diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 416ffaa72..36fddb45d 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,16 @@
+2011-04-28  Corinna Vinschen  <corinna@vinschen.de>
+
+	* advapi32.cc (SetSecurityDescriptorDacl): Remove.
+	(SetSecurityDescriptorGroup): Remove.
+	(SetSecurityDescriptorOwner): Remove.
+	* pinfo.cc: Replace above functions throughout with their ntdll.dll
+	equivalent.
+	* sec_acl.cc: Ditto.
+	* sec_helper.cc: Ditto.
+	* security.cc: Ditto.
+
+	* sec_helper.cc (__sec_user): Remove old comment.
+
 2011-04-28  Corinna Vinschen  <corinna@vinschen.de>
 
 	* posix_ipc.cc (ipc_cond_timedwait): Also wait for pthread's
diff --git a/winsup/cygwin/advapi32.cc b/winsup/cygwin/advapi32.cc
index 7721ee884..e8c238055 100644
--- a/winsup/cygwin/advapi32.cc
+++ b/winsup/cygwin/advapi32.cc
@@ -75,29 +75,6 @@ MakeSelfRelativeSD (PSECURITY_DESCRIPTOR abs_sd, PSECURITY_DESCRIPTOR rel_sd,
   DEFAULT_NTSTATUS_TO_BOOL_RETURN
 }
 
-BOOL WINAPI
-SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR sd, BOOL present, PACL dacl,
-			   BOOL def)
-{
-  NTSTATUS status = RtlSetDaclSecurityDescriptor (sd, (BOOLEAN) !!present, dacl,
-						  (BOOLEAN) !!def);
-  DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
-SetSecurityDescriptorGroup (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
-{
-  NTSTATUS status = RtlSetGroupSecurityDescriptor (sd, sid, (BOOLEAN) !!def);
-  DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
-BOOL WINAPI
-SetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR sd, PSID sid, BOOL def)
-{
-  NTSTATUS status = RtlSetOwnerSecurityDescriptor (sd, sid, (BOOLEAN) !!def);
-  DEFAULT_NTSTATUS_TO_BOOL_RETURN
-}
-
 BOOL WINAPI
 OpenThreadToken (HANDLE thread, DWORD access, BOOL as_self, PHANDLE tok)
 {
diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc
index badee7074..c5309aeb1 100644
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@@ -351,10 +351,11 @@ pinfo::set_acl()
   sec_acl (acl_buf, true, true, cygheap->user.sid (),
 	   well_known_world_sid, FILE_MAP_READ);
   RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
-  if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE))
-    debug_printf ("SetSecurityDescriptorDacl %E");
+  status = RtlSetDaclSecurityDescriptor (&sd, TRUE, acl_buf, FALSE);
+  if (!NT_SUCCESS (status))
+    debug_printf ("RtlSetDaclSecurityDescriptor %p", status);
   else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd)))
-    debug_printf ("NtSetSecurityObject %lx", status);
+    debug_printf ("NtSetSecurityObject %p", status);
 }
 
 const char *
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index e7e79adcd..ef5822b73 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -73,14 +73,16 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
   /* Initialize local security descriptor. */
   SECURITY_DESCRIPTOR sd;
   RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
-  if (!SetSecurityDescriptorOwner (&sd, owner, FALSE))
+  status = RtlSetOwnerSecurityDescriptor (&sd, owner, FALSE);
+  if (!NT_SUCCESS (status))
     {
-      __seterrno ();
+      __seterrno_from_nt_status (status);
       return -1;
     }
-  if (!SetSecurityDescriptorGroup (&sd, group, FALSE))
+  status = RtlSetGroupSecurityDescriptor (&sd, group, FALSE);
+  if (!NT_SUCCESS (status))
     {
-      __seterrno ();
+      __seterrno_from_nt_status (status);
       return -1;
     }
 
