GetSecurityDescriptor method of the Win32_Service class (Remote Desktop Services)
The GetSecurityDescriptor method returns the security descriptor that controls access to the service. The descriptor is returned as an instance of Win32_SecurityDescriptor.
Syntax
uint32 GetSecurityDescriptor(
[out] Win32_SecurityDescriptor Descriptor
);
Parameters
-
Descriptor [out]
-
The security descriptor associated with the service.
Return value
Returns one of the values listed in the following list, or a different value to indicate an error. For additional error codes, see WMI Error Constants or WbemErrorEnum. For general HRESULT values, see System Error Codes.
-
0
-
The request was accepted.
-
1
-
The request is not supported.
-
2
-
The user did not have the necessary access.
-
3
-
The service cannot be stopped because other services that are running are dependent on it.
-
4
-
The requested control code is not valid, or it is unacceptable to the service.
-
5
-
The requested control code cannot be sent to the service because the state of the service (Win32_BaseService.State property) is equal to 0, 1, or 2.
-
6
-
The service has not been started.
-
7
-
The service did not respond to the start request in a timely fashion.
-
8
-
Unknown failure when starting the service.
-
9
-
The directory path to the service executable file was not found.
-
10
-
The service is already running.
-
11
-
The database to add a new service is locked.
-
12
-
A dependency this service relies on has been removed from the system.
-
13
-
The service failed to find the service needed from a dependent service.
-
14
-
The service has been disabled from the system.
-
15
-
The service does not have the correct authentication to run on the system.
-
16
-
This service is being removed from the system.
-
17
-
The service has no execution thread.
-
18
-
The service has circular dependencies when it starts.
-
19
-
A service is running under the same name.
-
20
-
The service name has invalid characters.
-
21
-
Invalid parameters have been passed to the service.
-
22
-
The account under which this service runs is either invalid or lacks the permissions to run the service.
-
23
-
The service exists in the database of services available from the system.
-
24
-
The service is currently paused in the system.
Remarks
The Win32_SecurityDescriptor instance represents a SECURITY_DESCRIPTOR_CONTROL data type and contains a discretionary access control list (DACL) and a system access control list (SACL). For more information, see Access Control Lists.
If the SeSecurityPrivilege is not granted or enabled when getting a security descriptor, then only the DACL is returned in the returned security descriptor. For more information, see Privilege Constants and Executing Privileged Operations.
Examples
When retrieving a security descriptor in VBScript, be sure to "Security" and run as Admin, as shown in the following code snippet. Otherwise, your code may throw a permissions error.
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
Similarly, in VB.NET, be sure to set "EnablePrivileges = True" and run the Application as Admin.
Scope = New ManagementScope([String].Format("\\{0}\root\CIMV2", ComputerName), Nothing)
Scope.Options.EnablePrivileges = True
Requirements
Requirement | Value |
---|---|
Minimum supported client |
Windows Vista |
Minimum supported server |
Windows Server 2008 |
Namespace |
Root\CIMv2\TerminalServices |
MOF |
|
DLL |
|