Security Descriptors and Objects
You can use security descriptors to attach security information to many different kinds of securable objects. The Win32 API provides functions for setting and retrieving the security descriptor associated with a specified object.
Windows NT version 4.0 provides a new group of functions for manipulating the security descriptors of a variety of securable objects. The SetSecurityInfo and SetNamedSecurityInfo functions create a security descriptor from the specified SIDs and ACLs, and attach it to a specified object. The GetSecurityInfo and GetNamedSecurityInfo functions retrieve the security descriptor of a specified object. You can also use GetSecurityInfo and GetNamedSecurityInfo to get pointers to the SIDs and ACLs in the security descriptor of a specified object. These functions are easier to use than the older specialized functions for manipulating security descriptors, such as the GetFileSecurity and SetFileSecurity functions. This is because the new functions combine several steps into a single function call.
The GetSecurityInfo and SetSecurityInfo functions use handles to identify objects. You can use these functions with the following types of objects:
·Local or remote files or directories on an NTFS file system
·Mailslots and named pipes
·Local or remote printers
·Local or remote Windows NT services
·Windows NT network shares
·Registry keys
·Semaphores, events, mutexes, and waitable timers
·Processes, threads, file-mapping objects
·Window stations and desktops
The GetNamedSecurityInfo and SetNamedSecurityInfo functions use names to identify objects. You can use these functions with the following types of objects:
·Local or remote files or directories on an NTFS file system
·Local or remote printers
·Local or remote Windows NT services
·Windows NT network shares
·Registry keys
·Semaphores, events, mutexes, and waitable timers
·File-mapping objects
There is also a group of low-level functions for setting and retrieving security descriptors. For more information, see Windows NT 3.x Security Functions.