| BOOL SetServiceObjectSecurity(hService, dwSecurityInformation, lpSecurityDescriptor, ) | |||
| SC_HANDLE hService; | |||
| SECURITY_INFORMATION dwSecurityInformation; | |||
| PSECURITY_DESCRIPTOR lpSecurityDescriptor; |
The SetServiceObjectSecurity function modifies the security descriptor of a service object.
hService
Handle obtained from a previous CreateService or OpenService call.
dwSecurityInformation
Indicates which security information is to be applied to the object. The value(s) to be assigned are passed in the lpSecurityDescriptor parameter.
The security information is specified using the following bit flags:
| Value | Meaning |
| OWNER_SECURITY_INFORMATION | ||
| Object's Owner SID is being referenced | ||
| GROUP_SECURITY_INFORMATION | ||
| Object's Group SID is being referenced | ||
| DACL_SECURITY_INFORMATION | ||
| Object's Discretionary ACL is being referenced | ||
| SACL_SECURITY_INFORMATION | ||
| Object's System ACL is being referenced | ||
lpSecurityDescriptor
A pointer to a well-formed security descriptor.
Returns TRUE if the specified service object is successfully assigned a new security descriptor. If the return value is FALSE, an error has occurred. Use GetLastError to determine the cause of the failure.
| Errors | Value | Meaning |
| ERROR_ACCESS_DENIED | The specified handle was not opened with the required access, or the caller is not the owner of the object. | |
| ERROR_INVALID_HANDLE | The specified handle is invalid. | |
| ERROR_INVALID_PARAMETER | The specified security information or security descriptor is invalid. |
The API takes a well-formed security descriptor provided by the caller and assigns specified portions of it to the service object. Based on the flags set in the dwSecurityInformation parameter and the caller's access rights, this function will replace any or all of the security information associated with the service object.
This function is available to users and applications for changing security information, including the owner ID, group ID, and the discretionary and system ACLs of a service object. The caller must have WRITE_OWNER access to the object to change the owner or primary group of the object. The caller must have WRITE_DAC access to the object to change the discretionary ACL. The caller must have the “SeSecurityPrivilege” privilege to assign a system ACL to the object.