This method returns an instance of a Win32_SecurityDescriptor which reports the permissions including the discretionary access control list (DACL) and a system access control list (SACL) for the service.
To run the method, the SeSecurityPrivilege must be granted, so you need to run the method with Administrator privileges enabled.
The method returns an object with a status code. The property Descriptor contains the instance of the Win32_SecurityDescriptor.
Example
Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.
$query = 'Select * From Win32_Service where Name="Spooler"'
Invoke-CimMethod -Query $query -MethodName GetSecurityDescriptor |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
switch ([int]$this.ReturnValue)
{
0 {'Success'}
2 {'Access denied'}
8 {'Unknown failure'}
9 {'Privilege missing'}
21 {'Invalid parameter'}
default {"Unknown Error $_"}
}
}
To run this method on one or more remote systems, use New-CimSession:
$session = New-CimSession -ComputerName $ComputerName -Credential $Credential
$query = 'Select * From Win32_Service where Name="Spooler"'
Invoke-CimMethod -Query $query -MethodName GetSecurityDescriptor -CimSession $session |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
switch ([int]$this.ReturnValue)
{
0 {'Success'}
2 {'Access denied'}
8 {'Unknown failure'}
9 {'Privilege missing'}
21 {'Invalid parameter'}
default {"Unknown Error $_"}
}
}
Remove-CimSession -CimSession $session
Learn more about
Invoke-CimMethodand invoking WMI methods.
Syntax
uint32 GetSecurityDescriptor(
[out] Win32_SecurityDescriptor Descriptor
);
Parameters
The method takes no arguments.
Return Value
Returns a value of type UInt32. Return values:
$returnValues = @{
0 = 'Success'
2 = 'Access denied'
8 = 'Unknown failure'
9 = 'Privilege missing'
21 = 'Invalid parameter'
}
See Also
Additional methods implemented by Win32_Service:
Change()
Change() modifies a service.
ChangeStartMode()
ChangeStartMode() modifies the start mode of a service.
Create()
Delete()
Delete() deletes an existing service.
InterrogateService()
InterrogateService() requests that a service update its state to the service manager.
PauseService()
PauseService() attempts to place a service in the paused state.
ResumeService()
ResumeService() attempts to place a service in the resumed state.
SetSecurityDescriptor()
SetSecurityDescriptor() writes an updated version of the security descriptor that controls access to the service.
StartService()
StartService() attempts to place a service into the startup state.
StopService()
StopService() places a service in the stopped state.
UserControlService()
UserControlService() attempts to send a user-defined control code to a service.
Requirements
To use Win32_Service, the following requirements apply:
PowerShell
Get-CimInstance was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.
If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.
Operating System
Win32_Service was introduced on clients with Windows Vista and on servers with Windows Server 2008.
Namespace
Win32_Service lives in the Namespace Root/CIMV2. This is the default namespace. There is no need to use the -Namespace parameter in Get-CimInstance.
Implementation
Win32_Service is implemented in CIMWin32.dll and defined in CIMWin32.mof. Both files are located in the folder C:\Windows\system32\wbem:
explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\CIMWin32.mof