Home Library Learn Samples Downloads Support Community Forums
MSDN Library
Windows Desktop App Development
Develop
Server and System Technologies
System Administration
Windows Management Instrumentation
WMI Reference
WMI Classes
Win32 Classes
Computer System Hardware Classes
Installed Applications Classes
Operating System Classes
Performance Counter Classes
Security Descriptor Helper Class
WMI Service Management Classes
Win32_1394Controller
Win32_1394ControllerDevice
Win32_Account
Win32_AccountSID
Win32_ACE
Win32_ActionCheck
Win32_ActiveRoute
Win32_AllocatedResource
Win32_ApplicationCommandLine
Win32_ApplicationService
Win32_AssociatedBattery
Win32_AssociatedProcessorMemory
Win32_AutochkSetting
Win32_BaseBoard
Win32_BaseService
Win32_Battery
Win32_Binary
Win32_BindImageAction
Win32_BIOS
Win32_BootConfiguration
Win32_Bus
Win32_CacheMemory
Win32_CDROMDrive
Win32_CheckCheck
Win32_CIMLogicalDeviceCIMDataFile
Win32_ClassicCOMApplicationClasses
Win32_ClassicCOMClass
Win32_ClassicCOMClassSetting
Win32_ClassicCOMClassSettings
Win32_ClassInfoAction
Win32_ClientApplicationSetting
Win32_CodecFile
Win32_CollectionStatistics
Win32_COMApplication
Win32_COMApplicationClasses
Win32_COMApplicationSettings
Win32_COMClass
Win32_ComClassAutoEmulator
Win32_ComClassEmulator
Win32_CommandLineAccess
Win32_ComponentCategory
Win32_ComputerShutdownEvent
Win32_ComputerSystem
Win32_ComputerSystemEvent
Win32_ComputerSystemProcessor
Win32_ComputerSystemProduct
Win32_ComputerSystemWindowsProductActivationSetting
Win32_COMSetting
Win32_Condition
Win32_ConnectionShare
Win32_ControllerHasHub
Win32_CreateFolderAction
Win32_CurrentProbe
Win32_CurrentTime
Win32_DCOMApplication
Win32_DCOMApplicationAccessAllowedSetting
Win32_DCOMApplicationLaunchAllowedSetting
Win32_DCOMApplicationSetting
Win32_DefragAnalysis
Win32_DependentService
Win32_Desktop
Win32_DesktopMonitor
Win32_DeviceBus
Win32_DeviceChangeEvent
Win32_DeviceMemoryAddress
Win32_DeviceSettings
Win32_DFSNode
Win32_DFSNodeTarget
Win32_DFSTarget
Win32_Directory
Win32_DirectorySpecification
Win32_DiskDrive
Win32_DiskDrivePhysicalMedia
Win32_DiskDriveToDiskPartition
Win32_DiskPartition
Win32_DiskQuota
Win32_DisplayConfiguration
Win32_DisplayControllerConfiguration
Win32_DMAChannel
Win32_DriverForDevice
Win32_DriverVXD
Win32_DuplicateFileAction
Win32_Environment
Win32_EnvironmentSpecification
Win32_ExtensionInfoAction
Win32_Fan
Win32_FileSpecification
Win32_FloppyController
Win32_FloppyDrive
Win32_FontInfoAction
Win32_Group
Win32_GroupInDomain
Win32_GroupUser
Win32_HeatPipe
Win32_IDEController
Win32_IDEControllerDevice
Win32_ImplementedCategory
Win32_InfraredDevice
Win32_IniFileSpecification
Win32_InstalledSoftwareElement
Win32_IP4PersistedRouteTable
Win32_IP4RouteTable
Win32_IP4RouteTableEvent
Win32_IRQResource
Win32_JobObjectStatus
Win32_Keyboard
Win32_LaunchCondition
Win32_LoadOrderGroup
Win32_LoadOrderGroupServiceDependencies
Win32_LoadOrderGroupServiceMembers
Win32_LocalTime
Win32_LoggedOnUser
Win32_LogicalDisk
Win32_LogicalDiskRootDirectory
Win32_LogicalDiskToPartition
Win32_LogicalFileAccess
Win32_LogicalFileAuditing
Win32_LogicalFileGroup
Win32_LogicalFileOwner
Win32_LogicalFileSecuritySetting
