GetSD method of the __SystemSecurity class
The GetSD method gets the security descriptor for the namespace to which the user is connected. This method returns a security descriptor in binary byte array format. If you are writing a script, use the GetSecurityDescriptor method. For more information, see Securing WMI Namespaces and Changing Access Security on Securable Objects.
The user must have the READ_CONTROL permission. By default, administrators have that permission. The only part of the security descriptor that is actually used is the discretionary access control list (DACL). The DACL can contain both inherited and non-inherited ACEs. Both deny and allow ACEs are permitted.
If you are programming in C++, you can manipulate the binary security descriptor using SDDL, and the conversion methods ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor.
Syntax
HRESULT GetSD(
[out] uint8 SD[]
);
Parameters
-
SD [out]
-
Security descriptor in binary byte array format.
Return value
This method returns an HRESULT indicating the status of the method call. The following list lists the return values that are of significance to GetSD. For scripting and Visual Basic applications, the result can be obtained from OutParameters.ReturnValue. For more information, see Constructing InParameters Objects and Parsing OutParameters Objects.
-
S_OK
-
Method executed successfully.
-
WBEM_E_ACCESS_DENIED
-
Caller does not have sufficient rights to call this method.
-
WBEM_E_METHOD_DISABLED
-
Attempted to run this method on an unsupported system.
Remarks
For more information about modifying namespace security programmatically or manually, see Securing WMI Namespaces.
Examples
The following script shows you how to use GetSD to obtain the current security descriptor for the Root\Cimv2 namespace and change it to the byte array shown in DisplaySD.
Set objServices = GetObject("winmgmts:root\cimv2")
Set CimV2 = objServices.Get("__SystemSecurity=@")
ReturnValue = Cimv2.GetSD(arrSD)
If Err <> 0 Then
WScript.Echo "Method returned error " & ReturnValue
End If
DisplaySD = "SD = {"
For I = Lbound(arrSD) To Ubound(arrSD)
DisplaySD = DisplaySD & arrSD(I)
If I <> Ubound(arrSD) Then
DisplaySD = DisplaySD & ","
End If
Next
DisplaySD = DisplaySD & "}"
WScript.Echo DisplaySD
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista |
| Minimum supported server |
Windows Server 2008 |
| Namespace |
All WMI namespaces |