Share via


Security Descriptor Helper Class

The Win32_SecurityDescriptorHelper class converts the security descriptor of a securable object from one format to another.

Many objects, such as printers, WMI namespaces, registry keys, or DCOM applications, have security descriptors that control access to the object. You can use WMI to discover or change who has access to these objects by getting or setting the security descriptor associated with the object.

However, different methods may obtain security descriptors in a binary byte array, Security Descriptor Definition Language (SDDL) format, or as an instance of Win32_SecurityDescriptor. The binary byte array form of a security descriptor should not be manipulated except by the C++ methods designed for Security Descriptor Operations. Descriptors in SDDL are in strings, but still awkward to manipulate. The easiest format to manipulate is Win32_SecurityDescriptor because it contains embedded objects for trustee, ACE, and SID. For more information about the structure of security descriptors in WMI, see WMI Security Descriptor Objects.

Changing Access Security on Securable Objects explains how to manipulate security descriptors.

WMI Security Descriptor Objects

Access to WMI Namespaces

Changing Access Security on Securable Objects