| Directory Services |
The SetSecurityDescriptor method is used to set the security descriptor on a specified file, file share, or registry key object.
HRESULT SetSecurityDescriptor( VARIANT varPath, LONG lPathFormat, VARIANT VarData, LONG lDataFormat );
| Value | Meaning |
|---|---|
| File | A valid file path syntax. For example: "c:\specs\public\adxml.doc", "\\adsi\public\dsclient.exe". |
| File share | A valid file path syntax for a file share. For example: "\\adsi\public". |
| Registry key | A valid registry syntax. For example, "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs" or "HKLMSOFTWARE\Microsoft\ADs". |
This method returns the standard return values, as well as the following.
For more information, see ADSI Error Codes.
| Return Code | Description |
|---|---|
| S_OK | The ACE was added successfully. |
The following code example shows how to set a security descriptor for a file.
Dim dacl as IADsAccessControlList
Dim sd as IADsSecurityDescriptor
Dim newAce as New IADsAccessControlEntry
Dim sdUtil as New ADsSecurityUtility
Set sd = sdUtil.GetSecurityDescriptor("c:\specs\adsixml.doc", ADS_PATH_FILE, ADS_SD_FORMAT_IID )
Set dacl = secDesc.DiscretionaryAcl
' Add a new ace for Jeff Smith.
newAce.Trustee = "Fabrikam\jeffsmith"
newAce.AccessMask = ADS_RIGHT_GENERIC_READ Or ADS_RIGHT_GENERIC_EXECUTE
newAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED
dacl.AddAce newAce
sd.DiscretionaryAcl = dacl
sdUtil.SetSecurityDescriptor "c:\specs\adsixml.doc", ADS_PATH_FILE, sd, ADS_SD_FORMAT_IID
Cleanup:
If (Err.Number<>0) Then
MsgBox("An error has occurred. " & Err.Number)
End If
Set dacl = Nothing
Set sd = Nothing
Set newAce = Nothing
Set sdUtil = Nothing
Client: Included in Windows XP.
Server: Included in Windows Server 2003.
Header: Declared in Iads.h.
ADS_PATHTYPE_ENUM, ADS_SD_FORMAT_ENUM, IADsSecurityDescriptor, IADsSecurityUtility, ConvertSecurityDescriptor