Windows apps
Collapse the table of content
Expand the table of content
Information
Switch
Switch
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

SetUserObjectSecurity function

The SetUserObjectSecurity function sets the security of a user object. This can be, for example, a window or a DDE conversation.

Syntax

C++
Copy 

BOOL WINAPI SetUserObjectSecurity(
  _In_ HANDLE                hObj,
  _In_ PSECURITY_INFORMATION pSIRequested,
  _In_ PSECURITY_DESCRIPTOR  pSID
);

Parameters

hObj [in]

A handle to a user object for which security information is set.

pSIRequested [in]

A pointer to a value that indicates the components of the security descriptor to set. This parameter can be a combination of the following values.

ValueMeaning
DACL_SECURITY_INFORMATION

Sets the discretionary access control list (DACL) of the object. The handle specified by hObj must have WRITE_DAC access, or the calling process must be the owner of the object.

GROUP_SECURITY_INFORMATION

Sets the primary group security identifier (SID) of the object.

OWNER_SECURITY_INFORMATION

Sets the SID of the owner of the object. The handle specified by hObj must have WRITE_OWNER access, or the calling process must be the owner of the object or have the SE_TAKE_OWNERSHIP_NAME privilege enabled.

SACL_SECURITY_INFORMATION

Sets the system access control list (SACL) of the object. The handle specified by hObj must have ACCESS_SYSTEM_SECURITY access.

Aa379592.wedge(en-us,VS.85).gifTo obtain ACCESS_SYSTEM_SECURITY access

  1. Enable the SE_SECURITY_NAME privilege in the current access token of the caller.
  2. Open the handle for ACCESS_SYSTEM_SECURITY access.
  3. Disable the privilege.

 

pSID [in]

A pointer to a SECURITY_DESCRIPTOR structure that contains the new security information.

This buffer must be aligned on a 4-byte boundary.

Return value

If the function succeeds, the function returns nonzero.

If the function fails, it returns zero. To get extended error information, call GetLastError.

Remarks

The SetUserObjectSecurity function applies changes specified in a security descriptor to the security descriptor assigned to a user object. The security descriptor of the object must be in self-relative form. If necessary, this function allocates additional memory to increase the size of the security descriptor.

Examples

For an example that uses this function, see Starting an Interactive Client Process.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header
Winuser.h (include Windows.h)

Library
User32.lib

DLL
User32.dll

See also

Low-level Access Control
Low-level Access Control Functions
GetUserObjectSecurity
SECURITY_DESCRIPTOR
SECURITY_INFORMATION
SetFileSecurity
SetKernelObjectSecurity
SetPrivateObjectSecurity

 

 

Show:
© 2017 Microsoft