Introduction
When I try to operate WMI namespace security, I find that there are several script solutions that depend on the APIs
GetSecurityDescriptor
and
SetSecurityDescriptor . These two APIs are not available on Windows NT/2000/XP/2003.
And I found a C# solution at
CodeProject, but it still depends
on the .NET Framework, and cannot be used on a fresh XP environment.
So I decided to write a program to operate WMI Namespace Security with Windows Native APIs which are supported on Windows 2000/XP/2003/2008/7.
Then I found there's lack of material about this topic, so I decided to write this article~~~
About the code
The code is easy to read and understand. It's a little tricky to invoke the methods of
the system class of __SystemSecurity in the WMI namespace. We have
to use GetMethod and ExecMethod to invoke the GetSD/SetSD APIs.
Here is the code sequence to invoke APIs in __SystemSecurity:
hres = pSvc->GetObject(ClassPath, 0, NULL, &pClass, NULL);
hres = pClass->GetMethod(methodGetSD, 0, &pGetSD_InClass, &pGetSD_OutClass);
hres = pSvc->ExecMethod(ClassPath, methodGetSD, 0, NULL, pGetSD_InClass, &pGetSD_OutInst, NULL);
hres = pGetSD_OutInst->Get(L"SD", 0, &varRes, NULL, 0);
...
And the usage of the program is takes reference from the C# sample,
thanks to J_Madden.
C:\> WmiSecurity.exe -n ROOT\CIMv2 -u DOMAIN\My_Account -s REMOTEACCESS -r
Currently I have only implemented the connector to the local machine, but a WMI remote connector is not a difficult task~~~