Win32_LogicalMemoryConfiguration
Win32_LogicalProgramGroup
Win32_LogicalProgramGroupDirectory
Win32_LogicalProgramGroupItem
Win32_LogicalProgramGroupItemDataFile
Win32_LogicalShareAccess
Win32_LogicalShareAuditing
Win32_LogicalShareSecuritySetting
Win32_LogonSession
Win32_LogonSessionMappedDisk
Win32_LUID
Win32_LUIDandAttributes
Win32_ManagedSystemElementResource
Win32_MappedLogicalDisk
Win32_MemoryArray
Win32_MemoryArrayLocation
Win32_MemoryDevice
Win32_MemoryDeviceArray
Win32_MemoryDeviceLocation
Win32_MethodParameterClass
Win32_MIMEInfoAction
Win32_ModuleLoadTrace
Win32_ModuleTrace
Win32_MotherboardDevice
Win32_MountPoint
Win32_MoveFileAction
Win32_MSIResource
Win32_NamedJobObject
Win32_NamedJobObjectActgInfo
Win32_NamedJobObjectLimit
Win32_NamedJobObjectLimitSetting
Win32_NamedJobObjectProcess
Win32_NamedJobObjectSecLimit
Win32_NamedJobObjectSecLimitSetting
Win32_NamedJobObjectStatistics
Win32_NetworkAdapter
Win32_NetworkAdapterConfiguration
Win32_NetworkAdapterSetting
Win32_NetworkClient
Win32_NetworkConnection
Win32_NetworkLoginProfile
Win32_NetworkProtocol
Win32_NTDomain
Win32_NTEventlogFile
Win32_NTLogEvent
Win32_NTLogEventComputer
Win32_NTLogEventLog
Win32_NTLogEventUser
Win32_ODBCAttribute
Win32_ODBCDataSourceAttribute
Win32_ODBCDataSourceSpecification
Win32_ODBCDriverAttribute
Win32_ODBCDriverSoftwareElement
Win32_ODBCDriverSpecification
Win32_ODBCSourceAttribute
Win32_ODBCTranslatorSpecification
Win32_OnBoardDevice
Win32_OperatingSystem
Win32_OperatingSystemAutochkSetting
Win32_OperatingSystemQFE
Win32_OptionalFeature
Win32_OSRecoveryConfiguration
Win32_PageFile
Win32_PageFileElementSetting
Win32_PageFileSetting
Win32_PageFileUsage
Win32_ParallelPort
Win32_Patch
Win32_PatchFile
Win32_PatchPackage
Win32_PCMCIAController
Win32_Perf
Win32_PerfFormattedData
Win32_PerfFormattedData_ASP_ActiveServerPages
Win32_PerfFormattedData_ContentFilter_IndexingServiceFilter
Win32_PerfFormattedData_ContentIndex_IndexingService
Win32_PerfFormattedData_InetInfo_InternetInformationServicesGlobal
Win32_PerfFormattedData_ISAPISearch_HttpIndexingService
Win32_PerfFormattedData_MSDTC_DistributedTransactionCoordinator
Win32_PerfFormattedData_NTFSDRV_SMTPNTFSStoreDriver
Win32_PerfFormattedData_PerfDisk_LogicalDisk
Win32_PerfFormattedData_PerfDisk_PhysicalDisk
Win32_PerfFormattedData_PerfNet_Browser
Win32_PerfFormattedData_PerfNet_Redirector
Win32_PerfFormattedData_PerfNet_Server
Win32_PerfFormattedData_PerfNet_ServerWorkQueues
Win32_PerfFormattedData_PerfOS_Cache
Win32_PerfFormattedData_PerfOS_Memory
Win32_PerfFormattedData_PerfOS_Objects
Win32_PerfFormattedData_PerfOS_PagingFile
Win32_PerfFormattedData_PerfOS_Processor
Win32_PerfFormattedData_PerfOS_System
Win32_PerfFormattedData_PerfProc_FullImage_Costly
Win32_PerfFormattedData_PerfProc_Image_Costly
Win32_PerfFormattedData_PerfProc_JobObject
Win32_PerfFormattedData_PerfProc_JobObjectDetails
Win32_PerfFormattedData_PerfProc_Process
Win32_PerfFormattedData_PerfProc_ProcessAddressSpace_Costly
Win32_PerfFormattedData_PerfProc_Thread
Win32_PerfFormattedData_PerfProc_ThreadDetails_Costly
Win32_PerfFormattedData_PSched_PSchedFlow
Win32_PerfFormattedData_PSched_PSchedPipe
