SetKernelObjectSecurity

The SetKernelObjectSecurity function sets the security of a kernel object. For example, this can be a process, thread, or event.

BOOL SetKernelObjectSecurity(

HANDLE Handle, // handle of object
SECURITY_INFORMATION SecurityInformation, // type of information to set
PSECURITY_DESCRIPTOR SecurityDescriptor // address of security descriptor
);  

Parameters

Handle

Identifies a kernel object for which security information is set.

SecurityInformation

Specifies a SECURITY_INFORMATION structure identifying the contents of the security descriptor pointed to by the SecurityDescriptor parameter.

SecurityDescriptor

Points to a SECURITY_DESCRIPTOR structure containing the new security information.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The SetKernelObjectSecurity function is successful only if the following conditions are met:

·If the object's owner is being set, the calling process must have either WRITE_OWNER permission or be the object's owner.

·If the object's discretionary access-control list (ACL) is being set, the calling process must have either WRITE_DAC permission or be the object's owner.

·If the object's system ACL is being set, the SE_SECURITY_NAME privilege must be enabled for the calling process.

See Also

GetKernelObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetFileSecurity, SetPrivateObjectSecurity, SetUserObjectSecurity