2.2.30.2 __SystemSecurity::SetSD
The SetSD method changes the security descriptor in the NamespaceConnection of the namespace. If there is a parent namespace, server MUST add access control entries of the parent to the security descriptor using the following rules.
If the Discretionary Access Control List of the parent security descriptor is not protected, meaning that if the SE_DACL_PROTECTED bit is not set in the parent security descriptor, then execute the following algorithm using the DACL of the parent and child security descriptors.
If the System Access Control List of the parent security descriptor is not protected, meaning that if the SE_SACL_PROTECTED bit is not set in the parent security descriptor, then execute the following algorithm using the SACL of the parent and child security descriptors.
For each Access Control Entry of parent ACL, if CONTAINER_INHERIT_ACE bit is not set, then ignore this ACE.
Otherwise, append the parent ACE to the ACL in the child security descriptor. If NO_PROPAGATE_INHERIT_ACE bit is set in the parent ACE, server MUST clear the CONTAINER_INHERIT_ACE bit from the appended ACE.
If INHERIT_ONLY_ACE bit is set in the parent ACE, server MUST clear this bit from the appended ACE.
This method is called using IWbemServices interface as described in section 3.2.4.2.5.
-
void SetSD ( [out] Uint32 sd );
sd: Exchanges a byte array containing a self-relative SECURITY_DESCRIPTOR structure, as defined in [MS-DTYP] (section 2.4.6).
-
A return value of 0 indicates success. Any nonzero value indicates failure.<9>