Low-level Security Descriptor Functions

There are several pairs of low-level functions for setting and retrieving an object's security descriptor. Each of these pairs works only with a limited set of Windows objects. For example, one pair works with file objects and another works with registry keys. The following table shows the low-level functions to use with the different types of securable objects.

Object typeLow-level functions
Use the GetFileSecurity and SetFileSecurity functions. These functions use character strings to identify the securable object, instead of using handles.
Use the GetKernelObjectSecurity and SetKernelObjectSecurity functions.
Use the GetUserObjectSecurity and SetUserObjectSecurity functions.
Use the RegGetKeySecurity and RegSetKeySecurity functions.
Use the QueryServiceObjectSecurity and SetServiceObjectSecurity functions.
  • Printer objects
Use the PRINTER_INFO_2 structure with the GetPrinter and SetPrinter functions.
Use level 502 with the NetShareGetInfo and NetShareSetInfo functions.
Use the CreatePrivateObjectSecurity, DestroyPrivateObjectSecurity, GetPrivateObjectSecurity and SetPrivateObjectSecurity functions.