I am trying to impersonate the caller in a device driver by capturing&storing the security content, but the primary group is then not captured (i.e. TOKEN_PRIMARY_GROUP (https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_primary_group) always returns the default group, and not the one set in the process as primary group)
SECURITY_QUALITY_OF_SERVICE sec_qos;
SeCaptureSubjectContext(&sec_ctx);
sec_qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
sec_qos.ImpersonationLevel = SecurityImpersonation;
sec_qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
sec_qos.EffectiveOnly = 0;
status = SeCreateClientSecurityFromSubjectContext(&sec_ctx, &sec_qos, 1, &new_sec_ctx);
Is this a bug, or am I doing something wrong?