RtlIsCapabilitySid - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTRTL_H
#if (PHNT_VERSION >= PHNT_WIN8)

// rev
NTSYSAPI
BOOLEAN
NTAPI
RtlIsCapabilitySid(
    _In_ PSID Sid
    );

#endif
#endif

View code on GitHub

Determines if the specified SID is a capability SID.

Parameters

Implementation details

The function checks if the SID belongs to SECURITY_APP_PACKAGE_AUTHORITY (15) with SECURITY_CAPABILITY_BASE_RID (3). In other words, it accepts S-1-15-3-* SIDs.

Required OS version

This function was introduced in Windows 8.

See also

Edit description on GitHub