SetKernelObjectSecurity

  BOOL SetKernelObjectSecurity(Handle, SecurityInformation, pSecurityDescriptor)    
  HANDLE Handle;    
  SECURITY_INFORMATION SecurityInformation;    
  PSECURITY_DESCRIPTOR pSecurityDescriptor;    

The SetKernelObjectSecurity function can be used to set the security of a kernel object (process, file, event, etc.).

This call is only successful if the following conditions are met:

If the object's owner or group is to be set, the caller must have WRITE_OWNER permission or have SeTakeOwnershipPrivilege.

If the object's DACL is to be set, the caller must have WRITE_DAC permission or be the object's owner.

If the object's SACL is to be set, the caller must have SeSecurityPrivilege.

Parameters

Handle

Specifies a kernel-object handle.

SecurityInformation

Specifies the type of information in the security descriptor at pSecurityDescrptor.

pSecurityDescriptor

Points to a well-formed security descriptor to apply to the specified kernel object.

Return Value

The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.