locked
Error setting file descriptor RRS feed

  • Question

  • I am calling the SetNamedSecurityInfoW function to modify the security descriptor. I am getting back error code 1299. I looked it up and it says "Indicates a particular Security ID may not be assigned as the label of an object." Not sure what that means though. Any ideas?
    Thursday, November 1, 2012 8:00 PM

All replies

  • After playing around I found out that I had the format wrong for the SACL. If I use the example one from here it works fine. I want to change it to run at a high integrity though. Anyone know the format for the SACL? 

    #define LOW_INTEGRITY_SDDL_SACL_W L"S:(ML;;NW;;;LW)"

    Friday, November 2, 2012 5:47 PM
  • So a little more info. I pulled an example from chml that was written a few years ago. 

    This works:

    #define HIGH_INTEGRITY_SDDL_SACL_W L"S:(ML;OICI;NRNX;;;ME)"

    but this does not:

    #define HIGH_INTEGRITY_SDDL_SACL_W L"S:(ML;OICI;NRNX;;;HI)"

    This leads me to believe the api call is right but there is some other setting that is preventing this. 

    Friday, November 2, 2012 8:25 PM