Printers, services, registry keys, DCOM applications, and WMI namespaces are securable objects. The access to securable objects is protected by security descriptors, which specify the users who have access. Starting with Windows Vista, many securable objects have methods for getting or setting the security descriptor. With appropriate permissions, you can read or change security descriptors on securable objects. Using these methods, you can control which user accounts or groups have access to a printer, service, WMI namespace, or other object. For more information about security descriptors and their use in WMI, see Access to WMI Securable Objects.
The following sections are discussed in this topic:
DCOM application instances have several security descriptors. Starting with Windows Vista, use methods of the Win32_DCOMApplicationSetting class to get or change the various security descriptors. Security descriptors are returned as instances of the Win32_SecurityDescriptor class.
When a new Security Access Control List (SACL) is not specified in a call to a SetSecurityDescriptor method, then the security descriptor SACL on the target securable object is set to NULL so that the previous SACL setting does not persist.
You can manipulate the Access Control Lists (ACL) more easily in Win32_SecurityDescriptor instances or in SDDL. For more information about the structure and use of security descriptors in WMI, see WMI Security Descriptor Objects.
It is recommended that changes to security descriptors be done with great caution so that the security of the object is not compromised. Be aware that the order of access control entries (ACEs) in a discretionary access control list (DACL) can affect access security. For more information, see Order of ACEs in a DACL.
This module focuses on maintaining security in an Active Directory environment. It covers things from permissions management to authentication methods to identifying problematic accounts.
As an Information Security Administrator, you plan and implement information security of sensitive data by using Microsoft Purview and related services. You’re responsible for mitigating risks by protecting data inside collaboration environments that are managed by Microsoft 365 from internal and external threats and protecting data used by AI services. You also implement information protection, data loss prevention, retention, insider risk management, and manage information security alerts and activities.