PRB: AccessCheck() Returns ERROR_INVALID_SECURITY_DESCR
Article ID: 115946
Article Last Modified on 11/21/2006
APPLIES TO
- Microsoft Win32 Application Programming Interface, when used with:
- Microsoft Windows NT Advanced Server 3.1
- Microsoft Windows 2000 Standard Edition
- Microsoft Windows XP Professional
This article was previously published under Q115946
SYMPTOMS
In certain cases, the AccessCheck() API fails and GetLastError() returns
the message
ERROR_INVALID_SECURITY_DESCR
This error message indicates
that the security descriptor passed to AccessCheck() was in an invalid
format.
CAUSE
This is expected behavior for the AccessCheck() function. AccessCheck()
was designed for use by programs that create and maintain their own
security descriptors. These security descriptors would always have the
owner, DACL, and group information.
RESOLUTION
If the security descriptor is indeed valid, you can eliminate the error
by ensuring that the security descriptor has been opened for access to
the following types of security information:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
You can double check the validity of the security descriptor by calling
the IsValidSecurityDescriptor() API.
Additional query words: 3.10 3.50
Keywords: kbacl kbkernbase kbprb kbsecurity KB115946