3.1.4.6 RSetServiceObjectSecurity (Opnum 5)

  • Article

The RSetServiceObjectSecurity method sets the SECURITY_DESCRIPTOR structure associated with a service object.

 DWORD RSetServiceObjectSecurity(
   [in] SC_RPC_HANDLE hService,
   [in] SECURITY_INFORMATION dwSecurityInformation,
   [in, size_is(cbBufSize)] LPBYTE lpSecurityDescriptor,
   [in] DWORD cbBufSize
 );

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to a service record or to the SCM database that MUST have been created previously using one of the open methods specified in section 3.1.4.

dwSecurityInformation: A SECURITY_INFORMATION (section 2.2.1) type definition that specifies the security information being set.

lpSecurityDescriptor: A pointer to a buffer of bytes that contains the new security information.

cbBufSize: Size, in bytes, of the buffer pointed to by the lpSecurityDescriptor parameter.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success; otherwise, it returns one of the following error codes.

Return value/code

Description

5

ERROR_ACCESS_DENIED

The required access rights had not been granted to the caller when the RPC context handle was created.

6

ERROR_INVALID_HANDLE

The handle is no longer valid.

87

ERROR_INVALID_PARAMETER

A parameter that was specified is invalid.

1072

ERROR_SERVICE_MARKED_FOR_DELETE

The RDeleteService method has been called with an RPC context handle identifying the same service record as the hService parameter for this call.

The client MAY provide a combination of one or more SECURITY_INFORMATION bit flags for dwSecurityInformation.

If SACL_SECURITY_INFORMATION is specified via dwSecurityInformation, then an ACCESS_SYSTEM_SECURITY right MUSThave been granted to the caller when hService was created. (See WD in ACCESS_MASK in [MS-DTYP] 2.4.3.

If LABEL_SECURITY_INFORMATION or OWNER_SECURITY_INFORMATION or GROUP_SECURITY_INFORMATION is specified via dwSecurityInformation, then a WRITE_OWNER right MUST have been granted to the caller when hService was created. (See WO in ACCESS_MASK in [MS-DTYP] 2.4.3.)

If DACL_SECURITY_INFORMATION is specified via dwSecurityInformation, then a WRITE_DAC right MUST have been granted to the caller when hService was created. (See WD in ACCESS_MASK in [MS-DTYP] 2.4.3.)

In response to this request from the client, for a successful operation the server MUST apply the information from the SECURITY_DESCRIPTOR structure specified in the lpSecurityDescriptor parameter to the SecurityDescriptor associated with the SCM or the service record identified by the hService parameter of the request.