Win32_NamedJobObjectSecLimitSetting class
The Win32_NamedJobObjectSecLimitSetting WMI class represents the security limit settings for a job object.
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.
Syntax
class Win32_NamedJobObjectSecLimitSetting : CIM_Setting
{
string Caption;
string Description;
Win32_TokenPrivileges PrivilegesToDelete;
Win32_TokenGroups RestrictedSIDs;
uint32 SecurityLimitFlags;
string SettingID;
Win32_TokenGroups SIDsToDisable;
};
Members
The Win32_NamedJobObjectSecLimitSetting class has these types of members:
Properties
The Win32_NamedJobObjectSecLimitSetting class has these properties.
- Caption
-
- Data type: string
- Access type: Read-only
- Qualifiers: MaxLen (64)
Short description of an object. This property is inherited from CIM_ManagedSystemElement.
- Description
-
- Data type: string
- Access type: Read-only
Description of an object. This property is inherited from CIM_ManagedSystemElement.
- PrivilegesToDelete
-
- Data type: Win32_TokenPrivileges
- Access type: Read-only
If the SecurityLimitFlags value is set to Filter Tokens you can delete privileges from a token. This property can be NULL if you do not want to delete privileges.
- RestrictedSIDs
-
- Data type: Win32_TokenGroups
- Access type: Read-only
Deny-only security identifiers (SID) that are added to an access token, if the SecurityLimitFlags value is set to Filter Tokens. This property can be NULL if you do not want to specify deny-only SIDs.
- SecurityLimitFlags
-
- Data type: uint32
- Access type: Read-only
Security limitations for a job. This property requires at least one of the following properties to be set: SIDsToDisable, PrivilegesToDelete, or RestrictedSIDs.
Value Map Meaning - 0
"No Administrator"
Prevents a process in a job from using a token that specifies the local administrators group.
- 1
"Restricted Token"
Prevents a process in a job from using a token that is not created with the CreateRestrictedToken function.
- 2
"Specific Token"
Forces processes in a job to run under the specific user security token that owns the process.
- 3
"Filter Tokens"
Applies a filter to a token when a process impersonates a client.
- SettingID
-
Instance of a job object security limit setting. Because they are kernel objects, job object names are case sensitive. However, Windows Management Instrumentation (WMI) keys are case insensitive and must specified to distinguish case. To indicate a capital letter, precede the letter by a backslash. For example, "A" and "a" are lowercase and "\A" and "\a" are uppercase.
- SIDsToDisable
-
- Data type: Win32_TokenGroups
- Access type: Read-only
SIDs to disable for access checking, if the SecurityLimitFlags value is set to Filter Tokens. This property can be NULL if you do not want to disable SIDs.
Remarks
The Win32_NamedJobObjectSecLimitSetting class is derived from CIM_Setting.
Examples
For script code examples, see WMI Tasks for Scripts and Applications and the TechNet ScriptCenter Script Repository.
For C++ code examples, see WMI C++ Application Examples.
Requirements
|
Minimum supported client | Windows XP [desktop apps only] |
|---|---|
|
Minimum supported server | Windows Server 2003 [desktop apps only] |
|
Namespace |
\root\CIMV2 |
|
MOF |
|
|
DLL |
|
See also
Send comments about this topic to Microsoft
Build date: 11/19/2012
