EN
此内容没有您的语言版本,但有英语版本。

SetSecurityDescriptor method of the Win32_Service class

The SetSecurityDescriptor method writes an updated version of the security descriptor that controls access to the service.

Syntax


uint32 SetSecurityDescriptor(
  [in] Win32_SecurityDescriptor Descriptor
);

Parameters

Descriptor [in]

The security descriptor associated with the service.

Return value

Return code/valueDescription
Success
0

The request was accepted.

1

The request is not supported.

Access denied
2

The user did not have the necessary access.

3

The service cannot be stopped because other services that are running are dependent on it.

4

The requested control code is not valid, or it is unacceptable to the service.

5

The requested control code cannot be sent to the service because the state of the service (Win32_BaseService State property) is equal to 0, 1, or 2.

6

The service has not been started.

7

The service did not respond to the start request in a timely fashion.

Unknown failure
8

Unknown failure when starting the service.

Privilege missing
9

The directory path to the service executable file was not found.

10

The service is already running.

11

The database to add a new service is locked.

12

A dependency this service relies on has been removed from the system.

13

The service failed to find the service needed from a dependent service.

14

The service has been disabled from the system.

15

The service does not have the correct authentication to run on the system.

16

This service is being removed from the system.

17

The service has no execution thread.

18

The service has circular dependencies when it starts.

19

A service is running under the same name.

20

The service name has invalid characters.

Invalid parameter
21

Invalid parameters have been passed to the service.

22

The account under which this service runs is either invalid or lacks the permissions to run the service.

23

The service exists in the database of services available from the system.

24

The service is currently paused in the system.

Other
22–4294967295

 

Remarks

The Win32_SecurityDescriptor instance represents a SECURITY_DESCRIPTOR_CONTROL data type and contains a discretionary access control list (DACL) and a system access control list (SACL). For more information, see Access Control Lists.

If the SeSecurityPrivilege is not granted or enabled when getting a security descriptor, then only the DACL is returned in the returned security descriptor. For more information, see Privilege Constants and Executing Privileged Operations.

You can update both the DACL and the SACL in the Win32_SecurityDescriptor instance when calling this method, but you also can update only the DACL or only the SACL.

The following values in SECURITY_DESCRIPTOR_CONTROL determine whether the DACL, the SACL, or both are updated.

  • SE_DACL_PRESENT

    Indicates that the DACL should be updated. If this is not set, then WMI preserves the original value of the DACL.

  • SE_SACL_PRESENT

    Indicates that the SACL should be updated. If this is not set, then WMI preserves the original value of the SACL. To update the SACL, the account must have the SeSecurityPrivilege privilege enabled. For scripting, the privilege name is SeSecurityPrivilege. For more information, see Privilege Constants.

If the Group trustee and the Owner trustee properties are not NULL, then they are updated. Otherwise, WMI preserves the original values. For more information, see WMI Security Descriptor Objects.

When a new SACL is NULL in a call this method, then the security descriptor SACL on the target securable object is left unchanged.

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Namespace

Root\CIMV2

MOF

CIMWin32.mof

DLL

CIMWin32.dll

See also

Win32_Service
Privilege Constants
WMI Security Descriptor Objects
Changing Access Security on Securable Objects
User Account Control and WMI

 

 

显示:
© 2015 Microsoft