{"id":13061,"date":"2011-08-09T00:01:00","date_gmt":"2011-08-09T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2011\/08\/09\/use-powershell-to-convert-sddl-to-binary-format\/"},"modified":"2011-08-09T00:01:00","modified_gmt":"2011-08-09T00:01:00","slug":"use-powershell-to-convert-sddl-to-binary-format","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/use-powershell-to-convert-sddl-to-binary-format\/","title":{"rendered":"Use PowerShell to Convert SDDL to Binary Format"},"content":{"rendered":"<p><strong>Summary<\/strong>: Learn how to use Windows PowerShell to convert security descriptors to different formats.<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" title=\"Hey, Scripting Guy! Question\" border=\"0\" alt=\"Hey, Scripting Guy! Question\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" width=\"34\" height=\"34\" \/>Hey, Scripting Guy! I was reading through a listing of WMI methods recently, and I ran across a WMI class that looks interesting&mdash;<b>Win32_SecurityDescriptorHelper<\/b>. I think it will help me, because it seems like every security utility wants a different type of security token. But I am not sure how to use this thing; all I get are errors. Does this even work? Any help on your end?<\/p>\n<p>&mdash;SH<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" title=\"Hey, Scripting Guy! Answer\" border=\"0\" alt=\"Hey, Scripting Guy! Answer\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" width=\"34\" height=\"34\" \/>Hello SH,<\/p>\n<p>Microsoft Scripting Guy Ed Wilson here. Tonight is the big night. They say everything is big in Texas, so let&rsquo;s fill up the conference center for <a href=\"http:\/\/powershellgroup.org\/corpus.tx\">the inaugural meeting of the Corpus Christi PowerShell User group (south Texas)<\/a>. The Scripting Wife and I will be on hand for the event, and I have a really cool presentation planned.<\/p>\n<p><b>Note<\/b>&nbsp; &nbsp;Four articles talk about producing a usable listing of WMI methods and properties:<\/p>\n<ul>\n<li><a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/2011\/03\/10\/use-powershell-to-find-wmi-classes-that-contain-methods.aspx\">Use PowerShell to Find WMI Classes That Contain Methods<\/a><\/li>\n<li><a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/2011\/03\/11\/use-powershell-to-find-writable-wmi-properties.aspx\">Use PowerShell to Find Writable WMI Properties<\/a><\/li>\n<li><a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/2011\/03\/12\/explore-wmi-methods-and-properties-via-powershell-script.aspx\">Explore WMI Methods and Properties Via PowerShell Script<\/a><\/li>\n<li><a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/2011\/03\/13\/get-all-methods-and-writable-properties-from-all-wmi-classes.aspx\">Get All Methods and Writable Properties from All WMI Classes<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>When working with WMI and Windows PowerShell, it is common to think about using the <b>Get-WmiObject<\/b> cmdlet. Unfortunately, when using the <b>Get-WmiObject<\/b> cmdlet with the <b>Win32_SecurityDescriptorHelper<\/b> class, nothing happens. When I attempt to pipe the results to <b>Get-Member<\/b>, an error is produced. The two commands are shown here (<b>gwmi<\/b> is an alias for <b>Get-WmiObject<\/b>, and <b>gm<\/b> is an alias for <b>Get-Member<\/b>):<\/p>\n<p style=\"padding-left: 30px\">gwmi win32_SecurityDescriptorHelper #no output<\/p>\n<p style=\"padding-left: 30px\">gwmi win32_SecurityDescriptorHelper | gm #generates an error<\/p>\n<p>The commands and associated output are shown here.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/4705.HSG-8-9-11-01.png\"><img decoding=\"async\" style=\"border: 0px\" title=\"Image of commands and associated output\" alt=\"Image of commands and associated output\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/4705.HSG-8-9-11-01.png\" \/><\/a><\/p>\n<p>Now, I remember the discussion from <a href=\"http:\/\/blogs.technet.com\/b\/heyscriptingguy\/archive\/2011\/08\/08\/learn-four-ways-to-kill-a-process-using-powershell-and-wmi.aspx\">yesterday&rsquo;s blog post<\/a> about calling WMI methods that there are both instance methods and static methods.<\/p>\n<p>Therefore, I will use the <b>Get-Member<\/b> cmdlet and choose static members. I wonder what will happen then? I therefore use <b>Get-WmiObject<\/b> and this time request static members from <b>Get-Member<\/b>. The command is shown here (<b>gwmi<\/b> is an alias for <b>Get-WmiObject<\/b>, and <b>gm<\/b> is an alias for <b>Get-Member<\/b>):<\/p>\n<p style=\"padding-left: 30px\">gwmi win32_SecurityDescriptorHelper | gm &ndash;Static<\/p>\n<p>The command and associated output appear here.