NTSTATUS RtlNewInstanceSecurityObject( IN BOOLEAN ParentDescriptorChanged, IN BOOLEAN CreatorDescriptorChanged, IN PLUID OldClientTokenModifiedId, OUT PLUID NewClientTokenModifiedId, IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL, IN PSECURITY_DESCRIPTOR CreatorDescriptor OPTIONAL, OUT PSECURITY_DESCRIPTOR * NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping ); Routine Description: If the return status is STATUS_SUCCESS and the NewSecurity return value is NULL, then the security desscriptor of the original instance of the object is valid for this instance as well. Arguments: ParentDescriptorChanged - Supplies a flag indicating whether the parent security descriptor has changed since the last time this set of parameters was used. CreatorDescriptorChanged - Supplies a flag indicating whether the creator security descriptor has changed since the last time this set of parameters was used. OldClientTokenModifiedId - Supplies the ModifiedId from the passed token that was in effect when this call was last made with these parameters. If the current ModifiedId is different from the one passed in here, the security descriptor must be rebuilt. NewClientTokenModifiedId - Returns the current ModifiedId from the passed token. ParentDescriptor - Supplies the Security Descriptor for the parent directory under which a new object is being created. If there is no parent directory, then this argument is specified as NULL. CreatorDescriptor - (Optionally) Points to a security descriptor presented by the creator of the object. If the creator of the object did not explicitly pass security information for the new object, then a null pointer should be passed. NewDescriptor - Points to a pointer that is to be made to point to the newly allocated self-relative security descriptor. IsDirectoryObject - Specifies if the new object is going to be a directory object. A value of TRUE indicates the object is a container of other objects. Token - Supplies the token for the client on whose behalf the object is being created. If it is an impersonation token, then it must be at SecurityIdentification level or higher. If it is not an impersonation token, the operation proceeds normally. A client token is used to retrieve default security information for the new object, such as default owner, primary group, and discretionary access control. The token must be open for TOKEN_QUERY access. GenericMapping - Supplies a pointer to a generic mapping array denoting the mapping between each generic right to specific rights. Return Value: return-value - Description of conditions needed to return value. - or - None.