TokenAccessLevels
Defines the privileges of the user account associated with the access token.
AdjustDefault = 128
The user can change the default owner, primary group, or discretionary access control list (DACL) of the token.
AdjustGroups = 64
The user can change the attributes of the groups in the token.
AdjustPrivileges = 32
The user can enable or disable privileges in the token.
AdjustSessionId = 256
The user can adjust the session identifier of the token.
AllAccess = 983551
The user has all possible access to the token.
AssignPrimary = 1
The user can attach a primary token to a process.
Duplicate = 2
The user can duplicate the token.
Impersonate = 4
The user can impersonate a client.
MaximumAllowed = 33554432
The maximum value that can be assigned for the TokenAccessLevels enumeration.
Query = 8
The user can query the token.
QuerySource = 16
The user can query the source of the token.
Read = 131080
The user has standard read rights and the Query privilege for the token.
Write = 131296
The user has standard write rights and the AdjustPrivileges, AdjustGroups and AdjustDefault privileges for the token.