Retrieves the security token associated with the process that opened the specified file handle.
int64 GetHandleCreatorToken(int64 lHandleInfo);
LONG64 GetHandleCreatorToken(LONG64 lHandleInfo);
This method can be called within certain events to retrieve the security token associated with the process that opened the file handle specified by HandleInfo. The value to pass for HandleInfo should be obtained directly from the event. If the query fails, this method returns INVALID_HANDLE_VALUE.
The security token returned by this method can be passed to the Windows API's GetTokenInformation function to obtain more information about the process. This is particularly useful for implementing custom security checks; please refer to the Security Checks topic for more information.
Important: When applications are finished using the returned security token, they must close it using the Windows API's CloseHandle function.
Network Access Notes
For virtual drives shared on the network, applications may wish to obtain information about the network users accessing it (e.g., account names). Drives can be shared in several modes in Windows, which can affect the information retrievable via the security token this method returns:
- Authenticated mode, in which case the Helper DLL (which, in general, is responsible for relaying remote drive requests to and from the system driver) will impersonate the network user, allowing that account's actual information to be retrieved.
- Guest mode, in which case the retrievable information is for the system's GUEST account.
- Administrative shares (those which exist by default and whose names end with '$'; e.g., C$, ADMIN$, etc.), in which case the retrievable information is for the LOCAL_SYSTEM account.
Note: This method can only be called within events that expose a HandleInfo parameter, and must be called in the same thread that the event was originally fired on.
Error Handling (C++)
This method returns a Long64 value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.