GetSD method of the __SystemSecurity class

The GetSD method gets the security descriptor for the namespace to which the user is connected. This method returns a security descriptor in binary byte array format. If you are writing a script, use the GetSecurityDescriptor method. For more information, see Securing WMI Namespaces and Changing Access Security on Securable Objects.

The user must have the READ_CONTROL permission. By default, administrators have that permission. The only part of the security descriptor that is actually used is the discretionary access control list (DACL). The DACL can contain both inherited and non-inherited ACEs. Both deny and allow ACEs are permitted.

If you are programming in C++, you can manipulate the binary security descriptor using SDDL, and the conversion methods ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor.

Syntax


HRESULT GetSD(
  [out]  uint8 SD[]
);

Parameters

SD [out]

Security descriptor in binary byte array format.

Return value

This method returns an HRESULT indicating the status of the method call. The following table lists the return values that are of significance to GetSD. For scripting and Visual Basic applications, the result can be obtained from OutParameters.ReturnValue. For more information, see Constructing InParameters Objects and Parsing OutParameters Objects.

Return codeDescription
S_OK

Method executed successfully.

WBEM_E_ACCESS_DENIED

Caller does not have sufficient rights to call this method.

WBEM_E_METHOD_DISABLED

Attempted to run this method on an unsupported system.

 

Remarks

For more information about modifying namespace security programmatically or manually, see Securing WMI Namespaces.

Examples

The following script shows you how to use GetSD to obtain the current security descriptor for the Root\Cimv2 namespace and change it to the byte array shown in DisplaySD.


Set objServices = GetObject("winmgmts:root\cimv2")
Set CimV2 = objServices.Get("__SystemSecurity=@")
ReturnValue = Cimv2.GetSD(arrSD)

If Err <> 0 Then
   WScript.Echo "Method returned error " & ReturnValue
End If

DisplaySD = "SD = {"
For I = Lbound(arrSD) To Ubound(arrSD)

   DisplaySD = DisplaySD & arrSD(I)

   If I <> Ubound(arrSD) Then
      DisplaySD = DisplaySD & ","
   End If

Next

DisplaySD = DisplaySD & "}"

WScript.Echo DisplaySD

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2003

Namespace

all WMI namespaces

See also

WMI System Classes
__SystemSecurity
WMI Security Constants
Win32_ACE
__SystemSecurity::SetSD
Security_Descriptor
Win32_SecurityDescriptor
Securing WMI Namespaces

 

 

Show:
© 2015 Microsoft