The Windows security model enables you to control access to event, mutex, semaphore, and waitable timer objects. Timer queues, interlocked variables, and critical section objects are not securable. For more information, see Access-Control Model.
The valid access rights for the interprocess synchronization objects include the standard access rights and some object-specific access rights. The following table lists the standard access rights used by all objects.
Value
Meaning
DELETE (0x00010000L)
Required to delete the object.
READ_CONTROL (0x00020000L)
Required to read information in the security descriptor for the object, not including the information in the SACL. To read or write the SACL, you must request the ACCESS_SYSTEM_SECURITY access right. For more information, see SACL Access Right.
SYNCHRONIZE (0x00100000L)
The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state.
WRITE_DAC (0x00040000L)
Required to modify the DACL in the security descriptor for the object.
WRITE_OWNER (0x00080000L)
Required to change the owner in the security descriptor for the object.
The following table lists the object-specific access rights for event objects. These rights are supported in addition to the standard access rights.
Value
Meaning
EVENT_ALL_ACCESS (0x1F0003)
All possible access rights for an event object. Use this right only if your application requires access beyond that granted by the standard access rights and EVENT_MODIFY_STATE. Using this access right increases the possibility that your application must be run by an Administrator.
The following table lists the object-specific access rights for mutex objects. These rights are supported in addition to the standard access rights.
Value
Meaning
MUTEX_ALL_ACCESS (0x1F0001)
All possible access rights for a mutex object. Use this right only if your application requires access beyond that granted by the standard access rights. Using this access right increases the possibility that your application must be run by an Administrator.
MUTEX_MODIFY_STATE (0x0001)
Reserved for future use.
The following table lists the object-specific access rights for semaphore objects. These rights are supported in addition to the standard access rights.
Value
Meaning
SEMAPHORE_ALL_ACCESS (0x1F0003)
All possible access rights for a semaphore object. Use this right only if your application requires access beyond that granted by the standard access rights and SEMAPHORE_MODIFY_STATE. Using this access right increases the possibility that your application must be run by an Administrator.
SEMAPHORE_MODIFY_STATE (0x0002)
Modify state access, which is required for the ReleaseSemaphore function.
The following table lists the object-specific access rights for waitable timer objects. These rights are supported in addition to the standard access rights.
Value
Meaning
TIMER_ALL_ACCESS (0x1F0003)
All possible access rights for a waitable timer object. Use this right only if your application requires access beyond that granted by the standard access rights and TIMER_MODIFY_STATE. Using this access right increases the possibility that your application must be run by an Administrator.
To read or write the SACL of an interprocess synchronization object, you must request the ACCESS_SYSTEM_SECURITY access right. For more information, see Access-Control Lists (ACLs) and SACL Access Right.
As an Information Security Administrator, you plan and implement information security of sensitive data by using Microsoft Purview and related services. You’re responsible for mitigating risks by protecting data inside collaboration environments that are managed by Microsoft 365 from internal and external threats and protecting data used by AI services. You also implement information protection, data loss prevention, retention, insider risk management, and manage information security alerts and activities.