Jim - here's the code I was playing with last night. Basically trying to create an "blank" instance of Win32_SecurityDescriptor and passing that to the function. You can tell that an object was indeed created. And when one queries the ControlFlags property it returns success (but I guess since its not a real instance of a security descriptor (ie a blank one) that no flags are present. If you substitute a bad property name, you do get an error - so definitetly talking to a real object here. But the passing out from GetSecurityDescriptor still doesn't work. tbh - don't think OUT parms work this way. If this was an IN/OUT parm it would probably work.
Code:
Break On
$wmiFileSecSetting = GetObject ("winmgmts:Win32_LogicalFileSecuritySetting.path='c:\\temp'")
$wmiSecurityDescriptor = GetObject ("winmgmts:Win32_SecurityDescriptor")
?"GetObject = " + @SERROR
if $wmiSecurityDescriptor
? "ControlFlags=" + $wmiSecurityDescriptor.ControlFlags
? "QueryControlFlags = " + @SERROR
endif
$= $wmiFileSecSetting.GetSecurityDescriptor( $wmiSecurityDescriptor )
? "GetSecurityDescriptor = " + @SERROR
