Export (0) Print
Expand All

SetUserObjectSecurity function

The SetUserObjectSecurity function sets the security of a user object. This can be, for example, a window or a DDE conversation.

Syntax


BOOL WINAPI SetUserObjectSecurity(
  _In_  HANDLE hObj,
  _In_  PSECURITY_INFORMATION pSIRequested,
  _In_  PSECURITY_DESCRIPTOR pSID
);

Parameters

hObj [in]

A handle to a user object for which security information is set.

pSIRequested [in]

A pointer to a value that indicates the components of the security descriptor to set. This parameter can be a combination of the following values.

ValueMeaning
DACL_SECURITY_INFORMATION

Sets the discretionary access control list (DACL) of the object. The handle specified by hObj must have WRITE_DAC access, or the calling process must be the owner of the object.

GROUP_SECURITY_INFORMATION

Sets the primary group security identifier (SID) of the object.

OWNER_SECURITY_INFORMATION

Sets the SID of the owner of the object. The handle specified by hObj must have WRITE_OWNER access, or the calling process must be the owner of the object or have the SE_TAKE_OWNERSHIP_NAME privilege enabled.

SACL_SECURITY_INFORMATION

Sets the system access control list (SACL) of the object. The handle specified by hObj must have ACCESS_SYSTEM_SECURITY access.

Aa379592.wedge(en-us,VS.85).gifTo obtain ACCESS_SYSTEM_SECURITY access

  1. Enable the SE_SECURITY_NAME privilege in the current access token of the caller.
  2. Open the handle for ACCESS_SYSTEM_SECURITY access.
  3. Disable the privilege.

 

pSID [in]

A pointer to a SECURITY_DESCRIPTOR structure that contains the new security information.

This buffer must be aligned on a 4-byte boundary.

Return value

If the function succeeds, the function returns nonzero.

If the function fails, it returns zero. To get extended error information, call GetLastError.

Remarks

The SetUserObjectSecurity function applies changes specified in a security descriptor to the security descriptor assigned to a user object. The security descriptor of the object must be in self-relative form. If necessary, this function allocates additional memory to increase the size of the security descriptor.

Examples

For an example that uses this function, see Starting an Interactive Client Process.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Winuser.h (include Windows.h)

Library

User32.lib

DLL

User32.dll

See also

Low-level Access Control
Low-level Access Control Functions
GetUserObjectSecurity
SECURITY_DESCRIPTOR
SECURITY_INFORMATION
SetFileSecurity
SetKernelObjectSecurity
SetPrivateObjectSecurity

 

 

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

Show:
© 2014 Microsoft