Low-Level Security Descriptor Functions
There are several groups of specialized functions for setting and retrieving an object's security descriptor. Each of these groups of functions works only with a limited set of objects. For example, one group of functions works with file objects and another works with registry keys. Applications written for Windows NT version 4.0 or later should use the high-level security functions, which are designed to work with most types of securable objects. For more information about the high-level functions, see Security Descriptors and Objects.
To manipulate security descriptors for files, directories, mailslots, and named pipes, you can use the GetFileSecurity and SetFileSecurity functions. These functions use character strings to identify the securable object, instead of using the handles required by other security functions. For more information, see File and Directory Objects and Pipe Objects.
To manipulate security descriptors for kernel objects, you can use the GetKernelObjectSecurity and SetKernelObjectSecurity functions. Kernel objects include process, thread, semaphore, event, mutex, file mapping, waitable timer, and access token objects. For more information, see Special Access Kernel Objects.
To manipulate security descriptors for window station and desktop objects, you can use the GetUserObjectSecurity and SetUserObjectSecurity functions. For more information, see Window-management Objects.
To manipulate security descriptors for registry keys, you can use the RegGetKeySecurity and RegSetKeySecurity functions. For more information, see Registry Key Objects.
To manipulate security descriptors for Windows NT services, you can use the QueryServiceObjectSecurity and SetServiceObjectSecurity functions. For more information, see Service Objects.
To manipulate security descriptors for printers, you can use the PRINTER_INFO_2 structure with the GetPrinter and SetPrinter functions.