Export (0) Print
Expand All

GetSecurityDescriptor method of the Win32_Service class

The GetSecurityDescriptor method returns the security descriptor that controls access to the service. The descriptor is returned as an instance of Win32_SecurityDescriptor.

Syntax


uint32 GetSecurityDescriptor(
  [out]  Win32_SecurityDescriptor Descriptor
);

Parameters

Descriptor [out]

The security descriptor associated with the service.

Return value

Return codeDescription
0

The request was accepted.

1

The request is not supported.

2

The user did not have the necessary access.

3

The service cannot be stopped because other services that are running are dependent on it.

4

The requested control code is not valid, or it is unacceptable to the service.

5

The requested control code cannot be sent to the service because the state of the service (Win32_BaseService State property) is equal to 0, 1, or 2.

6

The service has not been started.

7

The service did not respond to the start request in a timely fashion.

8

Unknown failure when starting the service.

9

The directory path to the service executable file was not found.

10

The service is already running.

11

The database to add a new service is locked.

12

A dependency this service relies on has been removed from the system.

13

The service failed to find the service needed from a dependent service.

14

The service has been disabled from the system.

15

The service does not have the correct authentication to run on the system.

16

This service is being removed from the system.

17

The service has no execution thread.

18

The service has circular dependencies when it starts.

19

A service is running under the same name.

20

The service name has invalid characters.

21

Invalid parameters have been passed to the service.

22

The account under which this service runs is either invalid or lacks the permissions to run the service.

23

The service exists in the database of services available from the system.

24

The service is currently paused in the system.

 

Remarks

The Win32_SecurityDescriptor instance represents a SECURITY_DESCRIPTOR_CONTROL data type and contains a discretionary access control list (DACL) and a system access control list (SACL). For more information, see Access Control Lists.

If the SeSecurityPrivilege is not granted or enabled when getting a security descriptor, then only the DACL is returned in the returned security descriptor. For more information, see Privilege Constants and Executing Privileged Operations.

Examples

When retrieving a security descriptor in VBScript, be sure to "Security" and run as as Admin, as shown in the following code snippet. Otherwise, your code may throw a permissions error.


Set objWMIService = GetObject("winmgmts:" _
  & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")


Similarly, in VB.NET, be sure to set "EnablePrivileges = True" and run the Application as Admin.


Scope = New ManagementScope([String].Format("\\{0}\root\CIMV2", ComputerName), Nothing)
Scope.Options.EnablePrivileges = True

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Namespace

\root\CIMV2

MOF

CIMWin32.mof

DLL

CIMWin32.dll

See also

Win32_Service
Privilege Constants
WMI Security Descriptor Objects
Changing Access Security on Securable Objects
User Account Control and WMI

 

 

Show:
© 2014 Microsoft