RegGetKeySecurity

  LONG RegGetKeySecurity(hkey, SecInf, pSecDesc, lpcbSecDesc)    
  HKEY hkey; /* open handle to key to set */
  SECURITY_INFORMATION SecInf; /* specifies descriptor contents */
  PSECURITY_DESCRIPTOR pSecDesc; /* address of descriptor for this key */
  LPDWORD lpcbSecDesc; /* size of buffer and descriptor */

The RegGetKeySecurity function retrieves a copy of the security descriptor protecting a previously opened registration key.

Parameters

hkey

Specifies an open handle to the key to set the security for.

SecInf

Specifies a SECURITY_INFORMATION structure that indicates the requested security information.

pSecDesc

Points to a buffer that receives the requested SECURITY_DESCRIPTOR.

lpcbSecDesc

Points to a variable that specifies the size of the buffer at pSecDesc (in bytes). When the function returns, the variable contains the number of bytes written to the buffer.

Return Value

The return value is ERROR_SUCCESS if the function is successful. Otherwise, it is an error value.

If the pSecDesc buffer is too small, the function returns ERROR_INVALID_PARAMETER and lpcbSecDesc contains the number of bytes required for the requested descriptor.

Comments

Based on the caller's access rights and privileges, this function returns a security descriptor containing the requested security descriptor fields. To read the security descriptor for the specified key, the caller must be granted READ_CONTROL access or be the owner of the object. In addition, the caller must have SeSecurityPrivilege to read the system ACL.

See Also

RegSetKeySecurity