NTSTATUS
RtlSetSaclSecurityDescriptor(
  IN  PSECURITY_DESCRIPTOR SecurityDescriptor,
  IN  BOOLEAN SaclPresent,
  IN  PACL Sacl OPTIONAL,
  IN  BOOLEAN SaclDefaulted OPTIONAL
  );

Routine Description:

    This procedure sets the system ACL information of an absolute security
    descriptor.  If there is already a system ACL present in the
    security descriptor, it is superseded.

Arguments:

    SecurityDescriptor - Supplies the security descriptor to be which
        the system ACL is to be added.

    SaclPresent - If FALSE, indicates the SaclPresent flag in the
        security descriptor should be set to FALSE.  In this case,
        the remaining optional parameters are ignored.  Otherwise,
        the SaclPresent control flag in the security descriptor is
        set to TRUE and the remaining optional parameters are not
        ignored.

    Sacl - Supplies the system ACL for the security descriptor.  If
        this optional parameter is not passed, then a null ACL is
        assigned to the security descriptor.  The ACL is referenced
        by, not copied into, by the security descriptor.

    SaclDefaulted - When set, indicates the system ACL was picked up
        from some default mechanism (rather than explicitly specified
        by a user).  This value is set in the SaclDefaulted control
        flag in the security descriptor.  If this optional parameter
        is not passed, then the SaclDefaulted flag will be cleared.

Return Value:

    STATUS_SUCCESS - Indicates the call completed successfully.

    STATUS_UNKNOWN_REVISION - Indicates the revision of the security
        descriptor is not known to the routine.  It may be a newer
        revision than the routine knows about.

    STATUS_INVALID_SECURITY_DESCR - Indicates the security descriptor
        is not an absolute format security descriptor.