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/6254.HSG-8-9-11-02.png\"><img decoding=\"async\" style=\"border: 0px\" title=\"Image of commands and associated output\" alt=\"Image of command and associated output\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/6254.HSG-8-9-11-02.png\" \/><\/a><\/p>\n<p>Maybe this is not so strange. For example, nothing came back when I used <b>Get-WmiObject Win32_SecurityDescriptorHelper<\/b> So maybe <b>Get-Member<\/b> is not lying to me, and maybe there really is nothing with which to work. I look up the <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/aa394403(VS.85).aspx\">Win32_SecurityDescriptorHelper class on MSDN<\/a>, but unfortunately, the page has very little information that is useful and no examples of using the class.<\/p>\n<p>Next, I decide to look up the class in the Windows Management Instrumentation Tester (WbemTest). From WbemTest, I see that the <b>Win32_SecurityDescriptorHelper<\/b> is a dynamic class, and I see that there are many methods available from the class. This is shown in the following figure.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/4174.HSG-8-9-11-03.png\"><img decoding=\"async\" style=\"border: 0px\" title=\"Image of Win32_SecurityDescriptorHelper being dynamic class with many methods\" alt=\"Image of Win32_SecurityDescriptorHelper being dynamic class with many methods \" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/4174.HSG-8-9-11-03.png\" \/><\/a><\/p>\n<p>When I click the Instances<i> <\/i>button (sixth button from top on right side), I see that there are no instances available. I then click the Show MOF<i> <\/i>button (third button from top on right side), and I see that all methods are implemented. A method will only work if it is marked as implemented. For example, the <b>Win32_Processor<\/b> WMI class has two methods listed: <b>Reset<\/b> and <b>SetPowerState<\/b>. Unfortunately, neither method is implemented and therefore they do not work (in the case of <b>Win32_Processor<\/b>, the methods are defined on the abstract class <b>CIM_LogicalDevice<\/b> and are inherited). The MOF description for the <b>Win32_SecurityDescriptorHelper<\/b> WMI class is shown in the following figure.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/8004.HSG-8-9-11-04.png\"><img decoding=\"async\" style=\"border: 0px\" title=\"Image of MOF description of Win32_SecurityDescriptorHelper\" alt=\"Image of MOF description of Win32_SecurityDescriptorHelper\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/8004.HSG-8-9-11-04.png\" \/><\/a><\/p>\n<p>I also notice that each method is static. From yesterday&rsquo;s article, I remember that static methods do use an instance of the WMI class. This is why the <b>Get-WmiObject<\/b> command does not work with <b>Win32_SecurityDescriptorHelper<\/b> because <b>Get-WmiObject<\/b> returns instances of the class. With this WMI class, there are no instances.<\/p>\n<p>Perhaps the easiest way to work with the static WMI method is to use the <b>[wmiclass]<\/b> type accelerator. The <b>SDDLToBinarySD<\/b> method will translate a Security Descriptor Definition Language (SDDL) string into a binary byte array security descriptor (binary SD) format. The best way to talk about this technique is to walk through an example of converting an SDDL to a binary SD. First, I need to obtain an SDDL; I can do that by using the <b>Get-Acl<\/b> cmdlet. The first thing I do is give the <b>Get-Acl<\/b> the path to a file on my computer. I store the resulting object in the <b>$acl<\/b> variable. Next, I examine the SDDL associated with the file, by querying the <b>SDDL<\/b> property. These two lines of code are shown here:<\/p>\n<p style=\"padding-left: 30px\">$acl = Get-Acl C:\\fso\\BackupLog.txt<\/p>\n<p style=\"padding-left: 30px\">$acl.Sddl<\/p>\n<p>The two commands and their associated output are shown here.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/7652.HSG-8-9-11-05.png\"><img decoding=\"async\" style=\"border: 0px\" title=\"Image of two commands and associated output\" alt=\"Image of two commands and associated output\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/7652.HSG-8-9-11-05.png\" \/><\/a><\/p>\n<p>To convert the SDDL to binary SD format, I use the <b>[wmiclass]<\/b> type accelerator and call the method directly while supplying a SDDL to the <b>SDDLToBinarySD<\/b> method. The syntax for the command is shown here:<\/p>\n<p style=\"padding-left: 30px\">([wmiclass]&#8221;Win32_SecurityDescriptorHelper&#8221;).SDDLToBinarySD($acl.Sddl)<\/p>\n<p>&nbsp;<\/p>\n<p>One thing that is a bit confusing is that in Windows PowerShell, generally double colons are required to call a static method. For example, to obtain the sine of a 45-degree angle, I use the <b>sin<\/b> static method from the math class:<\/p>\n<p style=\"padding-left: 30px\">[math]::sin(45)<\/p>\n<p>But here in WMI, there appears to be no difference between calling a static method and calling an instance method. The command to convert the SDDL to binary SD and the default output are shown in the following figure.