次の方法で共有 RSetServiceObjectSecurity (Opnum 5)

The RSetServiceObjectSecurity method sets the SECURITY_DESCRIPTOR structure associated with a service object.

 DWORD RSetServiceObjectSecurity(
   [in] SC_RPC_HANDLE hService,
   [in] SECURITY_INFORMATION dwSecurityInformation,
   [in, size_is(cbBufSize)] LPBYTE lpSecurityDescriptor,
   [in] DWORD cbBufSize

hService: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to a service record or to the SCM database that MUST have been created previously using one of the open methods specified in section 3.1.4.

dwSecurityInformation: A SECURITY_INFORMATION (section 2.2.1) type definition that specifies the security information being set.

lpSecurityDescriptor: A pointer to a buffer of bytes that contains the new security information.

cbBufSize: Size, in bytes, of the buffer pointed to by the lpSecurityDescriptor parameter.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success; otherwise, it returns one of the following error codes.

Return value/code




The required access rights had not been granted to the caller when the RPC context handle was created.



The handle is no longer valid.



A parameter that was specified is invalid.



The RDeleteService method has been called with an RPC context handle identifying the same service record as the hService parameter for this call.

The client MAY provide a combination of one or more SECURITY_INFORMATION bit flags for dwSecurityInformation.

If SACL_SECURITY_INFORMATION is specified via dwSecurityInformation, then an ACCESS_SYSTEM_SECURITY right MUSThave been granted to the caller when hService was created. (See WD in ACCESS_MASK in [MS-DTYP] 2.4.3.

If LABEL_SECURITY_INFORMATION or OWNER_SECURITY_INFORMATION or GROUP_SECURITY_INFORMATION is specified via dwSecurityInformation, then a WRITE_OWNER right MUST have been granted to the caller when hService was created. (See WO in ACCESS_MASK in [MS-DTYP] 2.4.3.)

If DACL_SECURITY_INFORMATION is specified via dwSecurityInformation, then a WRITE_DAC right MUST have been granted to the caller when hService was created. (See WD in ACCESS_MASK in [MS-DTYP] 2.4.3.)

In response to this request from the client, for a successful operation the server MUST apply the information from the SECURITY_DESCRIPTOR structure specified in the lpSecurityDescriptor parameter to the SecurityDescriptor associated with the SCM or the service record identified by the hService parameter of the request.