[New - Windows NT]
The TRUSTEE structure identifies a user account, group account, or a logon account for a program such as a Windows NT service. The structure can use a name or a security identifier (SID) to identify the trustee.
Access control functions, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to identify the logon account associated with the access-control or audit-control information in an EXPLICIT_ACCESS structure.
typedef struct _TRUSTEE
{
PTRUSTEE pMultipleTrustee;
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
TRUSTEE_FORM TrusteeForm;
TRUSTEE_TYPE TrusteeType;
LPTSTR ptstrName;
} TRUSTEE;
Members
pMultipleTrustee
Pointer to a TRUSTEE structure that identifies a server account that can impersonate the user identified by the ptstrName member. Windows NT does not currently support this functionality; therefore, this member must be NULL.
MultipleTrusteeOperation
Specifies a value from the MULTIPLE_TRUSTEE_OPERATION enumeration type. Currently, this member must be NO_MULTIPLE_TRUSTEE.
TrusteeForm
Specifies a value from the TRUSTEE_FORM enumeration type that indicates whether the trustee is identified by name or by a SID.
TrusteeType
Specifies a value from the TRUSTEE_TYPE enumeration type that indicates whether the trustee is a user account, a group account, or the account type is unknown.
ptstrName
If TrusteeForm is TRUSTEE_IS_NAME, this member is a pointer to a null-terminated string that contains the name of the trustee.
If TrusteeForm is TRUSTEE_IS_SID, this member is a pointer to the SID of the trustee.
Remarks
A trustee name can have any of the following formats:
·A fully qualified name, such as "g:\remotedir\abc".
·A Windows NT version 3.x or later domain account, such as "redmond\xyz".
·One of the predefined group names, such as "EVERYONE" or "GUEST".
·One of the following special names.
| Name | Meaning |
| "CURRENT_USER" | Indicates the owner of the calling thread or process. |
| "CREATOR OWNER" | Indicates the CREATOR_OWNER security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the SID of the user who created the object. |
| "CREATOR GROUP" | Indicates the CREATOR_GROUP security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the primary group SID of the user who created the object. |
A trustee SID can be any user or group SID. It can also be any of the universal, well-known SIDs. For more information, see Security Identifiers (SIDs).
See Also
ACL, EXPLICIT_ACCESS, GetExplicitEntriesFromAcl, MULTIPLE_TRUSTEE_OPERATION, SetEntriesInAcl, SID, TRUSTEE_FORM, TRUSTEE_TYPE