The methods Task.GetSecurityDescriptorSddlForm and Task.SetSecurityDescriptorSddlForm accept a parameter of type AccessControlSections. The value of this parameter is passed to [IRegisteredTask::GetSecurityDescriptor](http://msdn.microsoft.com/en-us/library/windows/desktop/aa380760(v=vs.85).aspx) and [IRegisteredTask::SetSecurityDescriptor](http://msdn.microsoft.com/en-us/library/windows/desktop/aa380769(v=vs.85).aspx) respectively. This results in incorrect behavior.
[IRegisteredTask::GetSecurityDescriptor](http://msdn.microsoft.com/en-us/library/windows/desktop/aa380760(v=vs.85).aspx) expects a [SECURITY_INFORMATION](http://msdn.microsoft.com/en-us/library/windows/desktop/aa379573(v=vs.85).aspx) data type which does not align with [AccessControlSections](http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.accesscontrolsections(v=vs.110).aspx). For example, passing AccessControlSettings.Audit to this method results in the Owner part being returned.
The documentation for [IRegisteredTask::SetSecurityDescriptor](http://msdn.microsoft.com/en-us/library/windows/desktop/aa380769(v=vs.85).aspx) indicates that the TASK_DONT_ADD_PRINCIPAL_ACE flag from the [TASK_CREATION](http://msdn.microsoft.com/en-us/library/windows/desktop/aa382538(v=vs.85).aspx) enumeration can be specified for the second parameter.
Comments: ** Comment from web user: dahall **
[IRegisteredTask::GetSecurityDescriptor](http://msdn.microsoft.com/en-us/library/windows/desktop/aa380760(v=vs.85).aspx) expects a [SECURITY_INFORMATION](http://msdn.microsoft.com/en-us/library/windows/desktop/aa379573(v=vs.85).aspx) data type which does not align with [AccessControlSections](http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.accesscontrolsections(v=vs.110).aspx). For example, passing AccessControlSettings.Audit to this method results in the Owner part being returned.
The documentation for [IRegisteredTask::SetSecurityDescriptor](http://msdn.microsoft.com/en-us/library/windows/desktop/aa380769(v=vs.85).aspx) indicates that the TASK_DONT_ADD_PRINCIPAL_ACE flag from the [TASK_CREATION](http://msdn.microsoft.com/en-us/library/windows/desktop/aa382538(v=vs.85).aspx) enumeration can be specified for the second parameter.
Comments: ** Comment from web user: dahall **
I am considering the removal of all security related methods and properties and then adding a SetAccessControl and GetAccessControl method consistent with other secured objects (files, wait handles, etc.) using a new class to manage the security descriptor. What do you think?