GetSecurityDescriptor method of the Win32_Service class (CIMWin32 WMI Providers)
The GetSecurityDescriptor method returns the security descriptor that controls access to the service. The descriptor is returned as an instance of Win32_SecurityDescriptor.
Syntax
uint32 GetSecurityDescriptor(
[out] Win32_SecurityDescriptor Descriptor
);
Parameters
-
Descriptor [out]
-
The security descriptor associated with the service.
Return value
Returns one of the values listed in the following list, or a different value to indicate an error. For additional error codes, see WMI Error Constants or WbemErrorEnum. For general HRESULT values, see System Error Codes.
-
Success
-
0
The request was accepted.
-
1
The request is not supported.
-
Access denied
-
2
The user did not have the necessary access.
-
3
The service cannot be stopped because other services that are running are dependent on it.
-
4
The requested control code is not valid, or it is unacceptable to the service.
-
5
The requested control code cannot be sent to the service because the state of the service (Win32_BaseService.State property) is equal to 0, 1, or 2.
-
6
The service has not been started.
-
7
The service did not respond to the start request in a timely fashion.
-
Unknown failure
-
8
Unknown failure when starting the service.
-
Privilege missing
-
9
The directory path to the service executable file was not found.
-
10
The service is already running.
-
11
The database to add a new service is locked.
-
12
A dependency this service relies on has been removed from the system.
-
13
The service failed to find the service needed from a dependent service.
-
14
The service has been disabled from the system.
-
15
The service does not have the correct authentication to run on the system.
-
16
This service is being removed from the system.
-
17
The service has no execution thread.
-
18
The service has circular dependencies when it starts.
-
19
A service is running under the same name.
-
20
The service name has invalid characters.
-
Invalid parameter
-
21
Invalid parameters have been passed to the service.
-
22
The account under which this service runs is either invalid or lacks the permissions to run the service.
-
23
The service exists in the database of services available from the system.
-
24
The service is currently paused in the system.
-
Other
-
22 4294967295
Remarks
The Win32_SecurityDescriptor instance represents a SECURITY_DESCRIPTOR_CONTROL data type and contains a discretionary access control list (DACL) and a system access control list (SACL). For more information, see Access Control Lists.
If the SeSecurityPrivilege is not granted or enabled when getting a security descriptor, then only the DACL is returned in the returned security descriptor. For more information, see Privilege Constants and Executing Privileged Operations.
Examples
When retrieving a security descriptor in VBScript, be sure to "Security" and run as Admin, as shown in the following code snippet. Otherwise, your code may throw a permissions error.
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
Similarly, in VB.NET, be sure to set "EnablePrivileges = True" and run the Application as Admin.
Scope = New ManagementScope([String].Format("\\{0}\root\CIMV2", ComputerName), Nothing)
Scope.Options.EnablePrivileges = True
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista |
| Minimum supported server |
Windows Server 2008 |
| Namespace |
Root\CIMV2 |
| MOF |
|
| DLL |
|