Directory Services

IADsSecurityUtility::SetSecurityDescriptor

The SetSecurityDescriptor method is used to set the security descriptor on a specified file, file share, or registry key object.

HRESULT SetSecurityDescriptor( 
  VARIANT varPath,
  LONG lPathFormat,
  VARIANT VarData,
  LONG lDataFormat
);

Parameters

varPath
[in] The resource path. Three syntax types are supported for varPath.
Value Meaning
File A valid file path syntax. For example: "c:\specs\public\adxml.doc", "\\adsi\public\dsclient.exe".
File share A valid file path syntax for a file share. For example: "\\adsi\public".
Registry key A valid registry syntax. For example, "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs" or "HKLMSOFTWARE\Microsoft\ADs".
lPathFormat
[in] Format of varPath. Three syntax types are supported, as defined in ADS_PATHTYPE_ENUM: ADS_PATH_FILE, ADS_PATH_FILESHARE, and ADS_PATH_REGISTRY.
VarData
[in] A security descriptor with the format described in lDataFormat.
lDataFormat
[in] Format of VarData. All possible constants are defined in ADS_SD_FORMAT_ENUM.

Return Values

This method returns the standard return values, as well as the following.

For more information, see ADSI Error Codes.

Return Code Description
S_OK The ACE was added successfully.

Example Code [Visual Basic]

The following code example shows how to set a security descriptor for a file.

Dim dacl as IADsAccessControlList
Dim sd as IADsSecurityDescriptor
Dim newAce as New IADsAccessControlEntry
Dim sdUtil as New ADsSecurityUtility

Set sd = sdUtil.GetSecurityDescriptor("c:\specs\adsixml.doc", ADS_PATH_FILE, ADS_SD_FORMAT_IID )
Set dacl = secDesc.DiscretionaryAcl
 
' Add a new ace for Jeff Smith. 
newAce.Trustee = "Fabrikam\jeffsmith" 
newAce.AccessMask = ADS_RIGHT_GENERIC_READ Or ADS_RIGHT_GENERIC_EXECUTE 

newAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED 

dacl.AddAce newAce 
sd.DiscretionaryAcl = dacl 
sdUtil.SetSecurityDescriptor "c:\specs\adsixml.doc", ADS_PATH_FILE, sd, ADS_SD_FORMAT_IID

Cleanup:
	If (Err.Number<>0) Then
		MsgBox("An error has occurred. " & Err.Number)
	End If
	Set dacl = Nothing
	Set sd = Nothing
	Set newAce = Nothing
	Set sdUtil = Nothing

Requirements

Client: Included in Windows XP.
Server: Included in Windows Server 2003.
Header: Declared in Iads.h.

See Also

ADS_PATHTYPE_ENUM, ADS_SD_FORMAT_ENUM, IADsSecurityDescriptor, IADsSecurityUtility, ConvertSecurityDescriptor