SE_OBJECT_TYPE

The SE_OBJECT_TYPE enumeration type contains values that correspond to the types of Win32 objects that support security. The functions, such as GetSecurityInfoEx and SetSecurityInfoEx, that set and retrieve an object's security information, use these values to indicate the type of object.

typedef enum _SE_OBJECT_TYPE
{
    SE_UNKNOWN_OBJECT_TYPE = 0,
    SE_FILE_OBJECT,
    SE_SERVICE,
    SE_PRINTER,
    SE_REGISTRY_KEY,
    SE_LMSHARE,
    SE_KERNEL_OBJECT,
    SE_WINDOW_OBJECT,
// #if(_WIN32_WINNT >= 0x0500)
    SE_DS_OBJECT,
    SE_DS_OBJECT_ALL,
    SE_PROVIDER_DEFINED_OBJECT
// #endif /* _WIN32_WINNT >=  0x0500 */
} SE_OBJECT_TYPE;
Enumerator Value Meaning
SE_FILE_OBJECT Indicates a file or directory. The name string that identifies a file or directory object can be
  • A relative path, such as "abc.dat" or "..\abc.dat"
  • An absolute path, such as "\abc.dat", "c:\dir1\abc.dat", or "g:\remotedir\abc.dat"
  • A UNC name, such as "\\machinename\sharename\abc.dat".
  • A local file system root, such as "\\\\.\\c:". Security set on a file system root does not persist when the system is restarted.
SE_SERVICE Indicates a Win32 service. A service object can be a local service, such as "servicename"; or a remote service, such as "\\machinename\servicename".
SE_PRINTER Indicates a printer. A printer object can be a local printer, such as "printername"; or a remote printer, such as "\\machinename\printername".
SE_REGISTRY_KEY Indicates a registry key. A registry key object can be in the local registry, such as "CLASSES_ROOT\somepath"; or in a remote registry, such as "\\machinename\CLASSES_ROOT\somepath".

The names of registry keys must use the following literal strings to identify the predefined registry keys: "CLASSES_ROOT", "CURRENT_USER", "MACHINE", and "USERS".
SE_LMSHARE Indicates a Windows NT network share. A share object can be local, such as "sharename"; or remote, such as "\\machinename\sharename".
SE_KERNEL_OBJECT Indicates a local kernel object, which includes the following object types: process, thread, semaphore, event, mutex, file mapping, waitable timer, access token, mailslot, named pipe, or anonymous pipe.

The GetSecurityInfoEx and SetSecurityInfoEx functions support all types of kernel objects for which provider-independent access rights are defined. The GetNamedSecurityInfoEx and SetNamedSecurityInfoEx functions work only with the following kernel objects: semaphore, event, mutex, waitable timer, and file mapping objects.

To access the security descriptor of an access token, use the GetSecurityInfo and SetSecurityInfo functions.

SE_WINDOW_OBJECT Indicates a window station or desktop object on the local computer. You cannot use GetNamedSecurityInfoEx and SetNamedSecurityInfoEx with these objects because the names of window stations or desktops are not unique.
SE_DS_OBJECT Indicates a directory service (DS) object, or a property set or property of a directory service object.

The name string for a DS object can be a UNC name, such as "\\domain.microsoft.com\ou1\ou2\someobject".

The name string can also be in X.500 form, such as "CN=someobject,OU=ou2,OU=ou1,DC=domain,DC=microsoft,DC=com,O=internet".
SE_DS_OBJECT_ALL Indicates a directory service object and all of its property sets and properties.
SE_PROVIDER_DEFINED_OBJECT Indicates a provider-defined object.

QuickInfo

  Windows NT: Requires version 4.0 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in accctrl.h.

See Also

Access Control Overview, Access Control Enumeration Types, GetSecurityInfo, GetSecurityInfoEx, GetNamedSecurityInfo, GetNamedSecurityInfoEx, SetSecurityInfo, SetSecurityInfoEx, SetNamedSecurityInfo, SetNamedSecurityInfoEx