Platform SDK: Access Control

RegSetKeySecurity

The RegSetKeySecurity function sets the security of an open registry key.

LONG RegSetKeySecurity(
  HKEY hKey,                                // handle to key
  SECURITY_INFORMATION SecurityInformation, // request
  PSECURITY_DESCRIPTOR pSecurityDescriptor  // SD
);

Parameters

hKey
[in] Handle to an open key for which the security descriptor is set.
SecurityInformation
[in] Specifies the components of the security descriptor to set. The value can be a combination of the following values.
Value Meaning
DACL_SECURITY_INFORMATION Sets the key's discretionary access control list (DACL). The hKey handle must have WRITE_DAC access, or the calling process must be the object's owner.
GROUP_SECURITY_INFORMATION Sets the key's primary group SID. The hKey handle must have WRITE_OWNER access, or the calling process must be the object's owner.
OWNER_SECURITY_INFORMATION Sets the key's owner security identifier (SID). The hKey handle must have WRITE_OWNER access, or the calling process must be the object's owner or have the SE_TAKE_OWNERSHIP_NAME privilege enabled.
SACL_SECURITY_INFORMATION Sets the key's system access control list (SACL). The hKey handle must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.

pSecurityDescriptor
[in] Pointer to a SECURITY_DESCRIPTOR structure that specifies the security attributes to set for the specified key.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in WINERROR.H. You can use the FormatMessage function with the FORMAT_MESSAGE_FROM_SYSTEM flag to get a generic description of the error.

Remarks

If hKey is one of the predefined keys, the predefined key should be closed with RegCloseKey. That ensures that the new security information is in effect the next time the predefined key is referenced.

Requirements

  Windows NT/2000: Requires Windows NT 3.1 or later.
  Header: Declared in Winreg.h; include Windows.h.
  Library: Use Advapi32.lib.

See Also

Low-Level Access-Control Overview, Low-Level Access Control Functions, RegCloseKey, RegDeleteKey, RegGetKeySecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION