainInformationEx2Internal;
const win32security.TrustedDomainNameInformation;
const win32security.TrustedPasswordInformation;
const win32security.TrustedPosixOffsetInformation;
const win32security.UNPROTECTED_DACL_SECURITY_INFORMATION;
const win32security.UNPROTECTED_SACL_SECURITY_INFORMATION;