Home Library Learn Downloads Support Community
Sign in | United States - English | |
1 out of 1 rated this helpful - Rate this topic

GetSecurityDescriptor method of the Win32_Printer Class

Applies to: desktop apps only

The GetSecurityDescriptor method returns the security descriptor that controls access to the printer. The descriptor is returned as an instance of Win32_SecurityDescriptor. For more information, see Changing Access Security on Securable Objects.

Syntax

Copy 
uint32 GetSecurityDescriptor(
  [out]  Win32_SecurityDescriptor Descriptor
);

Parameters

Descriptor [out]

The security descriptor associated with the printer.

Return value

Return codeDescription
0

Successful completion.

2

The user does not have access to the requested information.

8

Unknown failure.

9

The user does not have adequate privileges to execute the method.

21

A parameter specified in the method call is not valid.

 

Remarks

The Win32_SecurityDescriptor instance represents a SECURITY_DESCRIPTOR_CONTROL data type and contains a discretionary access control list (DACL) and a system sccess control list (SACL). For more information, see Access Control Lists.

If the SeSecurityPrivilege is not granted or enabled when getting a security descriptor, then only the DACL is returned in the returned security descriptor. For more information, see Privilege Constants and Executing Privileged Operations.

Examples

The following VBScript code example lists the printers attached to the local computer and gets the security descriptor for each printer. Then the access control entries (ACE) in the discretionary access control list (DACL) are extracted to determine which users have access to the printer.

VB
Copy 
SE_DACL_PRESENT = &h4
ACCESS_ALLOWED_ACE_TYPE = &h0
ACCESS_DENIED_ACE_TYPE  = &h1

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")

Set objWMIService = GetObject("winmgmts:")
Set colInstalledPrinters =  objWMIService.ExecQuery _
    ("Select * from Win32_Printer")

For Each objPrinter in colInstalledPrinters
   Wscript.Echo "Name: " & objPrinter.Name 
' Get security descriptor for printer
    Return = objPrinter.GetSecurityDescriptor( objSD )
    If ( return <> 0 ) Then
	WScript.Echo "Could not get security descriptor: " & Return
	wscript.Quit Return
    End If
' Extract the security descriptor flags
    intControlFlags = objSD.ControlFlags
    If intControlFlags AND SE_DACL_PRESENT Then
' Get the ACE entries from security descriptor
        arrACEs = objSD.DACL
    For Each objACE in arrACEs
' Get all the trustees and determine which have access to printer
        WScript.Echo objACE.Trustee.Domain & "\" & objACE.Trustee.Name
        If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
            WScript.Echo vbTab & "User has access to printer"
        ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
            WScript.Echo vbTab & "User does not have access to the printer"
        End If
    Next
    Else
    WScript.Echo "No DACL found in security descriptor"
End If
Next

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Namespace

\root\CIMV2

MOF
Cimwin32.mof

DLL
Cimwin32.dll

See also

Win32_Printer
Privilege Constants
WMI Security Descriptor Objects
Changing Access Security on Securable Objects

 

 

Send comments about this topic to Microsoft

Build date: 3/9/2012

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