IADsSecurityUtility interface

The IADsSecurityUtility interface is used to get, set, or retrieve the security descriptor on a file, fileshare, or registry key. You can also use it to convert the security descriptor to or from raw or hexadecimal mode and you can limit the scope of the security descriptor data retrieved or set by indicating whether you want it for the owner, group, DACL, or SACL.

Methods

The IADsSecurityUtility interface has these methods.

Method Description
IADsSecurityUtility::ConvertSecurityDescriptor Converts a security descriptor from one format to another.
IADsSecurityUtility::get_SecurityMask Determines which elements of the security descriptor to retrieve or set.
IADsSecurityUtility::GetSecurityDescriptor Retrieves a security descriptor for the specified file, fileshare, or registry key.
IADsSecurityUtility::put_SecurityMask Determines which elements of the security descriptor to retrieve or set.
IADsSecurityUtility::SetSecurityDescriptor Sets the security descriptor for the specified file, file share, or registry key.

Remarks

To read the system access-control list (SACL) of a file or directory, the SE_SECURITY_NAME privilege must be enabled for the calling process. For more information about retrieving the SACL for an object, see Retrieving an Object's SACL.

For more information and a code example that shows how to use the IADsSecurityUtility interface to add an ACE to a file, see Example Code for Adding an ACE to a File.

Requirements

   
Minimum supported client Windows Vista
Minimum supported server Windows Server 2008
Target Platform Windows
Header iads.h

See Also

ADS_PATHTYPE_ENUM

ADS_SD_FORMAT_ENUM

Example Code for Adding an ACE to a File

IADsAccessControlEntry

IADsSecurityDescriptor

IAccessControlList

IDispatch

Security Descriptors on Files and Registry Keys

Security Interfaces