Reading the defaultSecurityDescriptor for an Object Class
Using ADSI, you can obtain the defaultSecurityDescriptor attribute for an object class with the IADs interface. To obtain the defaultSecurityDescriptor attribute for an object class, perform the following steps.
- Get an IADs interface pointer to the classSchema object for the object class.
- Use the IADs.Get method to get the default security descriptor of the object. The name of the property that contains the security descriptor is "defaultSecurityDescriptor". The property will be returned as a VARIANT containing a BSTR with the default security descriptor in SDDL string format.
- Use the ConvertStringSecurityDescriptorToSecurityDescriptor function to convert the SDDL string form to a security descriptor.
- Use the GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, GetSecurityDescriptorOwner, and GetSecurityDescriptorControl Security APIs to read the parts of the security descriptor.
For a code example that demonstrates how to do this, see Example Code for Reading defaultSecurityDescriptor.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for