[DllImport("userenv.dll", SetLastError = true)]
public static extern bool CreateRestrictedToken(
IntPtr ExistingTokenHandle,
uint Flags,
uint DisableSidCount,
[MarshalAs(UnmanagedType.LPArray,
SizeParamIndex = 2)] SidAndAttributes[] SidsToDisable,
uint DeletePrivilegeCount,
[MarshalAs(UnmanagedType.LPArray,
SizeParamIndex = 4)] LuidAndAttributes[] PrivilegesToDelete,
uint RestrictedSidCount,
[MarshalAs(UnmanagedType.LPArray,
SizeParamIndex = 6)] SidAndAttributes[] SidsToRestrict,
out IntPtr NewTokenHandle
);