RtlGetGroupSecurityDescriptor - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTRTL_H
/**
* The RtlGetGroupSecurityDescriptor routine returns the primary group information for a given security descriptor.
*
* \param SecurityDescriptor Pointer to the security descriptor whose primary group information is to be returned.
* \param Group Pointer to a variable that receives a pointer to the security identifier (SID) for the primary group.
* \param GroupDefaulted Pointer to a Boolean variable that receives the value of the SE_GROUP_DEFAULTED flag.
* \return NTSTATUS Successful or errant status.
* \see https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-rtlgetgroupsecuritydescriptor
*/
NTSYSAPI
NTSTATUS
NTAPI
RtlGetGroupSecurityDescriptor(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_Outptr_result_maybenull_ PSID *Group,
_Out_ PBOOLEAN GroupDefaulted
);
View code on GitHub// ntifs.h
NTSYSAPI NTSTATUS RtlGetGroupSecurityDescriptor(
[in] PSECURITY_DESCRIPTOR SecurityDescriptor,
[out] PSID *Group,
[out] PBOOLEAN GroupDefaulted
);
View the official Windows Driver Kit DDI referenceThis function is documented in Windows Driver Kit.
The RtlGetGroupSecurityDescriptor routine returns the primary group information for a given security descriptor.
SecurityDescriptor [in]Pointer to the security descriptor whose primary group information is to be returned.
Group [out]Pointer to a variable that receives a pointer to the security identifier (SID) for the primary group. If the security descriptor does not contain a primary group, Group* receives **NULL.
GroupDefaulted [out]Pointer to a Boolean variable that receives the value of the SE_GROUP_DEFAULTED flag in the security descriptor's SECURITY_DESCRIPTOR_CONTROL structure. This value is valid only if Group* receives a non-NULL** value.
RtlGetGroupSecurityDescriptor returns STATUS_SUCCESS or an appropriate NTSTATUS value such as the following:
| Return code | Description |
|---|---|
| STATUS_UNKNOWN_REVISION | The security descriptor's revision level is not known or is not supported. This is an error code. |
If the security descriptor pointed to by SecurityDescriptor contains a primary group, RtlGetGroupSecurityDescriptor sets the pointer pointed to by Group to the address of the security descriptor's group SID and sets the variable pointed to by GroupDefaulted to a valid value.
If the security descriptor pointed to by SecurityDescriptor does not contain a primary group, RtlGetGroupSecurityDescriptor sets the pointer pointed to by Group to NULL and ignores the remaining output parameter, GroupDefaulted.
To set the primary group information for a security descriptor, use RtlSetGroupSecurityDescriptor.
To retrieve the owner information for a security descriptor, use RtlGetOwnerSecurityDescriptor.
For more information about security and access control, see the Microsoft Windows SDK documentation.