It might be desirable adding a configuration parameter to do group lookup over the TokenLinkedToken. This contains the "elevated" token, if the UAC filtered the direct token.
Using the default, filtered token (as introduced by this PR) should remain the default, as this is the default for Windows applications (e.g. when using Powershell Remoting). At the same time, if developers want to e.g. allow login depending on administrative rights, using the linked token might be useful.
Shall I open a new PR for:
- Improved documentation, describing why groups might be missing and differences between previous lookup.
- A configuration parameter for toggling between using the regular and the linked token.
Oh, and I could do #4 at the same time.
It might be desirable adding a configuration parameter to do group lookup over the
TokenLinkedToken. This contains the "elevated" token, if the UAC filtered the direct token.Using the default, filtered token (as introduced by this PR) should remain the default, as this is the default for Windows applications (e.g. when using Powershell Remoting). At the same time, if developers want to e.g. allow login depending on administrative rights, using the linked token might be useful.
Shall I open a new PR for:
Oh, and I could do #4 at the same time.