Using SetTokenInformation to control file system virtualization on Vista?



I have discovered (purely through experimentation) that on Vista one can
enable/disable file system virtualization in a process by calling
SetTokenInformation with a class value of "TokenVirtualizationEnabled" (24).

My code looks like this:

BOOL EnableVirtualization(BOOL DoEnable)
{
HANDLE Token;
DWORD EnableValue = DoEnable ? 1 : 0;

if (!OpenProcessToken(GetCurrentProcess(), MAXIMUM_ALLOWED,
&Token))
{
return FALSE;
}
if (!SetTokenInformation(Token, (TOKEN_INFORMATION_CLASS)24,
&EnableValue, sizeof(EnableValue)))
{
CloseHandle(Token);
return FALSE;
}
CloseHandle(Token);
return TRUE;
}

Because there is currently no documentation for
TokenVirtualizationEnabled, there are some things I'm uncertain about:

1. Is there some other (higher-level?) API I should be using instead?

2. Will the SetTokenInformation call do anything besides just
enabling/disabling file system virtualization?
(I'm only interested in enabling virtualization temporarily in order to
move some files out of the VirtualStore. I certainly don't want any
nasty side effects that last for the lifetime of the process.)

3. What type should I be passing in the TokenInformation parameter?
DWORD values of 0 and 1 seem to work, but I don't know if that's *right*.

4. Is it possible to enable/disable virtualization on a per-thread basis?
I tried duplicating the process's token using DuplicateTokenEx() and
assigning it to the current thread using SetThreadToken(). That
succeeded, but then the SetTokenInformation() call no longer had any
effect (despite succeeding). Before I spend much more time trying to get
that to work, I'd like to know if it's simply not possible.

Thanks.

--
Jordan Russell
.



Relevant Pages