Meziantou.Framework.Win32.AccessToken 2.0.20

Prefix Reserved
.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Meziantou.Framework.Win32.AccessToken --version 2.0.20
                    


                    

                
NuGet\Install-Package Meziantou.Framework.Win32.AccessToken -Version 2.0.20
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Meziantou.Framework.Win32.AccessToken" Version="2.0.20" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Meziantou.Framework.Win32.AccessToken" Version="2.0.20" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Meziantou.Framework.Win32.AccessToken" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Meziantou.Framework.Win32.AccessToken --version 2.0.20
                    


                    

                
#r "nuget: Meziantou.Framework.Win32.AccessToken, 2.0.20"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Meziantou.Framework.Win32.AccessToken@2.0.20
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Meziantou.Framework.Win32.AccessToken&version=2.0.20
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Meziantou.Framework.Win32.AccessToken&version=2.0.20
                    


                            Install as a Cake Tool

Meziantou.Framework.Win32.AccessToken

Meziantou.Framework.Win32.AccessToken is a .NET library that provides a managed wrapper for manipulating Windows Access Tokens. It allows you to query and modify security tokens, check privileges, enumerate groups, and manage token elevation.

Features

  • Query Token Information: Get token type, elevation type, owner, groups, privileges, and integrity level
  • Check Elevation: Determine if a token is elevated or restricted
  • Manage Privileges: Enable, disable, or remove privileges
  • Enumerate Groups and Privileges: List all groups and privileges associated with a token
  • Duplicate Tokens: Create duplicate tokens with different impersonation levels
  • Security Identifiers: Work with Windows SIDs and well-known SID types

Usage

Opening an Access Token

using Meziantou.Framework.Win32;

// Open the current process token
using var token = AccessToken.OpenCurrentProcessToken(TokenAccessLevels.Query);

// Open a token for a specific process
using var process = Process.GetCurrentProcess();
using var processToken = AccessToken.OpenProcessToken(process, TokenAccessLevels.Query);

Querying Token Information

using var token = AccessToken.OpenCurrentProcessToken(TokenAccessLevels.Query);

// Get token type (Primary or Impersonation)
var tokenType = token.GetTokenType();

// Check if token is elevated
bool isElevated = token.IsElevated();

// Get elevation type (Unknown, Default, Full, or Limited)
var elevationType = token.GetElevationType();

// Check if token is restricted
bool isRestricted = token.IsRestricted();

// Get token owner
var owner = token.GetOwner();
Console.WriteLine($"Owner: {owner.FullName} ({owner.Sid})");

// Get mandatory integrity level
var integrityLevel = token.GetMandatoryIntegrityLevel();
Console.WriteLine($"Integrity Level: {integrityLevel?.Sid}");

// Enumerate all groups
foreach (var group in token.EnumerateGroups())
{
    Console.WriteLine($"Group: {group.Sid.FullName}");
    Console.WriteLine($"  SID: {group.Sid.Sid}");
    Console.WriteLine($"  Attributes: {group.Attributes}");
}

// Enumerate restricted SIDs
foreach (var group in token.EnumerateRestrictedSid())
{
    Console.WriteLine($"Restricted SID: {group.Sid.FullName}");
}

// Enumerate all privileges
foreach (var privilege in token.EnumeratePrivileges())
{
    Console.WriteLine($"Privilege: {privilege.Name}");
    Console.WriteLine($"  Attributes: {privilege.Attributes}");
}

Managing Privileges

using var token = AccessToken.OpenCurrentProcessToken(TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges);

// Enable a privilege
token.EnablePrivilege(Privileges.SE_DEBUG_NAME);

// Disable a privilege
token.DisablePrivilege(Privileges.SE_DEBUG_NAME);

// Remove a privilege
token.RemovePrivilege(Privileges.SE_DEBUG_NAME);

// Disable all privileges
token.DisableAllPrivileges();

