Microsoft KB Archive/115946

{|
 * width="100%"|

PRB: AccessCheck Returns ERROR_INVALID_SECURITY_DESCR

 * }

Q115946

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), used with:
 * the operating system: Microsoft Windows NT, versions 3.1, 3.5
 * the operating system: Microsoft Windows 2000

-

SYMPTOMS
In certain cases, the AccessCheck API fails and GetLastError returns the message

ERROR_INVALID_SECURITY_DESCR

This error message indicates that the security descriptor passed to AccessCheck was in an invalid format.

CAUSE
This is expected behavior for the AccessCheck function. AccessCheck was designed for use by programs that create and maintain their own security descriptors. These security descriptors would always have the owner, DACL, and group information.

RESOLUTION
If the security descriptor is indeed valid, you can eliminate the error by ensuring that the security descriptor has been opened for access to the following types of security information:

OWNER_SECURITY_INFORMATION

GROUP_SECURITY_INFORMATION

DACL_SECURITY_INFORMATION You can double check the validity of the security descriptor by calling the IsValidSecurityDescriptor API.

Additional query words: 3.10 3.50

Keywords : kbAccCtrl kbKernBase kbOSWin2000 kbSecurity kbDSupport kbGrpDSKernBase

Issue type : kbprb

Technology : kbAudDeveloper kbWin32sSearch kbWin32API