Windows Access Control List (ACL) Example 25





Searching for a SID in an Access Token Program Example 2


The following program example is another working sample which is a smaller than the previous one. Notice the functions used in this program and compared to the previous program example.

Create a new empty Win32 console application project. Give a suitable project name and change the project location if needed.


Searching for a SID in an Access Token Program Example 2: Creating new VC++ project - Win32 console mode application


Then, add the source file and give it a suitable name.


Searching for a SID in an Access Token Program Example 2: Adding C++ source file to the existing project


Next, add the following source code.


#include <windows.h>

#include <stdio.h>



This routine returns TRUE if the caller's process is a member of the

Administrators local group. Caller is NOT expected

to be impersonating anyone and is expected to be able

to open its own process and process token.


Arguments: None.

Return Value:

   TRUE - Caller has Administrators local group.

   FALSE - Caller does not have Administrators local group.


BOOL IsUserAdminGrp(void)


      BOOL check = FALSE;


      PSID AdministratorsGroup;


      check = AllocateAndInitializeSid(





            0, 0, 0, 0, 0, 0,



      // if TRUE



            wprintf(LSID was allocated and initialized...\n);

            // Determines whether a specified security identifier (SID) is enabled in an access token.


                  NULL, // uses the impersonation token of the calling thread.

                              // If the thread is not impersonating, the function duplicates

                              // the thread's primary token to create an impersonation token

                  AdministratorsGroup,    // Pointer to a SID structure

                  &check                              // Result of the SID



                  wprintf(LCheckTokenMembership() failed, error %u\n, GetLastError());




                  wprintf(LCheckTokenMembership() is OK!\n);

                  // If the SID (the 2nd parameter) is present and has the SE_GROUP_ENABLED attribute,

                  // check (3rd parameter) returns TRUE; otherwise, it returns FALSE.

                  if(check == TRUE)

                        wprintf(LYes, you are an Administrators group!\n);


                        wprintf(LNo, you are not an Administrators group!\n);





            wprintf(LAllocateAndInitializeSid() failed, error %u\n, GetLastError());





int wmain(int argc, WCHAR **argv)


       BOOL bRetVal = IsUserAdminGrp();



               wprintf(LIsUserAdminGrp() failed, error %u\n, GetLastError());


               wprintf(LIsUserAdminGrp() is OK!\n);


       return 0;



Build and run the project. The following screenshot is a sample output.


Searching for a SID in an Access Token Program Example 2: Sample console output with the SID checking




< Windows ACL Example 24 | Windows Access Control List (ACL) Main | Win32 Programming | Windows ACL Example 26 >