Checking for Administrator Privileges

bool IsAdministrator()
{
    using var token = AccessToken.OpenCurrentProcessToken(TokenAccessLevels.Query);

    // Check if current token has admin rights
    if (!IsAdministrator(token) && token.GetElevationType() == TokenElevationType.Limited)
    {
        // If limited, check the linked token (elevated token)
        using var linkedToken = token.GetLinkedToken();
        return IsAdministrator(linkedToken);
    }

    return false;

    static bool IsAdministrator(AccessToken accessToken)
    {
        var adminSid = SecurityIdentifier.FromWellKnown(WellKnownSidType.WinBuiltinAdministratorsSid);
        foreach (var group in accessToken.EnumerateGroups())
        {
            if (group.Attributes.HasFlag(GroupSidAttributes.SE_GROUP_ENABLED) &&
                group.Sid == adminSid)
            {
                return true;
            }
        }
        return false;
    }
}

Working with Security Identifiers

// Get SID from well-known type
var adminSid = SecurityIdentifier.FromWellKnown(WellKnownSidType.WinBuiltinAdministratorsSid);
Console.WriteLine($"Admin SID: {adminSid.Sid}");
Console.WriteLine($"Admin Name: {adminSid.FullName}");

// Get well-known integrity level SIDs
var lowIntegrity = SecurityIdentifier.FromWellKnown(WellKnownSidType.WinLowLabelSid);
var mediumIntegrity = SecurityIdentifier.FromWellKnown(WellKnownSidType.WinMediumLabelSid);
var highIntegrity = SecurityIdentifier.FromWellKnown(WellKnownSidType.WinHighLabelSid);

API Reference

AccessToken Class

Methods:

  • OpenCurrentProcessToken(TokenAccessLevels) - Opens the access token of the current process
  • OpenProcessToken(Process, TokenAccessLevels) - Opens the access token of a specific process
  • IsLimitedToken() - Checks if the current process token is limited
  • GetTokenType() - Returns the token type (Primary or Impersonation)
  • GetElevationType() - Returns the elevation type
  • IsElevated() - Checks if the token is elevated
  • IsRestricted() - Checks if the token is restricted
  • GetOwner() - Gets the owner SID
  • GetMandatoryIntegrityLevel() - Gets the mandatory integrity level
  • GetLinkedToken() - Gets the linked token (elevated/limited counterpart)
  • EnumerateGroups() - Enumerates all groups
  • EnumerateRestrictedSid() - Enumerates restricted SIDs
  • EnumeratePrivileges() - Enumerates all privileges
  • EnablePrivilege(string) - Enables a privilege
  • DisablePrivilege(string) - Disables a privilege
  • RemovePrivilege(string) - Removes a privilege
  • DisableAllPrivileges() - Disables all privileges
  • Duplicate(SecurityImpersonationLevel) - Duplicates the token

Privileges Class

Contains constants for all Windows privilege names:

  • SE_DEBUG_NAME - Debug programs
  • SE_BACKUP_NAME - Back up files and directories
  • SE_RESTORE_NAME - Restore files and directories
  • SE_SHUTDOWN_NAME - Shut down the system
  • And many more...

Additional Resources

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net10.0

    • No dependencies.

  • net8.0

    • No dependencies.

  • net9.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.0.20 191 1/25/2026
2.0.19 104 1/18/2026
2.0.18 176 12/14/2025
2.0.17 232 12/7/2025
2.0.16 133 11/30/2025
2.0.15 159 11/23/2025
2.0.14 145 11/16/2025
2.0.13 157 11/9/2025
2.0.12 147 11/2/2025
2.0.11 209 10/27/2025
2.0.10 159 10/26/2025
2.0.9 135 10/19/2025
2.0.8 378 9/16/2025
2.0.7 224 9/3/2025
2.0.6 231 3/1/2025
2.0.5 176 1/17/2025
2.0.4 182 11/17/2024
2.0.3 510 11/15/2023
2.0.2 4,584 7/14/2021
2.0.1 550 4/22/2021
Loading failed