SetServiceObjectSecurity
The SetServiceObjectSecurity
function sets the security descriptor of a service object.
BOOL SetServiceObjectSecurity(
|
SC_HANDLE hService, |
// handle of
service |
|
SECURITY_INFORMATION dwSecurityInformation, |
// type of security
information requested |
|
PSECURITY_DESCRIPTOR lpSecurityDescriptor |
// address of
security descriptor |
|
); |
|
Parameters
hService
Identifies
the service. This handle is returned by the OpenService or CreateService function. The access
required for this handle depends on the security information specified in the dwSecurityInformation
parameter.
dwSecurityInformation
Specifies the
security information to be set. Any or all of the following flags can be
specified:
|
Value |
Meaning |
|
OWNER_SECURITY_INFORMATION |
Sets the
object s owner security identifier (SID). The hService handle must
have WRITE_OWNER access, or the calling process must be the object s owner. |
|
GROUP_SECURITY_INFORMATION |
Sets the
object s primary group SID. The hService handle must have WRITE_OWNER
access, or the calling process must be the object s owner. |
|
DACL_SECURITY_INFORMATION |
Sets the
object s discretionary access control list (ACL). The hService handle
must have WRITE_DAC access, or the calling process must be the object s
owner. |
|
SACL_SECURITY_INFORMATION |
Sets the
object s system ACL. The calling process must have the SE_SECURITY_NAME
privilege. For more information about security privileges, see Privileges. |
lpSecurityDescriptor
Points to a SECURITY_DESCRIPTOR structure containing the
new security information.
Return Values
If the function
succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To get extended error information,
call GetLastError.
Errors
The following
error codes may be set by the service control manager. Other error codes may be
set by the registry functions that are called by the service control manager.
|
Value |
Meaning |
|
ERROR_ACCESS_DENIED |
|
|
|
The
specified handle was not opened with the required access, or the calling
process is not the owner of the object. |
|
ERROR_INVALID_HANDLE |
|
|
|
The
specified handle is invalid. |
|
ERROR_INVALID_PARAMETER |
|
|
|
The
specified security information or security descriptor is invalid. |
|
ERROR_SERVICE_MARKED_FOR_DELETE |
|
|
|
The
specified service has been marked for deletion. |
Remarks
The SetServiceObjectSecurity
function sets the specified portions of the service object s security
descriptor, based on the information specified in the lpSecurityDescriptor
buffer. This function replaces any or all of the security information
associated with the service object, according to the flags set in the dwSecurityInformation
parameter and subject to the calling process s access rights.
The initial
security descriptor of a service object is created by the service control
manager, based on the security descriptor of the process that called the CreateService
function to create the service. The security descriptor can be changed by
calling the SetServiceObjectSecurity function.
See Also