Share via

Win32SDToSDDL method of the Win32_SecurityDescriptorHelper class

The Win32SDToSDDL WMI class method converts a Win32_SecurityDescriptor instance to a security descriptor in Security Descriptor Definition Language (SDDL) string format.

Syntax

uint32 Win32SDToSDDL(
  [in]  __SecurityDescriptor Descriptor,
  [out] string               SDDL
);

Parameters

Descriptor [in]

Security descriptor in __SecurityDescriptor format.

SDDL [out]

Security descriptor in SDDL format.

Return value

Returns one of the values listed in the following list.

S_OK

0 (0x0)

The call was successful. The scripting and Visual Basic constant is wbemNoErr.

WBEM_E_INVALID_PARAMETER

2147749896 (0x80041008)

One of the parameters to the call is not correct. The scripting and Visual Basic constant is wbemErrInvalidParameter.

WBEM_E_PROVIDER_FAILURE

2147749892 (0x80041004)

Provider has failed at some time other than during initialization. The scripting and Visual Basic constant is wbemErrProviderFailure.

WBEM_E_OUT_OF_MEMORY

2147749894 (0x80041006)

Not enough memory for the operation. The scripting and Visual Basic constant is wbemErrOutOfMemory.

Examples

The following VBScript code example gets the security descriptor for a file in Win32_SecurityDescriptor format then converts it to SDDL format.

' Obtain argument from command line

If WScript.Arguments.Count = 0 Then
 WScript.Echo "Usage: GetFileSD <file_name>"
 WScript.Quit 1
End If

' Get the filename with path, for example C:\Users\user1\test.txt
Set objFileSystem = CreateObject( "Scripting.FileSystemObject" )
Filename = WScript.Arguments( 0 )
Set objFile = objFileSystem.GetFile( Filename )
Filename = objFile.Path
WScript.Echo Filename

' Get an instance of Win32_SecurityDescriptorHelper
Set objHelper = GetObject( _
    "winmgmts:root\cimv2:Win32_SecurityDescriptorHelper" )

' Connect to WMI on local computer and root\cimv2 namespace
Set objWMIService = GetObject( "winmgmts:root\cimv2" )

' Get the instance of Win32_LogicalFileSecuritySetting
'    associated with the file
' Replace single "\" with "\\" as escape character
Set objFile = objWMIService.Get( _
    "Win32_LogicalFileSecuritySetting=""" _
    & Replace( Filename,"\","\\") & """" )

' Get the existing security descriptor for the file
Return = objFile.GetSecurityDescriptor( objSD )
If ( return <> 0 ) Then
 WScript.Echo "Could not get security descriptor: " & Return
 wscript.Quit Return
End If

' Convert file security descriptor from 
'     Win32_SecurityDescriptor format to SDDL format
Return = objHelper.Win32SDToSDDL( objSD,SDDLstring )
If ( Return <> 0 )  Then
 WScript.Echo "Could not convert to SDDL: " & Return
 WScript.Quit Return
End If

WScript.Echo SDDLstring

Requirements
Minimum supported client
 Windows Vista
Minimum supported server
 Windows Server 2008
Namespace
 Root\CIMv2
MOF
Secrcw32.mof
DLL
CIMWin32.dll

See also

Win32_SecurityDescriptorHelper

WMI Security Descriptor Objects

Changing Access Security on Securable Objects