Setting a thread security descriptor to "block" OpenThread

Question

First argument of OpenThread is dwDesiredAccess. I've read here that this argument is checked against the security descriptor of the thread. I tried setting it with SetSecurityInfo, but when i use OpenThread, it doesn't seem to work as expected for me.

#include <AccCtrl.h>
#include <AclAPI.h>

// Create a security descriptor
   SECURITY_DESCRIPTOR sd;
   InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);

   // Create a DACL
   ACL_SIZE_INFORMATION aclSizeInfo;
   aclSizeInfo.AclBytesInUse = sizeof(ACL);
   aclSizeInfo.AclBytesFree = 0;
   aclSizeInfo.AceCount = 0;
   aclSizeInfo.AclBytesFree = 0;

   // Create an ACL
   PACL pAcl = (PACL)LocalAlloc(LPTR, aclSizeInfo.AclBytesInUse);
   InitializeAcl(pAcl, aclSizeInfo.AclBytesInUse, ACL_REVISION);

   // Add an ACE to the DACL
   EXPLICIT_ACCESS ea;
   ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
   ea.grfAccessPermissions = THREAD_ALL_ACCESS;
   ea.grfAccessMode = DENY_ACCESS;
   ea.grfInheritance = NO_INHERITANCE;
   ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
   ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
   ea.Trustee.ptstrName = (LPTSTR)WinLocalSid;

   // Add the ACE to the ACL
   SetEntriesInAcl(1, &ea, NULL, &pAcl);

   // Set the DACL in the security descriptor
   SetSecurityDescriptorDacl(&sd, TRUE, pAcl, FALSE);

   // Set the security descriptor for the thread handle
   std::cout << SetSecurityInfo(GetCurrentThread(), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pAcl, NULL) << std::endl;

   // Free the memory
   LocalFree(pAcl);

    auto handle = OpenThread(THREAD_ALL_ACCESS, 0, GetCurrentThreadId());
    std::cout << handle << std::endl; // always a valid handle