SetNamedSecurityInfo Error code -87

Question

Hi, We have been facing this issue since Jan 2023.

Code Snippet:

LPWSTR shareName = (LPWSTR)L"//TEST/test";	
DWORD dwRes = SetNamedSecurityInfo(shareName, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL);	if (ERROR_SUCCESS != dwRes) {		
	cout << "Error while setting SACL in SetNamedSecurityInfo Error  " << dwRes << endl;		
	return -1;	
}

Here, we are passing only the shareName as a parameter and all the remaining parameters are constant.

Normally this code should function without setting any SACL permissions and without any errors.

But, this is throwing an error 87, which means "The parameter is incorrect". But the only parameter that has been passed is the shareName and if the shareName is wrong, then the function should throw an error 67 which means "The network name cannot be found".

Why error 87 is thrown in this case?

Help me fix this issue ASAP.

Answer 1

Hello,

Welcome to Microsoft Q&A!

According to the Doc: SetNamedSecurityInfoA function

If setting SACL_SECURITY_INFORMATION or SCOPE_SECURITY_INFORMATION, the caller must have the SE_SECURITY_NAME privilege enabled. If you are not setting the SACL, this parameter can be NULL.

According to your code, you set the SACL_SECURITY_INFORMATION flag, but you set the pSacl to NULL. As far as I'm concerned, it is the reason for the error. When you use the SACL_SECURITY_INFORMATION flag, you must have the SE_SECURITY_NAME privilege enabled, the pSacl should point to the SACL for the object.

Thank you.

Jeanine

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.