GetSecurityDescriptor

Class method that retrieves a structural representation of the object security descriptor (SD).

Class method that retrieves a structural representation of the object security descriptor (SD).

Example

Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.

# select the instance(s) for which you want to invoke the method
# you can use "Get-CimInstance -Query (ADD FILTER CLAUSE HERE!)" to safely play with filter clauses
# if you want to apply the method to ALL instances, remove "Where...." clause altogether.
$query = 'Select * From Win32_LogicalShareSecuritySetting Where (ADD FILTER CLAUSE HERE!)'
Invoke-CimMethod -Query $query -Namespace Root/CIMV2 -MethodName GetSecurityDescriptor |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
  switch ([int]$this.ReturnValue)
  {
        0        {'Success'}
        2        {'Access denied'}
        8        {'Unknown failure'}
        9        {'Privilege missing'}
        21       {'Invalid parameter'}
        default  {'Unknown Error '}
    }
}

To run this method on one or more remote systems, use New-CimSession:

$ComputerName = 'server12','server14'  # adjust to your server names
$Credential   = Get-Credential         # submit a user account with proper permissions



$session = New-CimSession -ComputerName $ComputerName -Credential $Credential

# select the instance(s) for which you want to invoke the method
# you can use "Get-CimInstance -Query (ADD FILTER CLAUSE HERE!)" to safely play with filter clauses
$query = 'Select * From Win32_LogicalShareSecuritySetting Where (ADD FILTER CLAUSE HERE!)'
Invoke-CimMethod -Query $query -Namespace Root/CIMV2 -MethodName GetSecurityDescriptor -CimSession $session |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
  switch ([int]$this.ReturnValue)
  {
        0        {'Success'}
        2        {'Access denied'}
        8        {'Unknown failure'}
        9        {'Privilege missing'}
        21       {'Invalid parameter'}
        default  {'Unknown Error '}
    }
}


Remove-CimSession -CimSession $session

Learn more about Invoke-CimMethod and invoking WMI methods.

Syntax

uint32 GetSecurityDescriptor(
  [out] Win32_SecurityDescriptor Descriptor
);

Parameters

The method takes no arguments.

Return Value

Returns a value of type UInt32. Return values:

$returnValues = @{
    0    = 'Success'
    2    = 'Access denied'
    8    = 'Unknown failure'
    9    = 'Privilege missing'
    21   = 'Invalid parameter'
}

Requirements

To use Win32_LogicalShareSecuritySetting, the following requirements apply:

PowerShell

Get-CimInstance was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.

If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.

Operating System

Win32_LogicalShareSecuritySetting was introduced on clients with Windows Vista and on servers with Windows Server 2008.

Namespace

Win32_LogicalShareSecuritySetting lives in the Namespace Root/CIMV2. This is the default namespace. There is no need to use the -Namespace parameter in Get-CimInstance.

Implementation

Win32_LogicalShareSecuritySetting is implemented in CIMWin32.dll and defined in Secrcw32.mof. Both files are located in the folder C:\Windows\system32\wbem:

explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\Secrcw32.mof