| Platform SDK: Access Control |
The RegSetKeySecurity function sets the security of an open registry key.
LONG RegSetKeySecurity( HKEY hKey, // handle to key SECURITY_INFORMATION SecurityInformation, // request PSECURITY_DESCRIPTOR pSecurityDescriptor // SD );
| Value | Meaning |
|---|---|
| DACL_SECURITY_INFORMATION | Sets the key's discretionary access control list (DACL). The hKey handle must have WRITE_DAC access, or the calling process must be the object's owner. |
| GROUP_SECURITY_INFORMATION | Sets the key's primary group SID. The hKey handle must have WRITE_OWNER access, or the calling process must be the object's owner. |
| OWNER_SECURITY_INFORMATION | Sets the key's owner security identifier (SID). The hKey handle must have WRITE_OWNER access, or the calling process must be the object's owner or have the SE_TAKE_OWNERSHIP_NAME privilege enabled. |
| SACL_SECURITY_INFORMATION | Sets the key's system access control list (SACL). The hKey handle must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege. |
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in WINERROR.H. You can use the FormatMessage function with the FORMAT_MESSAGE_FROM_SYSTEM flag to get a generic description of the error.
If hKey is one of the predefined keys, the predefined key should be closed with RegCloseKey. That ensures that the new security information is in effect the next time the predefined key is referenced.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winreg.h; include Windows.h.
Library: Use Advapi32.lib.
Low-Level Access-Control Overview, Low-Level Access Control Functions, RegCloseKey, RegDeleteKey, RegGetKeySecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION