PRB: AccessCheck() Returns ERROR_INVALID_SECURITY_DESCR (115946)
The information in this article applies to:
- Microsoft Win32 Application Programming Interface (API), when used with:
- the operating system: Microsoft Windows NT 3.1
- the operating system: Microsoft Windows NT 3.5
- the operating system: Microsoft Windows 2000
- the operating system: Microsoft Windows XP
This article was previously published under Q115946 SYMPTOMS
In certain cases, the AccessCheck() API fails and GetLastError() returns
the message
ERROR_INVALID_SECURITY_DESCR
This error message indicates
that the security descriptor passed to AccessCheck() was in an invalid
format.
CAUSE
This is expected behavior for the AccessCheck() function. AccessCheck()
was designed for use by programs that create and maintain their own
security descriptors. These security descriptors would always have the
owner, DACL, and group information.
RESOLUTION
If the security descriptor is indeed valid, you can eliminate the error
by ensuring that the security descriptor has been opened for access to
the following types of security information:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
You can double check the validity of the security descriptor by calling
the IsValidSecurityDescriptor() API.
| Modification Type: | Major | Last Reviewed: | 3/16/2004 |
|---|
| Keywords: | kbACL kbKernBase kbprb kbSecurity KB115946 |
|---|
|