| BOOL QueryServiceObjectSecurity(hService, dwSecurityInformation, lpSecurityDescriptor, cbBufSize, pcbBytesNeeded, ) | |||
| SC_HANDLE hService; | |||
| SECURITY_INFORMATION dwSecurityInformation; | |||
| PSECURITY_DESCRIPTOR lpSecurityDescriptor; | |||
| DWORD cbBufSize; | |||
| LPDWORD pcbBytesNeeded; |
The QueryServiceObjectSecurity function examines the security descriptor of a service object.
hService
Handle obtained from a previous CreateService or OpenService call.
dwSecurityInformation
Indicates which security information is to be applied to the object. The value(s) to be returned are passed in the lpSecurityDescriptor parameter.
The security information is specified using the following bit flags:
| Value | Meaning |
| OWNER_SECURITY_INFORMATION | ||
| Object's Owner SID is being referenced | ||
| GROUP_SECURITY_INFORMATION | ||
| Object's Group SID is being referenced | ||
| DACL_SECURITY_INFORMATION | ||
| Object's Discretionary ACL is being referenced | ||
| SACL_SECURITY_INFORMATION | ||
| Object's System ACL is being referenced | ||
lpSecurityDescriptor
A pointer to a buffer to receive a copy of the security descriptor of the service object specified by hService. The caller must have access to view the specified aspects of the object's security descriptor. The SECURITY_DESCRIPTOR data structure is returned in self-relative format.
cbBufSize
Size of the buffer in bytes pointed to by lpSecurityDescriptor.
pcbBytesNeeded
A pointer to a variable to receive the number of bytes needed to get the requested security descriptor.
Returns TRUE if security descriptor is successfully written into the supplied output buffer. If the return value is FALSE, an error has occurred. Use GetLastError to determine the cause of the failure.
| Errors | Value | Meaning |
| ERROR_ACCESS_DENIED | The specified handle was not opened with READ_CONTROL access, or the caller is not the owner of the object. | |
| ERROR_INVALID_HANDLE | The specified handle is invalid. | |
| ERROR_INSUFFICIENT_BUFFER | The specified output buffer is smaller than the required size returned in pcbBytesNeeded. None of the security descriptor is returned. | |
| ERROR_INVALID_PARAMETER | The specified security information is invalid. |
The API returns the requested security information currently assigned to a service object.
Based on the caller's access rights and privileges, This function will return a security descriptor containing any or all of the object's owner ID, group ID, discretionary ACL or system ACL. To read the owner ID, group ID, or the discretionary ACL the caller must be granted READ_CONTROL access to the object. To read the system ACL the caller must have “SeSecurityPrivilege” privilege.