SetSecurityDescriptor - powershell.one

Sets the security descriptor for a key.

Example

Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.

# define the arguments you want to submit to the method
# remove values that you do not want to submit
# make sure you replace values with meaningful content before running the code
# see section "Parameters" below for a description of each argument.
$arguments = @{
    Descriptor      = 12345  # replace 12345 with a meaningful value
    hDefKey         = [UInt32](12345)  # replace 12345 with a meaningful value
    sSubKeyName     = 'someText'  # replace 'someText' with meaningful text
}


Invoke-CimMethod -ClassName StdRegProv -Namespace Root/default -MethodName SetSecurityDescriptor -Arguments $arguments

To run this method on one or more remote systems, use New-CimSession:

$ComputerName = 'server12','server14'  # adjust to your server names
$Credential   = Get-Credential         # submit a user account with proper permissions

# define the arguments you want to submit to the method
# remove values that you do not want to submit
# make sure you replace values with meaningful content before running the code
# see section "Parameters" below for a description of each argument.
$arguments = @{
    Descriptor      = 12345  # replace 12345 with a meaningful value
    hDefKey         = [UInt32](12345)  # replace 12345 with a meaningful value
    sSubKeyName     = 'someText'  # replace 'someText' with meaningful text
}


$session = New-CimSession -ComputerName $ComputerName -Credential $Credential

Invoke-CimMethod -ClassName StdRegProv -Namespace Root/default -MethodName SetSecurityDescriptor -Arguments $arguments -CimSession $session

Remove-CimSession -CimSession $session

Learn more about Invoke-CimMethod and invoking WMI methods.

Syntax

uint32 SetSecurityDescriptor(
  [in] uint32               hDefKey = HKEY_LOCAL_MACHINE,
  [in] string               sSubKeyName,
  [in] __SecurityDescriptor Descriptor
);

Parameters

Name	Type	Description
Descriptor	Object	Contains the security descriptor to set on the key name.
hDefKey	UInt32	Parameter that specifies the tree that contains the sSubKeyName path. The default value is HKEY_LOCAL_MACHINE (0x80000002). The following trees are defined in Winreg.h: HKEY_CLASSES_ROOT (0x80000000) HKEY_CURRENT_USER (0x80000001) HKEY_LOCAL_MACHINE (0x80000002) HKEY_USERS (0x80000003) HKEY_CURRENT_CONFIG (0x80000005)
sSubKeyName	String	Contains the key name to set the security descriptor on.

Return Value

Returns a value of type UInt32. Typically, a value of 0 indicates success.

Requirements

To use StdRegProv, the following requirements apply:

PowerShell

Get-CimInstance was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.

If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.

Operating System

StdRegProv was introduced on clients with Windows Vista and on servers with Windows Server 2008.

Namespace

StdRegProv lives in the Namespace Root/default. This is not the default namespace. Use parameter -Namespace root/default with all CIM cmdlets..

Implementation

StdRegProv is implemented in Stdprov.dll and defined in RegEvent.mof. Both files are located in the folder C:\Windows\system32\wbem:

explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\RegEvent.mof

PREVIOUSArchive