Low-Level Access Control Functions

The following low-level functions are used to manipulate security descriptors. Use these functions if your application needs to run on Windows NT version 3.51 or earlier.

GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
MakeAbsoluteSD
MakeSelfRelativeSD
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl

The following low-level functions are used to manipulate ACEs and ACLs. Use these functions if your application needs to run on Windows NT version 3.51 or earlier.

AddAccessAllowedAce
AddAccessDeniedAce
AddAce
AddAuditAccessAce
DeleteAce
FindFirstFreeAce
GetAce
GetAclInformation
InitializeAcl
IsValidAcl
SetAclInformation

The following low-level functions are used to get and set the components of a security descriptor on various types of Win32 objects. Use these functions if your application needs to run on Windows NT version 3.51 or earlier.

GetFileSecurity
GetKernelObjectSecurity
GetPrinter
GetUserObjectSecurity
NetShareGetInfo
NetShareGetInfo
QueryServiceObjectSecurity
RegGetKeySecurity
RegSetKeySecurity
SetFileSecurity
SetKernelObjectSecurity
SetPrinter
SetServiceObjectSecurity
SetUserObjectSecurity

The following low-level functions are used to add ACEs to an ACL. These functions are supported on Windows NT versions 5.0 and later.

AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAuditAccessAceEx
AddAuditAccessObjectAce