SetSecurityDescriptorControl function (securitybaseapi.h)

Article
10/13/2021

The SetSecurityDescriptorControl function sets the control bits of a security descriptor. The function can set only the control bits that relate to automatic inheritance of ACEs. To set the other control bits of a security descriptor, use the functions, such as SetSecurityDescriptorDacl, for modifying the components of a security descriptor.

Syntax

BOOL SetSecurityDescriptorControl(
  [in] PSECURITY_DESCRIPTOR        pSecurityDescriptor,
  [in] SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
  [in] SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet
);

Parameters

[in] pSecurityDescriptor

A pointer to a SECURITY_DESCRIPTOR structure whose control and revision information are set.

[in] ControlBitsOfInterest

A SECURITY_DESCRIPTOR_CONTROL mask that indicates the control bits to set.

[in] ControlBitsToSet

A SECURITY_DESCRIPTOR_CONTROL mask that indicates the new values for the control bits specified by the ControlBitsOfInterest mask.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The SetSecurityDescriptorControl function specifies the control bit or bits to modify, and whether the bits are on or off.

Examples

The following example marks the DACL on the security descriptor as protected.

    SetSecurityDescriptorControl( &SecDesc,
            SE_DACL_PROTECTED, SE_DACL_PROTECTED );

The following example marks the DACL as not protected.

    SetSecurityDescriptorControl( &SecDesc,
            SE_DACL_PROTECTED, 0 );

Requirements

Requirement	Value
Minimum supported client	Windows XP [desktop apps \| UWP apps]
Minimum supported server	Windows Server 2003 [desktop apps \| UWP apps]
Target Platform	Windows
Header	securitybaseapi.h (include Windows.h)
Library	Advapi32.lib
DLL	Advapi32.dll