Sometimes the service must create kernel objects that can be accessed by process running under different user accounts. To allow the object to be shared in this way, the service must create an object using a security descriptor that explicitly authorizes user object access. Alternatively, the security descriptor can grant access to the entire user group. The sample code in this article is very specific because it grants the accessibility of the mutual exclusion user group. This code uses a large number of secure APIs to construct the safety descriptor of the mutex. For a full documentation about these security functions, see the "Access Control" section of the Platform SDK document in MSDN Library:
http://msdn.microsoft.com/library/en-us/security/hh/winbase/accctrl_2hf0.asp
(http://msdn.microsoft.com/library/en-us/security/hh/winbase/accctrl_2hf0.asp)
You must fully understand these calls (normally include access control technology) to adapt to other users, groups, and kernel objects.
Sample code