3.2.5.4.5 SchRpcSetSecurity (Opnum 4)

The SchRpcSetSecurity method MUST set a security descriptor on a task or folder.

 HRESULT SchRpcSetSecurity(
   [in, string] const wchar_t* path,
   [in, string] const wchar_t* sddl,
   [in] DWORD flags
 );

path: MUST contain the full path associated with a task or folder in the format specified in section 2.3.11).

sddl: MUST be a security descriptor in SDDL format as specified in [MS-DTYP].

flags: The flags field MUST contain individual bit flags that MUST have one or more of the following values:

0	1	2	3	4	5	6	7	8	9	1 0	1	2	3	4	5	6	7	8	9	2 0	1	2	3	4	5	6	7	8	9	3 0	1
0	F T	F F	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	D A	0	0	0	0

Value	Description
DA TASK_DONT_ADD_PRINCIPAL_ACE	If set to 1, the server MUST NOT add the 'Allow' ACE for the task principal to the security descriptor.
FF SCH_FLAG_FOLDER	If set to 1, the server MUST apply the security descriptor to folders.
FT SCH_FLAG_TASK	If set to 1, the server MUST apply the security descriptor to tasks.

Value

Description

TASK_DONT_ADD_PRINCIPAL_ACE

If set to 1, the server MUST NOT add the 'Allow' ACE for the task principal to the security descriptor.

SCH_FLAG_FOLDER

If set to 1, the server MUST apply the security descriptor to folders.

SCH_FLAG_TASK

If set to 1, the server MUST apply the security descriptor to tasks.

Return Values: For more information on return codes, see section 2.3.14, or Win32 Error Codes in [MS-ERREF] section 2.1.

Upon receipt of the SchRpcSetSecurity call, the server MUST:

Return E_INVALIDARG if any bits other than SCH_FLAG_TASK, SCH_FLAG_FOLDER, or TASK_DONT_ADD_PRINCIPAL_ACE are set in the flags parameter.
Return 0x8007007B, the HRESULT form of the Win32 error ERROR_INVALID_NAME, if the specified path is not in the format specified in section 2.3.11.
Return the value 0x80070003, the HRESULT form of the Win32 error ERROR_PATH_NOT_FOUND, if the specified path does not exist on the server in the XML task store.
Return the value 0x80070003, the HRESULT form of the Win32 error ERROR_PATH_NOT_FOUND, if the task specified in path does not exist on the server in the XML task store.
Return E_ACCESSDENIED if caller does not have write access to the task or folder specified in the path parameter.
Return E_INVALIDARG if the SDDL parameter is null.

Note When passing NULL as a value for parameters, behavior can change based on the RPC Runtime Check. See RPC Runtime Check Notes (section 3.3).
Set the security descriptor of the task or folder specified in the path parameter in the task store according to the sddl parameter.
Return S_OK.

Additional resources