Returns the security token of the process that initiated the operation
function GetOriginatorToken : THandle;
unsigned __fastcall GetOriginatorToken(void);
Function GetOriginatorToken() As IntPtr
Handle to the token if the function succeeded or INVALID_HANDLE_VALUE if the function failed.
Use GetOriginatorToken to get the security token of the process that originated the operation. You can use the security token to retrieve various security-related information using GetTokenInformation() function of Windows API.
Call this method only from the callback / event handlers.
Do not call this method from handlers for OnReadFile*, OnWriteFile* and other callbacks that work with opened files, as that callbacks can be initiated by the system components (cache manager, memory manager etc.). Instead do the following:
NOTE: you must call CloseHandle() function of Windows API to close the obtained token handle.
If you monitor the disk being shared, you might want to get security information (account name etc.) of the user, who accesses the disk across network. Disks can be shared in several modes in Windows: