The SetKernelObjectSecurity function sets the security of a kernel object. For example, this can be a process, thread, or event.
BOOL SetKernelObjectSecurity(
HANDLE Handle, // handle of object
SECURITY_INFORMATION SecurityInformation,
// type of information to set
PSECURITY_DESCRIPTOR SecurityDescriptor
// address of security descriptor
);
Value | Meaning |
---|---|
OWNER_SECURITY_INFORMATION | |
Sets the object's owner security identifier (SID). The Handle handle must have WRITE_OWNER access, or the calling process must be the object's owner or have the SE_TAKE_OWNERSHIP_NAME privilege enabled. | |
GROUP_SECURITY_INFORMATION | |
Sets the object's primary group SID. The Handle handle must have WRITE_OWNER access, or the calling process must be the object's owner. | |
DACL_SECURITY_INFORMATION | |
Sets the object's discretionary access control list (DACL). The Handle handle must have WRITE_DAC access, or the calling process must be the object's owner. | |
SACL_SECURITY_INFORMATION | |
Sets the object's system access control list (SACL). The Handle handle must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege. |
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Windows NT: Requires version 3.1 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winbase.h.
Import Library: Use advapi32.lib.
Low-Level Access-Control Overview, Low-Level Access Control Functions, GetKernelObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetFileSecurity, SetPrivateObjectSecurity, SetUserObjectSecurity