Knowledge

ERROR_INVALID_ACE_CONDITION - 805 (0x325)

The specified access control entry (ACE) contains an invalid condition.

Updated: Feb 21, 2026

Technical Meaning

The ERROR_INVALID_ACE_CONDITION error code indicates that a specified access control entry (ACE) contains an invalid condition. This error typically arises when the system encounters a security descriptor or related structure that includes ACEs with conditions that are not recognized or supported.

Error Details

An ACE is a component of a security descriptor, which defines the permissions for an object in Windows. Each ACE consists of a type, flags, identity reference, and access mask. Conditions within an ACE can specify additional criteria for permission evaluation, such as times of day when certain actions are allowed or denied.

Usage Context

This error is commonly encountered during operations that involve security descriptors, such as setting permissions on files, directories, or other objects in the Windows file system. It may also appear in scenarios involving advanced access control policies or custom security configurations.

Developer Interpretation

When this error occurs, it suggests that one or more ACEs within a security descriptor contain conditions that are not valid according to the current implementation of the Windows Security subsystem. Developers should ensure that all ACEs used in their applications adhere to the supported condition types and formats as defined by the Windows API.

Related Errors

  • ERROR_INVALID_SECURITY_DESCR: Indicates an invalid security descriptor overall, which may include invalid ACE conditions among other issues.
  • ERROR_ACCESS_DENIED: May be returned if a valid but restrictive ACE prevents access to an object.

FAQ

Q: What does the ERROR_INVALID_ACE_CONDITION error mean?

A: It indicates that an access control entry (ACE) within a security descriptor contains invalid conditions, preventing proper evaluation of permissions.

Q: How can I resolve this issue?

A: Review and correct any ACEs with unsupported or malformed conditions in your security descriptors. Ensure all ACEs comply with the Windows Security API specifications.

Summary

The ERROR_INVALID_ACE_CONDITION error code highlights issues within access control entries of security descriptors, indicating that certain conditions are not recognized by the system. Developers should validate and correct their use of ACEs to avoid this error.