A new DDE conversation does not inherits its SD from its parent windowstation. The new object is gives read, write and execute permission to its owner and is implicitly opened during its creation. The DDE application must modify the object's security if other users are to be given access.
| Value | Mapping value |
| GENERIC_READ | STANDARD_RIGHTS_READ |
| GENERIC_WRITE | STANDARD_RIGHTS_WRITE |
| GENERIC_EXECUTE | STANDARD_RIGHTS_EXECUTE |
| GENERIC_ALL | STANDARD_RIGHTS_REQUIRED |
The following discretionary ACE is used:
ACE 0:
ACE Type = AccessAllowed
sid = LogonSid
AccessMask =
GenericRead~| GenericWrite~| GenericExecute~| GenericAll~|
STANDARD_RIGHTS_REQUIRED
Inheritable by non-containers