Share via

Win32SDToSDDL method of the Win32_SecurityDescriptorHelper class

The Win32SDToSDDL WMI class method converts a Win32_SecurityDescriptor instance to a security descriptor in Security Descriptor Definition Language (SDDL) string format.


uint32 Win32SDToSDDL(
  [in]  __SecurityDescriptor Descriptor,
  [out] string               SDDL


Descriptor [in]

Security descriptor in __SecurityDescriptor format.

SDDL [out]

Security descriptor in SDDL format.

Return value

Returns one of the values listed in the following list.


0 (0x0)

The call was successful. The scripting and Visual Basic constant is wbemNoErr.


2147749896 (0x80041008)

One of the parameters to the call is not correct. The scripting and Visual Basic constant is wbemErrInvalidParameter.


2147749892 (0x80041004)

Provider has failed at some time other than during initialization. The scripting and Visual Basic constant is wbemErrProviderFailure.


2147749894 (0x80041006)

Not enough memory for the operation. The scripting and Visual Basic constant is wbemErrOutOfMemory.


The following VBScript code example gets the security descriptor for a file in Win32_SecurityDescriptor format then converts it to SDDL format.

' Obtain argument from command line

If WScript.Arguments.Count = 0 Then
 WScript.Echo "Usage: GetFileSD <file_name>"
 WScript.Quit 1
End If

' Get the filename with path, for example C:\Users\user1\test.txt
Set objFileSystem = CreateObject( "Scripting.FileSystemObject" )
Filename = WScript.Arguments( 0 )
Set objFile = objFileSystem.GetFile( Filename )
Filename = objFile.Path
WScript.Echo Filename

' Get an instance of Win32_SecurityDescriptorHelper
Set objHelper = GetObject( _
    "winmgmts:root\cimv2:Win32_SecurityDescriptorHelper" )

' Connect to WMI on local computer and root\cimv2 namespace
Set objWMIService = GetObject( "winmgmts:root\cimv2" )

' Get the instance of Win32_LogicalFileSecuritySetting
'    associated with the file
' Replace single "\" with "\\" as escape character
Set objFile = objWMIService.Get( _
    "Win32_LogicalFileSecuritySetting=""" _
    & Replace( Filename,"\","\\") & """" )

' Get the existing security descriptor for the file
Return = objFile.GetSecurityDescriptor( objSD )
If ( return <> 0 ) Then
 WScript.Echo "Could not get security descriptor: " & Return
 wscript.Quit Return
End If

' Convert file security descriptor from 
'     Win32_SecurityDescriptor format to SDDL format
Return = objHelper.Win32SDToSDDL( objSD,SDDLstring )
If ( Return <> 0 )  Then
 WScript.Echo "Could not convert to SDDL: " & Return
 WScript.Quit Return
End If

WScript.Echo SDDLstring


Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008

See also


WMI Security Descriptor Objects

Changing Access Security on Securable Objects