NTSTATUS SePrivilegePolicyCheck( IN OUT PACCESS_MASK RemainingDesiredAccess, IN OUT PACCESS_MASK PreviouslyGrantedAccess, IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL, IN PACCESS_TOKEN ExplicitToken OPTIONAL, OUT PPRIVILEGE_SET *PrivilegeSet, IN KPROCESSOR_MODE PreviousMode ); Routine Description: This routine implements privilege policy by examining the bits in a DesiredAccess mask and adjusting them based on privilege checks. Currently, a request for ACCESS_SYSTEM_SECURITY may only be satisfied by the caller having SeSecurityPrivilege. WRITE_OWNER may optionally be satisfied via SeTakeOwnershipPrivilege. Arguments: RemainingDesiredAccess - The desired access for the current operation. Bits may be cleared in this if the subject has particular privileges. PreviouslyGrantedAccess - Supplies an access mask describing any accesses that have already been granted. Bits may be set in here as a result of privilge checks. SubjectSecurityContext - Optionally provides the subject's security context. ExplicitToken - Optionally provides the token to be examined. PrivilegeSet - Supplies a pointer to a location in which will be returned a pointer to a privilege set. PreviousMode - The previous processor mode. Return Value: STATUS_SUCCESS - Any access requests that could be satisfied via privileges were done. STATUS_PRIVILEGE_NOT_HELD - An access type was being requested that requires a privilege, and the current subject did not have the privilege.