win32security.CreateRestrictedToken

PyHANDLE = CreateRestrictedToken(ExistingTokenHandle, Flags , SidsToDisable , PrivilegesToDelete , SidsToRestrict )

Creates a restricted copy of an access token with reduced privs - requires win2K or higher

Parameters

ExistingTokenHandle : PyHANDLE

Handle to an access token (see win32security::LogonUser,win32security::OpenProcessToken

Flags : int

Valid values are zero or a combination of DISABLE_MAX_PRIVILEGE and SANDBOX_INERT

SidsToDisable : (PySID_AND_ATTRIBUTES,...)

Ssequence of PySID_AND_ATTRIBUTES tuples, or None

PrivilegesToDelete : (PyLUID_AND_ATTRIBUTES,...)

Privilege LUIDS to remove from token (attributes are ignored), or None

SidsToRestrict : (PySID_AND_ATTRIBUTES,...)

Sequence of PySID_AND_ATTRIBUTES tuples (attributes must be 0). Can be None.