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/3426.HSG-8-9-11-06.png\"><img decoding=\"async\" style=\"border: 0px\" title=\"Image of command to convert SDDL to binary SD, and default ouput\" alt=\"Image of command to convert SDDL to binary SD, and default ouput\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/3426.HSG-8-9-11-06.png\" \/><\/a><\/p>\n<p>All the methods return both the <b>returnvalue<\/b> property that provides the status of the command and the specific output for the converted security descriptor. To retrieve only the BinarySD output, I can add that to the end of the method call. The syntax of this command is shown here:<\/p>\n<p style=\"padding-left: 30px\">&nbsp;([wmiclass]&#8221;Win32_SecurityDescriptorHelper&#8221;).SDDLToBinarySD($acl.Sddl).BinarySD<\/p>\n<p>&nbsp;<\/p>\n<p>One of the cool things that I can do with the static methods from the <b>Win32_SecurityDescriptorHelper<\/b> class is to convert a SDDL security descriptor into an instance of the <b>Win32_SecurityDescriptor<\/b> WMI class. The <b>Win32_SecurityDescriptor<\/b> WMI class is often used to provide security for various resources. For example, if I create a new share and I want to assign security to the new share, I will need to provide an instance of <b>Win32_SecurityDescriptor<\/b>. Using the <b>SDDLToWin32SD<\/b> method, I can use an SDDL to get the <b>Win32_SecurityDescriptor<\/b> I need. To illustrate using the <b>SDDLToWin32SD<\/b> method, I will use the <b>Invoke-WmiMethod<\/b> to perform the conversion. The following one-line command illustrates using the <b>Invoke-WMIMethod<\/b> cmdlet to call the <b>SDDLToWin32SD<\/b> method:<\/p>\n<p style=\"padding-left: 30px\">Invoke-WmiMethod -Class Win32_SecurityDescriptorHelper -Name SDDLToWin32SD -ArgumentList $acl.Sddl<\/p>\n<p>The following figure illustrates calling the method and shows the returned data. The data is contained in the <b>Descriptor<\/b> property.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/3240.HSG-8-9-11-07.png\"><img decoding=\"async\" style=\"border: 0px\" title=\"Image of calling the method and the returned data\" alt=\"Image of calling the method and the returned data\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/3240.HSG-8-9-11-07.png\" \/><\/a><\/p>\n<p>The other WMI methods from this class behave in a similar mechanism, and therefore will not be explored.<\/p>\n<p>&nbsp;<\/p>\n<p>SH, that is all there is to using static WMI methods. WMI Method Week will continue tomorrow when I will talk about using Windows PowerShell and WMI to terminate multiple processes. It is a really cool article. I think you will enjoy it. I literally create a hundred processes, and then terminate them.<\/p>\n<p>I invite you to follow me on <a href=\"http:\/\/bit.ly\/scriptingguystwitter\" target=\"_blank\">Twitter<\/a> and <a href=\"http:\/\/bit.ly\/scriptingguysfacebook\">Facebook<\/a>. If you have any questions, send email to me at <a href=\"mailto:scripter@microsoft.com\" target=\"_blank\">scripter@microsoft.com<\/a>, or post your questions on the <a href=\"http:\/\/bit.ly\/scriptingforum\" target=\"_blank\">Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n<p><b>Ed Wilson, Microsoft Scripting Guy<\/b><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: Learn how to use Windows PowerShell to convert security descriptors to different formats. &nbsp; Hey, Scripting Guy! I was reading through a listing of WMI methods recently, and I ran across a WMI class that looks interesting&mdash;Win32_SecurityDescriptorHelper. I think it will help me, because it seems like every security utility wants a different type [&hellip;]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[62,3,4,63,45,6],"class_list":["post-13061","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-dacls-and-sacls","tag-scripting-guy","tag-scripting-techniques","tag-security","tag-windows-powershell","tag-wmi"],"acf":[],"blog_post_summary":"<p>Summary: Learn how to use Windows PowerShell to convert security descriptors to different formats. &nbsp; Hey, Scripting Guy! I was reading through a listing of WMI methods recently, and I ran across a WMI class that looks interesting&mdash;Win32_SecurityDescriptorHelper. I think it will help me, because it seems like every security utility wants a different type [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/13061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=13061"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/13061\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=13061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=13061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=13061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}