GetSecurityDescriptor method of the Win32_LogicalShareSecuritySetting class

The GetSecurityDescriptor method retrieves a Win32_SecurityDescriptor representation of the Win32_LogicalShareSecuritySetting object security descriptor.

This topic uses Managed Object Format (MOF) syntax. For more information about using this method, see Calling a Method and Retrieving a Class.

Syntax

uint32 GetSecurityDescriptor(
  [out] Win32_SecurityDescriptor Descriptor
);

Parameters

Descriptor [out]

Expression that resolves to an instance of Win32_SecurityDescriptor.

Return value

The GetSecurityDescriptor method can return the error codes listed in the following list. For more information about integer values different from those listed, see WMI Return Codes.

Success

0

Successful completion.

Access denied

2

The user does not have access to the requested information.

Unknown failure

8

Unknown failure.

Privilege missing

9

The user does not have adequate privileges.

Invalid parameter

21

The specified parameter is not valid.

Other

22 4294967295

Remarks

For a VBScript code example about how to get and parse the SD, see GetSecurityDescriptor Method in Class Win32_LogicalFileSecuritySetting.

Note that this method works on shares, but may not be able to retrieve retrieve hidden shares (suffixed with "$").

Examples

The following Script Centercode example lists all shares on a computer, and then uses GetSecurityDescriptor to list all the share permissions for each share.

The script calls the Win32_LogicalShareSecuritySetting.GetSecurityDescriptor method to retrieve an instance of the Win32_SecurityDescriptor class for the target object. GetSecurityDescriptor returns the SecurityDescriptor parameter with an instance of the Win32_SecurityDescriptor class that corresponds to the security descriptor for the target object. Properties provided by the Win32_SecurityDescriptor class contain the DACL array of access control entries (ACEs) in the form of Win32_ACE object references. It also contains the trustee information in the form of Win32_Trustee objects.

On Error Resume Next
' The Win32_LogicalShareSecuritySetting instance with
' the name = to WMILogs$ is specified 

Set wmiFileSecSetting = GetObject( _
   "winmgmts:Win32_LogicalShareSecuritySetting.Name='WMILogs$'")

RetVal = wmiFileSecSetting. _
    GetSecurityDescriptor(wmiSecurityDescriptor)
If Err <> 0 Then
    WScript.Echo "GetSecurityDescriptor failed" _
    & VBCRLF & Err.Number & VBCRLF & Err.Description
    WScript.Quit
Else
    WScript.Echo "GetSecurityDescriptor succeeded"
End If

' Retrieve the DACL array of Win32_ACE objects.
DACL = wmiSecurityDescriptor.DACL

For each wmiAce in DACL

    wscript.echo "Access Mask: "     & wmiAce.AccessMask
    wscript.echo "ACE Type: "        & wmiAce.AceType

' Get Win32_Trustee object from ACE 
       Set Trustee = wmiAce.Trustee
    wscript.echo "Trustee Domain: "  & Trustee.Domain
    wscript.echo "Trustee Name: "    & Trustee.Name

' Get SID as array from Trustee
    SID = Trustee.SID 
    strsid = join(SID, ",") 
    wscript.echo "Trustee SID: {" & strsid & "}"
        
Next

Requirements

Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Namespace
Root\CIMv2
MOF
Secrcw32.mof
DLL
CIMWin32.dll

See also

Operating System Classes

Win32_LogicalShareSecuritySetting