In one of my recent questions about using CreateDesktop() API call to create a new desktop and execute my own application inside and prevent other applications to be executed in my Desktop someone pointed me to use security descriptors!
Is someone here who could tell me how to do that?
Thanks in advance!
All named objects, which includes the desktop you create, have a security descriptor. A security descriptor describes the owner and group SIDs (security identifiers) for each object, along with its ACLs (access control lists). The function that creates the object uses it to control who has what access to the object.
The CreateDesktop() function has an optional parameter which is a pointer to a SECURITY_ATTRIBUTES object. The SECURITY_ATTRIBUTES object has a member lpSecurityDescriptor, which is a pointer to a SECURITY_DESCRIPTOR structure. There are numerous functions you can call on the SECURITY_DESCRIPTOR to set the ACLs.