GetSecurityDescriptor method of the Win32_Printer class
The GetSecurityDescriptor method returns the security descriptor that controls access to the printer. The descriptor is returned as an instance of Win32_SecurityDescriptor. For more information, see Changing Access Security on Securable Objects.
This topic uses Managed Object Format (MOF) syntax. For more information about using this method, see Calling a Method.
uint32 GetSecurityDescriptor(
[out] Win32_SecurityDescriptor Descriptor
);
-
Descriptor [out]
-
The security descriptor associated with the printer.
Returns one of the values listed in the following list, or a different value to indicate an error. For additional error codes, see WMI Error Constants or WbemErrorEnum. For general HRESULT values, see System Error Codes.
-
0
-
Successful completion.
-
2
-
The user does not have access to the requested information.
-
8
-
Unknown failure.
-
9
-
The user does not have adequate privileges to execute the method.
-
21
-
A parameter specified in the method call is not valid.
The Win32_SecurityDescriptor instance represents a SECURITY_DESCRIPTOR_CONTROL data type and contains a discretionary access control list (DACL) and a system access control list (SACL). For more information, see Access Control Lists.
If the SeSecurityPrivilege is not granted or enabled when getting a security descriptor, then only the DACL is returned in the returned security descriptor. For more information, see Privilege Constants and Executing Privileged Operations.
The following VBScript code example lists the printers attached to the local computer and gets the security descriptor for each printer. Then the access control entries (ACE) in the discretionary access control list (DACL) are extracted to determine which users have access to the printer.
SE_DACL_PRESENT = &h4
ACCESS_ALLOWED_ACE_TYPE = &h0
ACCESS_DENIED_ACE_TYPE = &h1
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
Set objWMIService = GetObject("winmgmts:")
Set colInstalledPrinters = objWMIService.ExecQuery _
("Select * from Win32_Printer")
For Each objPrinter in colInstalledPrinters
Wscript.Echo "Name: " & objPrinter.Name
' Get security descriptor for printer
Return = objPrinter.GetSecurityDescriptor( objSD )
If ( return <> 0 ) Then
WScript.Echo "Could not get security descriptor: " & Return
wscript.Quit Return
End If
' Extract the security descriptor flags
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
' Get the ACE entries from security descriptor
arrACEs = objSD.DACL
For Each objACE in arrACEs
' Get all the trustees and determine which have access to printer
WScript.Echo objACE.Trustee.Domain & "\" & objACE.Trustee.Name
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
WScript.Echo vbTab & "User has access to printer"
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
WScript.Echo vbTab & "User does not have access to the printer"
End If
Next
Else
WScript.Echo "No DACL found in security descriptor"
End If
Next
Requirement | Value |
---|---|
Minimum supported client |
Windows Vista |
Minimum supported server |
Windows Server 2008 |
Namespace |
Root\CIMV2 |
MOF |
|
DLL |
|