Win32_PerfFormattedData_RemoteAccess_RASPort
Win32_PerfFormattedData_RemoteAccess_RASTotal
Win32_PerfFormattedData_RSVP_ACSRSVPInterfaces
Win32_PerfFormattedData_RSVP_ACSRSVPService
Win32_PerfFormattedData_SMTPSVC_SMTPServer
Win32_PerfFormattedData_Spooler_PrintQueue
Win32_PerfFormattedData_TapiSrv_Telephony
Win32_PerfFormattedData_Tcpip_ICMP
Win32_PerfFormattedData_Tcpip_IP
Win32_PerfFormattedData_Tcpip_NBTConnection
Win32_PerfFormattedData_Tcpip_NetworkInterface
Win32_PerfFormattedData_Tcpip_TCP
Win32_PerfFormattedData_Tcpip_UDP
Win32_PerfFormattedData_TermService_TerminalServices
Win32_PerfFormattedData_TermService_TerminalServicesSession
Win32_PerfFormattedData_W3SVC_WebService
Win32_PerfRawData
Win32_PerfRawData_ASP_ActiveServerPages
Win32_PerfRawData_ContentFilter_IndexingServiceFilter
Win32_PerfRawData_ContentIndex_IndexingService
Win32_PerfRawData_InetInfo_InternetInformationServicesGlobal
Win32_PerfRawData_ISAPISearch_HttpIndexingService
Win32_PerfRawData_MSDTC_DistributedTransactionCoordinator
Win32_PerfRawData_NTFSDRV_SMTPNTFSStoreDriver
Win32_PerfRawData_PerfDisk_LogicalDisk
Win32_PerfRawData_PerfDisk_PhysicalDisk
Win32_PerfRawData_PerfNet_Browser
Win32_PerfRawData_PerfNet_Redirector
Win32_PerfRawData_PerfNet_Server
Win32_PerfRawData_PerfNet_ServerWorkQueues
Win32_PerfRawData_PerfOS_Cache
Win32_PerfRawData_PerfOS_Memory
Win32_PerfRawData_PerfOS_Objects
Win32_PerfRawData_PerfOS_PagingFile
Win32_PerfRawData_PerfOS_Processor
Win32_PerfRawData_PerfOS_System
Win32_PerfRawData_PerfProc_FullImage_Costly
Win32_PerfRawData_PerfProc_Image_Costly
Win32_PerfRawData_PerfProc_JobObject
Win32_PerfRawData_PerfProc_JobObjectDetails
Win32_PerfRawData_PerfProc_Process
Win32_PerfRawData_PerfProc_ProcessAddressSpace_Costly
Win32_PerfRawData_PerfProc_Thread
Win32_PerfRawData_PerfProc_ThreadDetails_Costly
Win32_PerfRawData_PSched_PSchedFlow
Win32_PerfRawData_PSched_PSchedPipe
Win32_PerfRawData_RemoteAccess_RASPort
Win32_PerfRawData_RemoteAccess_RASTotal
Win32_PerfRawData_RSVP_ACSRSVPInterfaces
Win32_PerfRawData_RSVP_ACSRSVPService
Win32_PerfRawData_SMTPSVC_SMTPServer
Win32_PerfRawData_Spooler_PrintQueue
Win32_PerfRawData_TapiSrv_Telephony
Win32_PerfRawData_Tcpip_ICMP
Win32_PerfRawData_Tcpip_IP
Win32_PerfRawData_Tcpip_NBTConnection
Win32_PerfRawData_Tcpip_NetworkInterface
Win32_PerfRawData_Tcpip_TCP
Win32_PerfRawData_Tcpip_UDP
Win32_PerfRawData_TermService_TerminalServices
Win32_PerfRawData_TermService_TerminalServicesSession
Win32_PerfRawData_W3SVC_WebService
Win32_PhysicalMedia
Win32_PhysicalMemory
Win32_PhysicalMemoryArray
Win32_PhysicalMemoryLocation
Win32_PingStatus
Win32_PnPAllocatedResource
Win32_PnPDevice
Win32_PnPEntity
Win32_PnPSignedDriver
Win32_PnPSignedDriverCIMDataFile
Win32_PointingDevice
Win32_PortableBattery
Win32_PortConnector
Win32_PortResource
Win32_POTSModem
Win32_POTSModemToSerialPort
Win32_PowerManagementEvent
Win32_Printer
Win32_PrinterConfiguration
Win32_PrinterController
Win32_PrinterDriver
Win32_PrinterDriverDll
Win32_PrinterSetting
Win32_PrinterShare
Win32_PrintJob
Win32_PrivilegesStatus
Win32_Process
Win32_Processor
Win32_ProcessStartTrace
Win32_ProcessStartup
Win32_ProcessStopTrace
Win32_ProcessTrace
