There are several pairs of low-level functions for setting and retrieving an object's security descriptor. Each of these pairs works only with a limited set of Win32 objects. For example, one pair works with file objects and another works with registry keys. The following table shows the low-level functions to use with the different types of securable objects.
| Object type | Low-level functions |
|---|---|
| Files Directories Mailslots Named pipes |
Use the GetFileSecurity and SetFileSecurity functions. These functions use character strings to identify the securable object, instead of using handles. |
| Processes Threads Access tokens File-mapping objects Semaphores Events Mutexes Waitable timers |
Use the SetKernelObjectSecurity and GetKernelObjectSecurity functions. |
| Window stations Desktops |
Use the GetUserObjectSecurity and SetUserObjectSecurity functions. |
| Registry keys | Use the RegGetKeySecurity and RegSetKeySecurity functions. |
| Windows NT Service objects | Use the QueryServiceObjectSecurity and SetServiceObjectSecurity functions. |
| Printer objects | Use the PRINTER_INFO_2 structure with the GetPrinter and SetPrinter functions. |
| Windows NT network shares | Use level 502 with the NetShareGetInfo and NetShareSetInfo functions. |
| Private objects (objects private to the creating application) | Use the CreatePrivateObjectSecurity, DestroyPrivateObjectSecurity, GetPrivateObjectSecurity and SetPrivateObjectSecurity functions. |