Platform SDK: Access Control

SE_OBJECT_TYPE

The SE_OBJECT_TYPE enumeration type contains values that correspond to the types of Win32 objects that support security. The functions, such as GetSecurityInfo and SetSecurityInfo, that set and retrieve an object's security information, use these values to indicate the type of object.

typedef enum _SE_OBJECT_TYPE {
  SE_UNKNOWN_OBJECT_TYPE = 0,
  SE_FILE_OBJECT,
  SE_SERVICE,
  SE_PRINTER,
  SE_REGISTRY_KEY,
  SE_LMSHARE,
  SE_KERNEL_OBJECT,
  SE_WINDOW_OBJECT,
  SE_DS_OBJECT,
  SE_DS_OBJECT_ALL,
  SE_PROVIDER_DEFINED_OBJECT
  SE_WMIGUID_OBJECT
} SE_OBJECT_TYPE;
Enumerator Value Meaning
SE_FILE_OBJECT Indicates a file or directory. The name string that identifies a file or directory object can be
  • A relative path, such as "abc.dat" or "..\abc.dat"
  • An absolute path, such as "\abc.dat", "c:\dir1\abc.dat", or "g:\remotedir\abc.dat"
  • A UNC name, such as "\\machinename\sharename\abc.dat".
  • A local file system root, such as "\\\\.\\c:". Security set on a file system root does not persist when the system is restarted.
SE_SERVICE Indicates a Win32 service. A service object can be a local service, such as "servicename"; or a remote service, such as "\\machinename\servicename".
SE_PRINTER Indicates a printer. A printer object can be a local printer, such as "printername"; or a remote printer, such as "\\machinename\printername".
SE_REGISTRY_KEY Indicates a registry key. A registry key object can be in the local registry, such as "CLASSES_ROOT\somepath"; or in a remote registry, such as "\\machinename\CLASSES_ROOT\somepath".

The names of registry keys must use the following literal strings to identify the predefined registry keys: "CLASSES_ROOT", "CURRENT_USER", "MACHINE", and "USERS".
SE_LMSHARE Indicates a network share. A share object can be local, such as "sharename"; or remote, such as "\\machinename\sharename".
SE_KERNEL_OBJECT Indicates a local kernel object.

The GetSecurityInfo and SetSecurityInfo functions support all types of kernel objects. The GetNamedSecurityInfo and SetNamedSecurityInfo functions work only with the following kernel objects: semaphore, event, mutex, waitable timer, and file mapping.

SE_WINDOW_OBJECT Indicates a window station or desktop object on the local computer. You cannot use GetNamedSecurityInfo and SetNamedSecurityInfo with these objects because the names of window stations or desktops are not unique.
SE_DS_OBJECT Windows 2000: Indicates a directory service (DS) object, or a property set or property of a directory service object.

The name string for a DS object can be a UNC name, such as "\\domain.microsoft.com\ou1\ou2\someobject".

The name string can also be in X.500 form, such as "CN=someobject,OU=ou2,OU=ou1,DC=domain,DC=microsoft,DC=com,O=internet".
SE_DS_OBJECT_ALL Windows 2000: Indicates a directory service object and all of its property sets and properties.
SE_PROVIDER_DEFINED_OBJECT Windows 2000: Indicates a provider-defined object.
SE_WMIGUID_OBJECT Windows 2000: Indicates a WMI object.

Requirements

  Windows NT/2000: Requires Windows NT 4.0 or later.
  Header: Declared in Accctrl.h.

See Also

Access Control Overview, Access Control Enumeration Types, GetSecurityInfo, GetNamedSecurityInfo, SetSecurityInfo, SetNamedSecurityInfo

Built on Tuesday, February 08, 2000