diff --git a/PInvoke/Security/AdvApi32/Sddl.cs b/PInvoke/Security/AdvApi32/Sddl.cs
index 47632bb2..c609214c 100644
--- a/PInvoke/Security/AdvApi32/Sddl.cs
+++ b/PInvoke/Security/AdvApi32/Sddl.cs
@@ -132,8 +132,13 @@ namespace Vanara.PInvoke
 		// SECURITY_INFORMATION SecurityInformation, LPSTR *StringSecurityDescriptor, PULONG StringSecurityDescriptorLen );
 		[PInvokeData("sddl.h", MSDNShortId = "36140833-8e30-4c32-a88a-c10751b6c223")]
 		[return: MarshalAs(UnmanagedType.Bool)]
-		public static string ConvertSecurityDescriptorToStringSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, SECURITY_INFORMATION SecurityInformation) =>
-			ConvertSecurityDescriptorToStringSecurityDescriptor(SecurityDescriptor, SDDL_REVISION.SDDL_REVISION_1, SecurityInformation, out var sd, out var sz) ? sd.ToString(-1) : throw new Win32Exception();
+		public static string ConvertSecurityDescriptorToStringSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, SECURITY_INFORMATION SecurityInformation)
+		{
+			if (!ConvertSecurityDescriptorToStringSecurityDescriptor(SecurityDescriptor, SDDL_REVISION.SDDL_REVISION_1, SecurityInformation, out var sd, out _))
+				throw new Win32Exception();
+			using (sd)
+				return sd.ToString(-1);
+		}
 
 		/// <summary>
 		/// The ConvertSidToStringSid function converts a security identifier (SID) to a string format suitable for display, storage, or transmission.
@@ -155,7 +160,13 @@ namespace Vanara.PInvoke
 		/// <param name="Sid">The SID structure to be converted.</param>
 		/// <returns>A null-terminated SID string.</returns>
 		[PInvokeData("sddl.h", MSDNShortId = "aa376399")]
-		public static string ConvertSidToStringSid(PSID Sid) => ConvertSidToStringSid(Sid, out var str) ? str.ToString(-1) : throw new Win32Exception();
+		public static string ConvertSidToStringSid(PSID Sid)
+		{
+			if (!ConvertSidToStringSid(Sid, out var str))
+				throw new Win32Exception();
+			using (str)
+				return str.ToString(-1);
+		}
 
 		/// <summary>
 		/// <para>
@@ -252,7 +263,8 @@ namespace Vanara.PInvoke
 		{
 			if (!ConvertStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor, SDDL_REVISION.SDDL_REVISION_1, out var sd, out var sz))
 				throw new Win32Exception();
-			return new SafePSECURITY_DESCRIPTOR(sd.ToArray<byte>((int)sz));
+			using (sd)
+				return new SafePSECURITY_DESCRIPTOR(sd.ToArray<byte>((int)sz));
 		}
 
 		/// <summary>
@@ -288,6 +300,12 @@ namespace Vanara.PInvoke
 		/// <returns>A pointer to the converted SID.</returns>
 		[PInvokeData("sddl.h", MSDNShortId = "aa376402")]
 		[return: MarshalAs(UnmanagedType.Bool)]
-		public static SafePSID ConvertStringSidToSid(string pStringSid) => ConvertStringSidToSid(pStringSid, out var psid) ? new SafePSID(psid.DangerousGetHandle()) : throw new Win32Exception();
+		public static SafePSID ConvertStringSidToSid(string pStringSid)
+		{
+			if (!ConvertStringSidToSid(pStringSid, out var psid))
+				throw new Win32Exception();
+			using (psid)
+				return new SafePSID(psid.DangerousGetHandle());
+		}
 	}
 }
\ No newline at end of file
diff --git a/UnitTests/PInvoke/Security/AdvApi32/SddlTests.cs b/UnitTests/PInvoke/Security/AdvApi32/SddlTests.cs
new file mode 100644
index 00000000..5bb190bf
--- /dev/null
+++ b/UnitTests/PInvoke/Security/AdvApi32/SddlTests.cs
@@ -0,0 +1,42 @@
+using NUnit.Framework;
+using static Vanara.PInvoke.AdvApi32;
+
+namespace Vanara.PInvoke.Tests
+{
+	[TestFixture]
+	public class SddlTests
+	{
+		[Test]
+		public void ConvertSecurityDescriptorToStringSecurityDescriptorTest()
+		{
+			using (new PrivBlock("SeSecurityPrivilege"))
+			{
+				var si = SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION | SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.SACL_SECURITY_INFORMATION;
+				Assert.That(GetNamedSecurityInfo(@"C:\Temp\help.ico", SE_OBJECT_TYPE.SE_FILE_OBJECT, si, out _, out _, out _, out _, out var sd), ResultIs.Successful);
+				string sd_sddl;
+				using (sd)
+				{
+					Assert.That(sd_sddl = ConvertSecurityDescriptorToStringSecurityDescriptor(sd, si), Is.Not.Empty);
+				}
+				SafePSECURITY_DESCRIPTOR sd2;
+				Assert.That(sd2 = ConvertStringSecurityDescriptorToSecurityDescriptor(sd_sddl), ResultIs.ValidHandle);
+				sd2.Dispose();
+			}
+		}
+
+		[Test]
+		public void ConvertSidToStringSidTest()
+		{
+			using (var psid = SafePSID.Everyone)
+			{
+				string sid_sddl;
+				Assert.That(sid_sddl = ConvertSidToStringSid(psid), Is.Not.Empty);
+
+				SafePSID psid2;
+				Assert.That(psid2 = ConvertStringSidToSid(sid_sddl), ResultIs.ValidHandle);
+				using (psid2)
+					Assert.That(psid == psid2, Is.True);
+			}
+		}
+	}
+}
\ No newline at end of file
diff --git a/UnitTests/PInvoke/Security/Security.csproj b/UnitTests/PInvoke/Security/Security.csproj
index 3dd25219..eb602fa6 100644
--- a/UnitTests/PInvoke/Security/Security.csproj
+++ b/UnitTests/PInvoke/Security/Security.csproj
@@ -55,6 +55,7 @@
     <Compile Include="AdvApi32\LsaTests.cs" />
     <Compile Include="AdvApi32\PerfLibTests.cs" />
     <Compile Include="AdvApi32\ProcessThreadsApiTests.cs" />
+    <Compile Include="AdvApi32\SddlTests.cs" />
     <Compile Include="AdvApi32\SecurityBaseApiTests.cs" />
     <Compile Include="AdvApi32\ServiceTests.cs" />
     <Compile Include="AdvApi32\PSIDTests.cs" />