| Platform SDK: Access Control |
The SetKernelObjectSecurity function sets the security of a kernel object. For example, this can be a process, thread, or event.
BOOL SetKernelObjectSecurity( HANDLE Handle, // handle to object SECURITY_INFORMATION SecurityInformation, // components PSECURITY_DESCRIPTOR SecurityDescriptor // SD );
| Value | Meaning |
|---|---|
| DACL_SECURITY_INFORMATION | Sets the object's discretionary access control list (DACL). The handle must have WRITE_DAC access, or the calling process must be the object's owner. |
| GROUP_SECURITY_INFORMATION | Sets the object's primary group SID. The handle must have WRITE_OWNER access, or the calling process must be the object's owner. |
| OWNER_SECURITY_INFORMATION | Sets the object's owner security identifier (SID). The handle must have WRITE_OWNER access, or the calling process must be the object's owner or have the SE_TAKE_OWNERSHIP_NAME privilege enabled. |
| SACL_SECURITY_INFORMATION | Sets the object's system access control list (SACL). The handle must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege. |
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Advapi32.lib.
Low-Level Access-Control Overview, Low-Level Access Control Functions, GetKernelObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetFileSecurity, SetPrivateObjectSecurity, SetUserObjectSecurity