Home Library Learn Downloads Support Community
Sign in | United States - English | |
This topic has not yet been rated - Rate this topic

SetSecurityDescriptor method of the StdRegProv Class

Applies to: desktop apps only

The SetSecurityDescriptor method updates the security descriptor of the specified key with a new security descriptor that is defined by an instance of a __SecurityDescriptor class.

Syntax

Copy 
uint32 SetSecurityDescriptor(
  [in]  uint32 hDefKey = HKEY_LOCAL_MACHINE,
  [in]  string sSubKeyName,
  __SecurityDescriptor Descriptor
);

Parameters

hDefKey [in]

A registry tree, also known as a hive, that contains the sSubKeyName path. The default value is HKEY_LOCAL_MACHINE.

Be aware that HKEY_DYN_DATA is a valid tree for computers running Windows 95 and Windows 98 only.

The following trees are defined in Winreg.h.

HKEY_CLASSES_ROOT (2147483648 (0x80000000))
HKEY_CURRENT_USER (2147483649 (0x80000001))
HKEY_LOCAL_MACHINE (2147483650 (0x80000002))
HKEY_USERS (2147483651 (0x80000003))
HKEY_CURRENT_CONFIG (2147483653 (0x80000005))
HKEY_DYN_DATA (2147483654 (0x80000006))
sSubKeyName [in]

The key name on which to set the security descriptor.

Descriptor

The security descriptor to set on the key name.

Remarks

The Win32_SecurityDescriptor instance represents a SECURITY_DESCRIPTOR_CONTROL data type and contains a Discretionary access control list (DACL) and a System Access Control List (SACL). For more information, see Access Control Lists.

If the SeSecurityPrivilege is not granted or enabled when getting a security descriptor, then only the DACL is returned in the returned security descriptor. For more information, see Privilege Constants and Executing Privileged Operations.

You can update both the DACL and the SACL in the Win32_SecurityDescriptor instance when calling this method, but you also can update only the DACL or only the SACL.

The following values in SECURITY_DESCRIPTOR_CONTROL determine whether the DACL or the SACL or both are updated.

  • SE_DACL_PRESENT

    Indicates that the DACL should be updated. If this is not set then WMI preserves the original value of the DACL.

  • SE_SACL_PRESENT

    Indicates that the SACL should be updated. If this is not set then WMI preserves the original value of the SACL. To update the SACL, the account must have the SeSecurityPrivilege privilege enabled. For scripting, the privilege name is SeSecurityPrivilege. For more information, see Privilege Constants.

If the Group trustee and the Owner trustee properties are not NULL, then they are updated. Otherwise, WMI preserves the original values. For more information, see WMI Security Descriptor Objects.

When a new SACL is NULL in a call this method, then the security descriptor SACL on the target securable object is left unchanged.

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Namespace

\root\default

MOF
Regevent.mof

DLL
Stdprov.dll

See also

StdRegProv
Modifying the System Registry
WMI Tasks: Registry

 

 

Send comments about this topic to Microsoft

Build date: 3/9/2012

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