// We are allocating a new ACL with a new ace inserted.  The new
        // ACL must be LocalFree''d
        if(ERROR_SUCCESS != SetEntriesInAcl(1, &ea, pAcl, &pNewAcl))
        {
            printf("ModifySecurity SetEntriesInAcl Failed");
            pNewAcl = NULL;
            __leave;
        }

        // Find the buffer sizes we would need to make our SD absolute
        pAcl               = NULL;
        dwSDLength         = 0;
        DWORD dwAclSize    = 0;
        DWORD dwSaclSize   = 0;
        DWORD dwSidOwnLen  = 0;
        DWORD dwSidPrimLen = 0;
        PSECURITY_DESCRIPTOR pAbsSD = NULL;
        if(MakeAbsoluteSD(pSD, pAbsSD, &dwSDLength, pAcl, &dwAclSize, pSacl,
            &dwSaclSize, pSidOwner, &dwSidOwnLen, pSidPrimary, &dwSidPrimLen)
            || (GetLastError() != ERROR_INSUFFICIENT_BUFFER))
        {
            printf("ModifySecurity MakeAbsoluteSD Size Failed");
            __leave;
        }

        // Allocate the buffers
        pAcl = (PACL) LocalAlloc(LPTR, dwAclSize);
        pSacl = (PACL) LocalAlloc(LPTR, dwSaclSize);
        pSidOwner = (PSID) LocalAlloc(LPTR, dwSidOwnLen);
        pSidPrimary = (PSID) LocalAlloc(LPTR, dwSidPrimLen);
        pAbsSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, dwSDLength);
        if(!(pAcl && pSacl && pSidOwner && pSidPrimary && pAbsSD))
        {
            printf("ModifySecurity Invalid SID Found");
            __leave;
        }

        // And actually make our SD absolute
        if(!MakeAbsoluteSD(pSD, pAbsSD, &dwSDLength, pAcl, &dwAclSize, pSacl,
            &dwSaclSize, pSidOwner, &dwSidOwnLen, pSidPrimary, &dwSidPrimLen))
        {
            printf("ModifySecurity MakeAbsoluteSD Failed");
            __leave;
        }

        // Now set the security descriptor DACL
        if(!SetSecurityDescriptorDacl(pAbsSD, fDaclPresent, pNewAcl,
            fDaclDefaulted))
        {
            printf("ModifySecurity SetSecurityDescriptorDacl Failed");
            __leave;
        }

        // And set the security for the object
        if(!SetKernelObjectSecurity(hProc, DACL_SECURITY_INFORMATION, pAbsSD))
        {
            printf("ModifySecurity SetKernelObjectSecurity Failed");
            __leave;
        }

        fSuccess = TRUE;

    }
    __finally
    {
        // Cleanup
        if (pNewAcl == NULL)
            LocalFree(pNewAcl);

        if (pSD == NULL)
            LocalFree(pSD);

        if (pAcl == NULL)
            LocalFree(pAcl);

        if (pSacl == NULL)
            LocalFree(pSacl);

        if (pSidOwner == NULL)
            LocalFree(pSidOwner);

        if (pSidPrimary == NULL)
            LocalFree(pSidPrimary);

        if(!fSuccess)
        {
            printf("ModifySecurity exception caught in __finally");
        }

        return(fSuccess);
    }
}

HANDLE GetLSAToken()
{
    HANDLE hProc  = NULL;
    HANDLE hToken = NULL;
    BOOL bSuccess = FALSE;
    __try
    {
        // Enable the SE_DEBUG_NAME privilege in our process token
        if (!EnablePrivilege(SE_DEBUG_NAME))
        {
            printf("GetLSAToken EnablePrivilege Failed");
            __leave;
        }

        // Retrieve a handle to the "System" process
        hProc = OpenSystemProcess();
        if(hProc == NULL)
        {
            printf("GetLSAToken OpenSystemProcess Failed");
            __leave;
        }

        // Open the process token with READ_CONTROL and WRITE_DAC access.  We
        // will use this access to modify the security of the token so that we
        // retrieve it again with a more complete set of rights.
        BOOL fResult = OpenProcessToken(hProc, READ_CONTROL | WRITE_DAC,
            &hToken);
        if(FALSE == fResult)  
        {
            printf("GetLSAToken OpenProcessToken Failed");
            __leave;
        }

        // Add an ace for the current user for the token.  This ace will add
        // TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_QUERY rights.
        if (!ModifySecurity(hToken, TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY
            | TOKEN_QUERY | TOKEN_ADJUST_SESSIONID))
        {
            printf("GetLSAToken ModifySecurity Failed");
            __leave;
        }
        

        // Reopen the process token now that we have added the rights to
        // query the token, duplicate it, and assign it.
        fResult = OpenProcessToken(hProc, TOKEN_QUERY | TOKEN_DUPLICATE
    &nb, sp;       | TOKEN_ASSIGN_PRIMARY | READ_CONTROL | WRITE_DAC, &hToken);
        if (FALSE == fResult)  
        {
            printf("GetLSAToken OpenProcessToken Failed");
            __leave;
        }
        bSuccess = TRUE;
    }
    __finally
    {
        // Close the System process handle
        if (hProc != NULL)    CloseHandle(hProc);
        if(bSuccess)
            return hToken;
        else
        {
            ::CloseHandle(hToken);
            return NULL;
        }
    }
}

#define DESKTOP_ALL (DESKTOP_READOBJECTS | DESKTOP_CREATEWINDOW | DESKTOP_CREATEMENU | DESKTOP_HOOKCONTROL | \
        DESKTOP_JOURNALRECORD | DESKTOP_JOURNALPLAYBACK | \
        DESKTOP_ENUMERATE | DESKTOP_WRITEOBJECTS | \
        DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_REQUIRED)

#define WINSTA_ALL (WINSTA_ENUMDESKTOPS | WINSTA_READATTRIBUTES |  \
    WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | \
        WINSTA_WRITEATTRIBUTES | WINSTA_ACCESSGLOBALATOMS | \
        WINSTA_EXITWINDOWS | WINSTA_ENUMERATE | \
        WINSTA_READSCREEN | \
        STANDARD_RIGHTS_REQUIRED)

---

#define GENERIC_ACCESS (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL)

BOOL AddAceToWindowStation(HWINSTA hwinsta, PSID psid);

BOOL AddAceToDesktop(HDESK hdesk, PSID psid);

BOOL GetLogonSID(HANDLE hToken, PSID *ppsid)
{
    PWTS_PROCESS_INFO pProcessInfo = NULL;
    DWORD             ProcessCount = 0;
    BOOL                ret=FALSE;