RtlSetGroupSecurityDescriptor function (ntifs.h)
The RtlSetGroupSecurityDescriptor routine sets the primary group information of an absolute-format security descriptor. It replaces any primary group information that is already present in the security descriptor.
Syntax
NTSYSAPI NTSTATUS RtlSetGroupSecurityDescriptor(
[in, out] PSECURITY_DESCRIPTOR SecurityDescriptor,
[in, optional] PSID Group,
[in, optional] BOOLEAN GroupDefaulted
);
Parameters
[in, out] SecurityDescriptor
Pointer to the SECURITY_DESCRIPTOR structure whose primary group is to be set. RtlSetGroupSecurityDescriptor replaces any existing primary group with the new primary group.
[in, optional] Group
Pointer to a security identifier (SID) structure for the security descriptor's new primary owner. This pointer, not the SID structure itself, is copied into the security descriptor. If Group is NULL, RtlSetGroupSecurityDescriptor clears the security descriptor's primary group information. This marks the security descriptor as having no primary group.
[in, optional] GroupDefaulted
Set this Boolean variable to TRUE if the primary group information is derived from a default mechanism. If this parameter is TRUE, RtlSetGroupSecurityDescriptor sets the SE_GROUP_DEFAULTED flag in the security descriptor's SECURITY_DESCRIPTOR_CONTROL field. If this parameter is FALSE, RtlSetGroupSecurityDescriptor clears the SE_GROUP_DEFAULTED flag.
Return value
RtlSetGroupSecurityDescriptor returns STATUS_SUCCESS if the primary group was successfully set or reset. Otherwise, it returns an appropriate NTSTATUS value such as one of the following:
| Return code | Description |
|---|---|
|
The given security descriptor is not a valid absolute security descriptor. STATUS_INVALID_SECURITY_DESCR is an error code. |
|
The given security descriptor's revision is not recognized by this routine. STATUS_UNKNOWN_REVISION is an error code. |
Remarks
To retrieve the primary group information for a security descriptor, use RtlGetGroupSecurityDescriptor.
To set the owner information for a security descriptor, use RtlSetOwnerSecurityDescriptor.
For more information about security and access control, see the Microsoft Windows SDK documentation.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Server 2003 SP1 |
| Target Platform | Universal |
| Header | ntifs.h (include Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe (kernel mode); Ntdll.dll (user mode) |
| IRQL | <= APC_LEVEL |