Win32_Product
Win32_ProductCheck
Win32_ProductResource
Win32_ProductSoftwareFeatures
Win32_ProgIDSpecification
Win32_ProgramGroup
Win32_ProgramGroupContents
Win32_ProgramGroupOrItem
Win32_Property
Win32_ProtocolBinding
Win32_Proxy
Win32_PublishComponentAction
Win32_QuickFixEngineering
Win32_QuotaSetting
Win32_Refrigeration
Win32_Registry
Win32_RegistryAction
Win32_ReliabilityRecords
Win32_ReliabilityStabilityMetrics
Win32_RemoveFileAction
Win32_RemoveIniAction
Win32_ReserveCost
Win32_ScheduledJob
Win32_SCSIController
Win32_SCSIControllerDevice
Win32_SecurityDescriptor
Win32_SecurityDescriptorHelper
Win32_SecuritySetting
Win32_SecuritySettingAccess
Win32_SecuritySettingAuditing
Win32_SecuritySettingGroup
Win32_SecuritySettingOfLogicalFile
Win32_SecuritySettingOfLogicalShare
Win32_SecuritySettingOfObject
Win32_SecuritySettingOwner
Win32_SelfRegModuleAction
Win32_SerialPort
Win32_SerialPortConfiguration
Win32_SerialPortSetting
Win32_ServerConnection
Win32_ServerFeature
Win32_ServerSession
Win32_Service
Win32_ServiceControl
Win32_ServiceSpecification
Win32_ServiceSpecificationService
Win32_Session
Win32_SessionConnection
Win32_SessionProcess
Win32_SettingCheck
Win32_ShadowBy
Win32_ShadowContext
Win32_ShadowCopy
Win32_ShadowDiffVolumeSupport
Win32_ShadowFor
Win32_ShadowOn
Win32_ShadowProvider
Win32_ShadowStorage
Win32_ShadowVolumeSupport
Win32_Share
Win32_ShareToDirectory
Win32_ShortcutAction
Win32_ShortcutFile
Win32_ShortcutSAP
Win32_SID
Win32_SIDandAttributes
Win32_SMBIOSMemory
Win32_SoftwareElement
Win32_SoftwareElementAction
Win32_SoftwareElementCheck
Win32_SoftwareElementCondition
Win32_SoftwareElementResource
Win32_SoftwareFeature
Win32_SoftwareFeatureAction
Win32_SoftwareFeatureCheck
Win32_SoftwareFeatureParent
Win32_SoftwareFeatureSoftwareElements
Win32_SoundDevice
Win32_StartupCommand
Win32_SubDirectory
Win32_SystemAccount
Win32_SystemBIOS
Win32_SystemBootConfiguration
Win32_SystemConfigurationChangeEvent
Win32_SystemDesktop
Win32_SystemDevices
Win32_SystemDriver
Win32_SystemDriverPnPEntity
Win32_SystemEnclosure
Win32_SystemLoadOrderGroups
Win32_SystemLogicalMemoryConfiguration
Win32_SystemMemoryResource
Win32_SystemNetworkConnections
Win32_SystemOperatingSystem
Win32_SystemPartitions
Win32_SystemProcesses
Win32_SystemProgramGroups
Win32_SystemResources
Win32_SystemServices
Win32_SystemSetting
Win32_SystemSlot
Win32_SystemSystemDriver
Win32_SystemTimeZone
Win32_SystemTrace
Win32_SystemUsers
Win32_TapeDrive
Win32_TCPIPPrinterPort
Win32_TemperatureProbe
Win32_Thread
Win32_ThreadStartTrace
Win32_ThreadStopTrace
Win32_ThreadTrace
Win32_TimeZone
Win32_TokenGroups
Win32_TokenPrivileges
Win32_Trustee
Win32_TypeLibraryAction
Win32_UninterruptiblePowerSupply
Win32_USBController
Win32_USBControllerDevice
Win32_USBHub
Win32_UserAccount
Win32_UserDesktop
Win32_UserInDomain
Win32_UserProfile
Win32_UTCTime
Win32_VideoConfiguration
Win32_VideoController
Win32_VideoSettings
Win32_VoltageProbe
Win32_Volume
Win32_VolumeChangeEvent
Win32_VolumeQuota
Win32_VolumeQuotaSetting
Win32_VolumeUserQuota
Win32_WindowsProductActivation
Win32_WMIElementSetting
Win32_WMISetting
Expand Minimize
2 out of 6 rated this helpful - Rate this topic