@@ -201,9 +203,10 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
   acl->AclSize = acl_len;
   debug_printf ("ACL-Size: %d", acl_len);
   /* Create DACL for local security descriptor. */
-  if (!SetSecurityDescriptorDacl (&sd, TRUE, acl, FALSE))
+  status = RtlSetDaclSecurityDescriptor (&sd, TRUE, acl, FALSE);
+  if (!NT_SUCCESS (status))
     {
-      __seterrno ();
+      __seterrno_from_nt_status (status);
       return -1;
     }
   /* Make self relative security descriptor in sd_ret. */
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 6ce9ccc37..413983889 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -464,7 +464,7 @@ get_null_sd ()
   if (!null_sdp)
     {
       RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
-      SetSecurityDescriptorDacl (&sd, TRUE, NULL, FALSE);
+      RtlSetDaclSecurityDescriptor (&sd, TRUE, NULL, FALSE);
       null_sdp = &sd;
     }
   return null_sdp;
@@ -539,6 +539,7 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
   PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)
 			     ((char *) sa_buf + sizeof (*psa));
   PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));
+  NTSTATUS status;
 
 #ifdef DEBUGGING
   if ((unsigned long) sa_buf % 4)
@@ -548,19 +549,9 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
     return inherit ? &sec_none : &sec_none_nih;
 
   RtlCreateSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION);
-
-/*
- * Setting the owner lets the created security attribute not work
- * on NT4 SP3 Server. Don't know why, but the function still does
- * what it should do also if the owner isn't set.
-*/
-#if 0
-  if (!SetSecurityDescriptorOwner (psd, sid, FALSE))
-    debug_printf ("SetSecurityDescriptorOwner %E");
-#endif
-
-  if (!SetSecurityDescriptorDacl (psd, TRUE, acl, FALSE))
-    debug_printf ("SetSecurityDescriptorDacl %E");
+  status = RtlSetDaclSecurityDescriptor (psd, TRUE, acl, FALSE);
+  if (!NT_SUCCESS (status))
+    debug_printf ("RtlSetDaclSecurityDescriptor %p", status);
 
   psa->nLength = sizeof (SECURITY_ATTRIBUTES);
   psa->lpSecurityDescriptor = psd;
@@ -597,7 +588,7 @@ _everyone_sd (void *buf, ACCESS_MASK access)
 	  return NULL;
 	}
       dacl->AclSize = (char *) ace - (char *) dacl;
-      SetSecurityDescriptorDacl (psd, TRUE, dacl, FALSE);
+      RtlSetDaclSecurityDescriptor (psd, TRUE, dacl, FALSE);
     }
   return psd;
 }
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 9b808cc79..0443138d2 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -557,16 +557,18 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
   RtlSetControlSecurityDescriptor (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
 
   /* Create owner for local security descriptor. */
-  if (!SetSecurityDescriptorOwner (&sd, owner_sid, FALSE))
+  status = RtlSetOwnerSecurityDescriptor (&sd, owner_sid, FALSE);
+  if (!NT_SUCCESS (status))
     {
-      __seterrno ();
+      __seterrno_from_nt_status (status);
       return NULL;
     }
 
   /* Create group for local security descriptor. */
-  if (!SetSecurityDescriptorGroup (&sd, group_sid, FALSE))
+  status = RtlSetGroupSecurityDescriptor (&sd, group_sid, FALSE);
+  if (!NT_SUCCESS (status))
     {
-      __seterrno ();
+      __seterrno_from_nt_status (status);
       return NULL;
     }
 
@@ -828,9 +830,10 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
   debug_printf ("ACL-Size: %d", acl_len);
 
   /* Create DACL for local security descriptor. */
-  if (!SetSecurityDescriptorDacl (&sd, TRUE, acl, FALSE))
+  status = RtlSetDaclSecurityDescriptor (&sd, TRUE, acl, FALSE);
+  if (!NT_SUCCESS (status))
     {
-      __seterrno ();
+      __seterrno_from_nt_status (status);
       return NULL;
     }