I am creating a Security Descriptor for creating a mutex with CreateMutex(). It turns out that you cannot use the default descriptor that comes with the default discretionary access control list (DACL) when the creating process is within a service and the accessing process is from the user.

I do not want to use the NULL DACL because that has no security and is never recommended. What I would like to be able to do is create or use the DACL in a way that allows only specified processes access. Is that possible?

Is it possible for a DACL to have one access control entry that allows a specific process? Maybe using some sort of process ID or a constant?