RtlCreateSecurityDescriptor

The RtlCreateSecurityDescriptor routine initializes a new absolute-format security descriptor. On return, the security descriptor is initialized with no system ACL, no discretionary ACL, no owner, no primary group, and all control flags set to zero.

NTSTATUS 
  RtlCreateSecurityDescriptor(
    IN OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
    IN ULONG  Revision
    );

Parameters

SecurityDescriptor

Pointer to the buffer for the SECURITY_DESCRIPTOR to be initialized.

Revision

Specifies the revision level to assign to the security descriptor.

Return Value

RtlCreateSecurityDescriptor can return one of the following.

STATUS_SUCCESS

The call completed successfully.

STATUS_UNKNOWN_REVISION

The given Revision is not supported.

Headers

Declared in ntddk.h. Include ntddk.h.

Comments

In effect, a successful call to this routine initializes a security descriptor without security constraints.

Callers of RtlCreateSecurityDescriptor must be running at IRQL = PASSIVE_LEVEL.

See Also

RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlValidSecurityDescriptor, SECURITY_DESCRIPTOR