The RegSetKeySecurity function sets the security of an open registry key.
LONG RegSetKeySecurity(
HKEY hKey, // open handle of key to set
SECURITY_INFORMATION SecurityInformation,
// descriptor contents
PSECURITY_DESCRIPTOR pSecurityDescriptor
// address of descriptor for key
);
| Value | Meaning |
|---|---|
| OWNER_SECURITY_INFORMATION | |
| Sets the key's owner security identifier (SID). The hKey handle must have WRITE_OWNER access, or the calling process must be the object's owner or have the SE_TAKE_OWNERSHIP_NAME privilege enabled. | |
| GROUP_SECURITY_INFORMATION | |
| Sets the key's primary group SID. The hKey handle must have WRITE_OWNER access, or the calling process must be the object's owner. | |
| DACL_SECURITY_INFORMATION | |
| Sets the key's discretionary access control list (DACL). The hKey handle must have WRITE_DAC access, or the calling process must be the object's owner. | |
| SACL_SECURITY_INFORMATION | |
| Sets the key's system access control list (SACL). The hKey handle must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege. | |
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in WINERROR.H. You can use the FormatMessage function with the FORMAT_MESSAGE_FROM_SYSTEM flag to get a generic description of the error.
If hKey is one of the predefined keys, the predefined key should be closed with RegCloseKey. That ensures that the new security information is in effect the next time the predefined key is referenced.
Windows NT: Requires version 3.1 or later.
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in winreg.h.
Import Library: Use advapi32.lib.
Low-Level Access-Control Overview, Low-Level Access Control Functions, RegCloseKey, RegDeleteKey, RegGetKeySecurity, SECURITY_INFORMATION