When reading the WMI class Win32_LogicalFileSecuritySetting the SACL property is null
When you try and read the NTFS audit permissions of a file or folder using WMI with the class Win32_LogicalFileSecuritySetting the SACL property is null. This can be because the user executing the command doesn't have the SeSecurityPrivilege. PowerShell The following command will work correctly with PowerShell as long as the user running the command has the SeSecurityPrivilege - with UAC enable PowerShell will need to be run elevated by right clicking PowerShell and selecting Run as Administrator. $securitySetting = Get-CimInstance -ClassName "Win32_LogicalFileSecuritySetting" -Filter "Path='c:\\temp'"; $securityDescriptor = Invoke-CimMethod -InputObject $securitySetting -MethodName "GetSecurityDescriptor"; $securityDescriptor.Descriptor.SACL; Wbemtest When using the WBEMTEST utility you'll need to make sure you are running as an Administrator and also tick Enable all privileges checkbox. C#.NET When using C#.NET and the WMI classes in Syst...