To get or set an object's security information, use the GetSecurityInfoEx, GetNamedSecurityInfoEx, SetSecurityInfoEx, and SetNamedSecurityInfoEx functions. For additional information, see Modifying an Object's ACLs.
To get a pointer to an object's security descriptor or to the ACLs and SIDs in an object's security descriptor, use the GetSecurityInfo or GetNamedSecurityInfo functions.
To get the control information in a security descriptor, call the GetSecurityDescriptorControl function. To set the control bits that relate to automatic ACE inheritance, call the SetSecurityDescriptorControl function. Other control bits are set by the various functions that set a security descriptor component. For example, if you use SetSecurityInfoEx to change an object's DACL, the function sets or clears the bits as appropriate to indicate whether the security descriptor has a DACL, whether it's a default DACL, and so on.