Export (0) Print
Expand All

GetSecurityDescriptor method of the Win32_Printer class

The GetSecurityDescriptor method returns the security descriptor that controls access to the printer. The descriptor is returned as an instance of Win32_SecurityDescriptor. For more information, see Changing Access Security on Securable Objects.

This topic uses Managed Object Format (MOF) syntax. For more information about using this method, see Calling a Method.

Syntax


uint32 GetSecurityDescriptor(
  [out]  Win32_SecurityDescriptor Descriptor
);

Parameters

Descriptor [out]

The security descriptor associated with the printer.

Return value

Return codeDescription
0

Successful completion.

2

The user does not have access to the requested information.

8

Unknown failure.

9

The user does not have adequate privileges to execute the method.

21

A parameter specified in the method call is not valid.

 

Remarks

The Win32_SecurityDescriptor instance represents a SECURITY_DESCRIPTOR_CONTROL data type and contains a discretionary access control list (DACL) and a system access control list (SACL). For more information, see Access Control Lists.

If the SeSecurityPrivilege is not granted or enabled when getting a security descriptor, then only the DACL is returned in the returned security descriptor. For more information, see Privilege Constants and Executing Privileged Operations.

Examples

The following VBScript code example lists the printers attached to the local computer and gets the security descriptor for each printer. Then the access control entries (ACE) in the discretionary access control list (DACL) are extracted to determine which users have access to the printer.

SE_DACL_PRESENT = &h4
ACCESS_ALLOWED_ACE_TYPE = &h0
ACCESS_DENIED_ACE_TYPE  = &h1

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")

Set objWMIService = GetObject("winmgmts:")
Set colInstalledPrinters =  objWMIService.ExecQuery _
    ("Select * from Win32_Printer")

For Each objPrinter in colInstalledPrinters
   Wscript.Echo "Name: " & objPrinter.Name 
' Get security descriptor for printer
    Return = objPrinter.GetSecurityDescriptor( objSD )
    If ( return <> 0 ) Then
 WScript.Echo "Could not get security descriptor: " & Return
 wscript.Quit Return
    End If
' Extract the security descriptor flags
    intControlFlags = objSD.ControlFlags
    If intControlFlags AND SE_DACL_PRESENT Then
' Get the ACE entries from security descriptor
        arrACEs = objSD.DACL
    For Each objACE in arrACEs
' Get all the trustees and determine which have access to printer
        WScript.Echo objACE.Trustee.Domain & "\" & objACE.Trustee.Name
        If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
            WScript.Echo vbTab & "User has access to printer"
        ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
            WScript.Echo vbTab & "User does not have access to the printer"
        End If
    Next
    Else
    WScript.Echo "No DACL found in security descriptor"
End If
Next

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Namespace

\root\CIMV2

MOF

CIMWin32.mof

DLL

CIMWin32.dll

See also

Win32_Printer
Privilege Constants
WMI Security Descriptor Objects
Changing Access Security on Securable Objects

 

 

Show:
© 2014 Microsoft