3.2.5.4.5 SchRpcSetSecurity (Opnum 4)

The SchRpcSetSecurity method MUST set a security descriptor on a task or folder.

 HRESULT SchRpcSetSecurity(
   [in, string] const wchar_t* path,
   [in, string] const wchar_t* sddl,
   [in] DWORD flags
 );

path: MUST contain the full path associated with a task or folder in the format specified in section 2.3.11).

sddl: MUST be a security descriptor in SDDL format as specified in [MS-DTYP].

flags: The flags field MUST contain individual bit flags that MUST have one or more of the following values:


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

0

F T

F
F

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

D A

0

0

0

0

Value

Description

DA

TASK_DONT_ADD_PRINCIPAL_ACE

If set to 1, the server MUST NOT add the 'Allow' ACE for the task principal to the security descriptor.

FF

SCH_FLAG_FOLDER

If set to 1, the server MUST apply the security descriptor to folders.

FT

SCH_FLAG_TASK

If set to 1, the server MUST apply the security descriptor to tasks.

Return Values: For more information on return codes, see section 2.3.14, or Win32 Error Codes in [MS-ERREF] section 2.1.

Upon receipt of the SchRpcSetSecurity call, the server MUST:

  • Return E_INVALIDARG if any bits other than SCH_FLAG_TASK, SCH_FLAG_FOLDER, or TASK_DONT_ADD_PRINCIPAL_ACE are set in the flags parameter.

  • Return 0x8007007B, the HRESULT form of the Win32 error ERROR_INVALID_NAME, if the specified path is not in the format specified in section 2.3.11.

  • Return the value 0x80070003, the HRESULT form of the Win32 error ERROR_PATH_NOT_FOUND, if the specified path does not exist on the server in the XML task store.

  • Return the value 0x80070003, the HRESULT form of the Win32 error ERROR_PATH_NOT_FOUND, if the task specified in path does not exist on the server in the XML task store.

  • Return E_ACCESSDENIED if caller does not have write access to the task or folder specified in the path parameter.

  • Return E_INVALIDARG if the SDDL parameter is null.

    Note When passing NULL as a value for parameters, behavior can change based on the RPC Runtime Check. See RPC Runtime Check Notes (section 3.3).

  • Set the security descriptor of the task or folder specified in the path parameter in the task store according to the sddl parameter.

  • Return S_OK.