SetKernelObjectSecurity

The SetKernelObjectSecurity function sets the security of a kernel object. For example, this can be a process, thread, or event.

BOOL SetKernelObjectSecurity(
  HANDLE Handle,  // handle of object
  SECURITY_INFORMATION SecurityInformation,
                  // type of information to set
  PSECURITY_DESCRIPTOR SecurityDescriptor 
                  // address of security descriptor
);
 

Parameters

Handle
Identifies a kernel object for which security information is set.
SecurityInformation
Specifies the components of the security descriptor to set. The value can be a combination of the following flags.
Value Meaning
OWNER_SECURITY_INFORMATION
Sets the object's owner security identifier (SID). The Handle handle must have WRITE_OWNER access, or the calling process must be the object's owner or have the SE_TAKE_OWNERSHIP_NAME privilege enabled.
GROUP_SECURITY_INFORMATION
Sets the object's primary group SID. The Handle handle must have WRITE_OWNER access, or the calling process must be the object's owner.
DACL_SECURITY_INFORMATION
Sets the object's discretionary access control list (DACL). The Handle handle must have WRITE_DAC access, or the calling process must be the object's owner.
SACL_SECURITY_INFORMATION
Sets the object's system access control list (SACL). The Handle handle must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.

SecurityDescriptor
Pointer to a SECURITY_DESCRIPTOR structure containing the new security information.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

QuickInfo

  Windows NT: Requires version 3.1 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in winbase.h.
  Import Library: Use advapi32.lib.

See Also

Low-Level Access-Control Overview, Low-Level Access Control Functions, GetKernelObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetFileSecurity, SetPrivateObjectSecurity, SetUserObjectSecurity