Win32_ACE class

The Win32_ACE abstract WMI class specifies an access control entry (ACE). An ACE grants permission to execute a restricted operation, such as writing to a file or formatting a disk. An ACE that is specific to WMI allows logon, remote access, method execution, and writing to the WMI repository.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties are listed in alphabetic order, not MOF order.

Inheritance

Windows Server 2003, Windows XP, Windows 2000, Windows XP, and Windows NT 4.0:  Inherits from Win32_MethodParameterClass.

Syntax

Copy 
class Win32_ACE : __ACE
{
  uint32        AccessMask;
  uint32        AceFlags;
  uint32        AceType;
  string        GuidInheritedObjectType;
  string        GuidObjectType;
  Win32_Trustee Trustee;
};

Members

The Win32_ACE class has these types of members:

Properties

The Win32_ACE class has these properties.

AccessMask
Data type: uint32
Access type: Read/write
Qualifiers: WritePrivileges(SeSecurityPrivilege, SeRestorePrivilege)

Bit flags that indicate rights granted or denied to the trustee. For more information, see the Remarks section of this topic.

ValueMeaning
FILE_READ_DATA (file) or FILE_LIST_DIRECTORY (directory)
1 (0x1)

Grants the right to read data from the file. For a directory, this value grants the right to list the contents of the directory.

FILE_WRITE_DATA (file) or FILE_ADD_FILE (directory)
2 (0x2)

Grants the right to write data to the file. For a directory, this value grants the right to create a file in the directory.

FILE_APPEND_DATA (file) or FILE_ADD_SUBDIRECTORY (directory)
4 (0x4)

Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.

FILE_READ_EA
8 (0x8)

Grants the right to read extended attributes.

FILE_WRITE_EA
16 (0x10)

Grants the right to write extended attributes.

FILE_EXECUTE (file) or FILE_TRAVERSE (directory)
32 (0x20)

Grants the right to execute a file. For a directory, the directory can be traversed.

FILE_DELETE_CHILD
64 (0x40)

Grants the right to delete a directory and all the files it contains (its children), even if the files are read-only.

FILE_READ_ATTRIBUTES
128 (0x80)

Grants the right to read file attributes.

FILE_WRITE_ATTRIBUTES
256 (0x100)

Grants the right to change file attributes.

DELETE
65536 (0x10000)

Grants delete access.

READ_CONTROL
131072 (0x20000)

Grants read access to the security descriptor and owner.

WRITE_DAC
262144 (0x40000)

Grants write access to the discretionary access control list (ACL).

WRITE_OWNER
524288 (0x80000)

Assigns the write owner.

SYNCHRONIZE
1048576 (0x100000)

Synchronizes access and allows a process to wait for an object to enter the signaled state.

