3.1.5.12.1 SamrSetSecurityObject (Opnum 2)

  • [アーティクル]

The SamrSetSecurityObject method sets the access control on a server, domain, user, group, or alias object.

 long SamrSetSecurityObject(
   [in] SAMPR_HANDLE ObjectHandle,
   [in] SECURITY_INFORMATION SecurityInformation,
   [in] PSAMPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor
 );

ObjectHandle: An RPC context handle, as specified in section 2.2.7.2, representing a server, domain, user, group, or alias object.

SecurityInformation: A bit field that indicates the fields of SecurityDescriptor that are requested to be set.

The SECURITY_INFORMATION type is defined in [MS-DTYP] section 2.4.7. The following bits are valid; all other bits MUST be zero when sent and ignored on receipt. If none of the bits below are present, the server MUST return STATUS_INVALID_PARAMETER.

Value

Meaning

OWNER_SECURITY_INFORMATION

0x00000001

Refers to the Owner member of the security descriptor.

GROUP_SECURITY_INFORMATION

0x00000002

Refers to the Group member of the security descriptor.

DACL_SECURITY_INFORMATION

0x00000004

Refers to the DACL of the security descriptor.

SACL_SECURITY_INFORMATION

0x00000008

Refers to the system access control list (SACL) of the security descriptor.

SecurityDescriptor: A security descriptor expressing access that is specific to the ObjectHandle.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

Message processing for this method is specified in the following two sections.