Directory Services


The GetSecurityDescriptor method is used to get the security descriptor for a specified file, fileshare, or registry key object.

HRESULT GetSecurityDescriptor( 
  VARIANT varPath,
  LONG lPathFormat,
  LONG lFormat,
  VARIANT* pVariant


[in] The path of the resource to be secured. There are three types of varPath syntaxes supported.
Value Meaning
File A valid file path syntax. For example: "c:\specs\public\adxml.doc", "\\adsi\public\dsclient.exe".
File share A valid file path syntax for a file share. For example: "\\adsi\public".
Registry key A valid registry syntax. For example, "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs" or "HKLM\SOFTWARE\Microsoft\ADs".
[in] The format used by the object in the varPath parameter. There are three formats supported, as defined in ADS_PATHTYPE_ENUM: ADS_PATH_FILE, ADS_PATH_FILESHARE, and ADS_PATH_REGISTRY.
[in] The format for the security descriptor returned by varPath. The possible format is defined in ADS_SD_FORMAT_ENUM: ADS_SD_FORMAT_IID, ADS_SD_FORMAT_RAW, and ADS_SD_FORMAT_HEXSTRING.
[out] The returned security descriptor as specified in lFormat. If ADS_SD_FORMAT_IID is specified, the IID_IADsSecurityDescriptor will be returned. If ADS_SD_FORMAT_RAW is specified, the VT_I1 | VT_ARRAY will be returned. If ADS_SD_FORMAT_HEXSTRING is specified, the VT_BSTR will be returned.

Return Values

This method returns the standard return values, as well as the following.

For more information about other return values, see ADSI Error Codes.

Return Code Description
S_OK The method succeeded.

Example Code [Visual Basic]

The following code example shows how to get a security descriptor for a file.

Dim sd as IADsSecurityDescriptor
Dim sdUtil as New ADsSecurityUtility
Dim acl as IADsAccessControlList

On Error GoTo Cleanup

Set sd = sdUtil.GetSecurityDescriptor("c:\specs\adsixml.doc", ADS_PATH_FILE, ADS_SD_FORMAT_IID )
Set acl = secDesc.DiscretionaryAcl

	If (Err.Number<>0) Then
		MsgBox("An error has occurred. " & Err.Number)
	End If
	Set sd = Nothing
	Set sdUtil = Nothing
	Set acl = Nothing


Client: Included in Windows XP.
Server: Included in Windows Server 2003.
Header: Declared in Iads.h.

See Also

ADS_PATHTYPE_ENUM, ADS_SD_FORMAT_ENUM, IADsSecurityDescriptor, IADsSecurityUtility, SetSecurityDescriptor