 

AceFlags
Data type: uint32
Access type: Read/write
Qualifiers: WritePrivileges(SeSecurityPrivilege, SeRestorePrivilege)

Bit flags that specify inheritance of the ACE. The following table lists the relevant permission values for AceFlags.

PermissionMeaning
OBJECT_INHERIT_ACE
1 (0x1)

Noncontainer child objects inherit the ACE as an effective ACE.

For child objects that are containers, the ACE is inherited as an inherit-only ACE unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.

CONTAINER_INHERIT_ACE
2 (0x2)

Child objects that are containers, such as directories, inherit the ACE as an effective ACE. The inherited ACE is inheritable unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.

NO_PROPAGATE_INHERIT_ACE
4 (0x4)

If the ACE is inherited by a child object, the system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the inherited ACE. This prevents the ACE from being inherited by subsequent generations of objects.

INHERIT_ONLY_ACE
8 (0x8)

Indicates an inherit-only ACE which does not control access to the object to which it is attached. If this flag is not set, the ACE is an effective ACE which controls access to the object to which it is attached.

Both effective and inherit-only ACEs can be inherited depending on the state of the other inheritance flags.

INHERITED_ACE
16 (0x10)

The system sets this bit when it propagates an inherited ACE to a child object.

 

The following table lists two possible values for AceFlags that pertain only to an ACE contained within a system access control list (SACL).

PermissionMeaning
SUCCESSFUL_ACCESS_ACE_FLAG
64 (0x40)

Used with system-audit ACEs in an SACL to generate audit messages for successful access attempts.

FAILED_ACCESS_ACE_FLAG
128 (0x80)

Used with system-audit ACEs in an SACL to generate audit messages for failed access attempts.

 

AceType
Data type: uint32
Access type: Read/write
Qualifiers: WritePrivileges(SeSecurityPrivilege, SeRestorePrivilege)

Type of ACE.

ValueMeaning
0

Access Allowed

1

Access Denied

2

Audit

 

GuidInheritedObjectType
Data type: string
Access type: Read/write
Qualifiers: WritePrivileges(SeSecurityPrivilege, SeRestorePrivilege)

Globally unique identifier (GUID) associated with the parent of the object to which these rights apply.

Windows Server 2003, Windows XP, Windows 2000, and Windows NT 4.0:  This property is not available.
GuidObjectType
Data type: string
Access type: Read/write
Qualifiers: WritePrivileges(SeSecurityPrivilege, SeRestorePrivilege)

GUID associated with the type of object to which these rights apply.

Windows Server 2003, Windows XP, Windows 2000, and Windows NT 4.0:  This property is not available.
Trustee
Data type: Win32_Trustee
Access type: Read/write
Qualifiers: WritePrivileges(SeSecurityPrivilege, SeRestorePrivilege)

Object representing the user account, group account, or logon session to which an ACE applies.

Remarks

The Win32_ACE class is derived from Win32_MethodParameterClass.

In the AccessMask property, the values of the individual rights are added together to form the value. For example, to grant the access permissions FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA and FILE_WRITE_EA you add the associated values 256, 16, and 8. In this example, the value of AccessMask is 280.

Some values have different meanings depending on whether the AccessMask property is associated with a file or a directory. For example, when working with a file, the value 4 means FILE_APPEND_DATA or the right to add data to the file. The same value that is associated with a directory, means FILE_ADD_SUBDIRECTORY and grants the right to create a subdirectory.

Examples

For script code examples, see WMI Tasks for Scripts and Applications and the TechNet ScriptCenter Script Repository.

For C++ code examples, see WMI C++ Application Examples.

Requirements

Minimum supported client

Windows 2000 Professional [desktop apps only]

Minimum supported server

Windows 2000 Server [desktop apps only]

Namespace

\root\CIMV2

MOF
Secrcw32.mof

DLL
Cimwin32.dll

See also

Operating System Classes
WMI Security Descriptor Objects
Win32_SecurityDescriptor
Maintaining WMI Security
Changing Access Security on Securable Objects

 

 

Send comments about this topic to Microsoft

Build date: 11/19/2012

Did you find this helpful?
(1500 characters remaining)

Community Additions

ADD
© 2013 Microsoft. All rights reserved.