RtlSetGroupSecurityDescriptor - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTRTL_H
/**
* The RtlSetGroupSecurityDescriptor routine sets the primary group information of an absolute-format security descriptor. It replaces any primary group information that is already present in the security descriptor.
*
* \param SecurityDescriptor Pointer to the SECURITY_DESCRIPTOR structure whose primary group is to be set. RtlSetGroupSecurityDescriptor replaces any existing primary group with the new primary group.
* \param Group Pointer to a security identifier (SID) structure for the security descriptor's new primary owner.
* \li \c This pointer, not the SID structure itself, is copied into the security descriptor.
* \li \c If Group is NULL, RtlSetGroupSecurityDescriptor clears the security descriptor's primary group information. This marks the security descriptor as having no primary group.
* \param GroupDefaulted Set this Boolean variable to TRUE if the primary group information is derived from a default mechanism.
* \li \c If this parameter is TRUE, RtlSetGroupSecurityDescriptor sets the SE_GROUP_DEFAULTED flag in the security descriptor's SECURITY_DESCRIPTOR_CONTROL field.
* \li \c If this parameter is FALSE, RtlSetGroupSecurityDescriptor clears the SE_GROUP_DEFAULTED flag.
* \return NTSTATUS Successful or errant status.
* \see https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-rtlsetgroupsecuritydescriptor
*/
NTSYSAPI
NTSTATUS
NTAPI
RtlSetGroupSecurityDescriptor(
_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_opt_ PSID Group,
_In_ BOOLEAN GroupDefaulted
);
View code on GitHub// ntifs.h
NTSYSAPI NTSTATUS RtlSetGroupSecurityDescriptor(
[in, out] PSECURITY_DESCRIPTOR SecurityDescriptor,
[in, optional] PSID Group,
[in, optional] BOOLEAN GroupDefaulted
);
View the official Windows Driver Kit DDI referenceThis function is documented in Windows Driver Kit.
The RtlSetGroupSecurityDescriptor routine sets the primary group information of an absolute-format security descriptor. It replaces any primary group information that is already present in the security descriptor.
SecurityDescriptor [in, out]Pointer to the SECURITY_DESCRIPTOR structure whose primary group is to be set. RtlSetGroupSecurityDescriptor replaces any existing primary group with the new primary group.
Group [in, optional]Pointer to a security identifier (SID) structure for the security descriptor's new primary owner. This pointer, not the SID structure itself, is copied into the security descriptor. If Group is NULL, RtlSetGroupSecurityDescriptor clears the security descriptor's primary group information. This marks the security descriptor as having no primary group.
GroupDefaulted [in, optional]Set this Boolean variable to TRUE if the primary group information is derived from a default mechanism. If this parameter is TRUE, RtlSetGroupSecurityDescriptor sets the SE_GROUP_DEFAULTED flag in the security descriptor's SECURITY_DESCRIPTOR_CONTROL field. If this parameter is FALSE, RtlSetGroupSecurityDescriptor clears the SE_GROUP_DEFAULTED flag.
RtlSetGroupSecurityDescriptor returns STATUS_SUCCESS if the primary group was successfully set or reset. Otherwise, it returns an appropriate NTSTATUS value such as one of the following:
| Return code | Description |
|---|---|
| STATUS_INVALID_SECURITY_DESCR | The given security descriptor is not a valid absolute security descriptor. STATUS_INVALID_SECURITY_DESCR is an error code. |
| STATUS_UNKNOWN_REVISION | The given security descriptor's revision is not recognized by this routine. STATUS_UNKNOWN_REVISION is an error code. |
To retrieve the primary group information for a security descriptor, use RtlGetGroupSecurityDescriptor.
To set the owner information for a security descriptor, use RtlSetOwnerSecurityDescriptor.
For more information about security and access control, see the Microsoft Windows SDK documentation.