A securable object is an object that can have a security descriptor. Windows NT supports many different types of securable objects.
All named objects are securable. Some unnamed objects, such as process and thread objects, can have security descriptors, too.
For most securable objects, you can specify an object's security descriptor in the function call that creates the object. For example, you can specify a security descriptor in the CreateFile and CreateProcess functions. In addition, the Win32 API provides functions for getting and setting the security descriptor of an existing object. The following table shows the functions to use for working with the different types of securable objects.
| Object type |
High-level functions |
Windows NT 3.x functions |
| Files and directories |
GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo |
GetFileSecurity, SetFileSecurity |
| Mailslots and Named Pipes |
GetSecurityInfo, SetSecurityInfo |
GetFileSecurity, SetFileSecurity |
| Console screen buffer |
Not supported. |
Not supported. |
| Processes, threads, and file-mapping objects |
GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo |
SetKernelObjectSecurity, GetKernelObjectSecurity |
| Access tokens |
Not supported. |
SetKernelObjectSecurity, GetKernelObjectSecurity |
| Window-management objects (window stations and desktops) |
GetSecurityInfo, SetSecurityInfo |
GetUserObjectSecurity, SetUserObjectSecurity |
| Registry objects |
GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo |
RegGetKeySecurity, RegSetKeySecurity |
| Windows NT Service objects |
GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo |
QueryServiceObjectSecurity, SetServiceObjectSecurity |
| Printer objects |
GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo |
GetPrinter, SetPrinter |
| Windows NT network shares |
GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo |
NetShareGetInfo and NetShareSetInfo, using level 502. |
| Interprocess synchronization objects (semaphores, events, mutexes, and waitable timers) |
GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo |
SetKernelObjectSecurity, GetKernelObjectSecurity |
| Private objects (objects private to the creating application) |
Not supported. |
CreatePrivateObjectSecurity, DestroyPrivateObjectSecurity, GetPrivateObjectSecurity, SetPrivateObjectSecurity |