Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Win32_SecuritySetting class

The Win32_SecuritySetting abstract WMI class represents security settings for a managed element.

The following syntax is simplified from Managed Object Format (MOF) code, and includes all of the inherited properties.

Syntax

class Win32_SecuritySetting : CIM_Setting
{
  string Caption;
  uint32 ControlFlags;
  string Description;
  string SettingID;
};

Members

The Win32_SecuritySetting class has these types of members:

Methods

The Win32_SecuritySetting class has these methods.

MethodDescription
GetSecurityDescriptor

Class method that retrieves a structural representation of the object security descriptor.

SetSecurityDescriptor

Class method that sets a security descriptor (SD) to a specified structure.

 

Properties

The Win32_SecuritySetting class has these properties.

Caption
Data type: string
Access type: Read-only

Short description of the CIM_Setting object—a one-line string.

ControlFlags
Data type: uint32
Access type: Read-only

Control bits that qualify the meaning of an SD or its individual members. For more information about how to set the ControlFlags value, see the Remarks section. The following table lists the flags in ControlFlags. For more information, see SECURITY_DESCRIPTOR_CONTROL.

FlagMeaning
SE_OWNER_DEFAULTED
1 (0x1)

Indicates an SD with a default owner security identifier (SID). You can use this bit to find all of the objects that have default owner permissions set.

SE_GROUP_DEFAULTED
2 (0x2)

Indicates an SD with a default group SID. You can use this bit to find all of the objects that have default group permissions set.

SE_DACL_PRESENT
4 (0x4)

Indicates an SD that has a discretionary access control list (DACL). If this flag is not set, or if this flag is set and the DACL is NULL, the SD allows full access to everyone.

SE_DACL_DEFAULTED
8 (0x8)

Indicates an SD with a default DACL. For example, if an object creator does not specify a DACL, the object receives the default DACL from the access token of the creator. This flag can affect how the system treats the DACL, with respect to access control entry (ACE) inheritance. The system ignores this flag if the SE_DACL_PRESENT flag is not set.

SE_SACL_PRESENT
16 (0x10)

Indicates an SD that has a system access control list (SACL).

SE_SACL_DEFAULTED
32 (0x20)

Indicates an SD with a default SACL. For example, if an object creator does not specify an SACL, the object receives the default SACL from the access token of the creator. This flag can affect how the system treats the SACL, with respect to ACE inheritance. The system ignores this flag if the SE_SACL_PRESENT flag is not set.

SE_DACL_AUTO_INHERIT_REQ
256 (0x100)

Requests that the provider for the object protected by the SD automatically propagate the DACL to existing child objects. If the provider supports automatic inheritance, it propagates the DACL to any existing child objects, and sets the SE_DACL_AUTO_INHERITED bit in the security descriptors of the object and its child objects.

SE_SACL_AUTO_INHERIT_REQ
512 (0x200)

Requests that the provider for the object protected by the SD automatically propagate the SACL to existing child objects. If the provider supports automatic inheritance, it propagates the SACL to any existing child objects, and sets the SE_SACL_AUTO_INHERITED bit in the SDs of the object and its child objects.

SE_DACL_AUTO_INHERITED
1024 (0x400)

Windows 2000 only. Indicates an SD in which the DACL is set up to support automatic propagation of inheritable ACEs to existing child objects. The system sets this bit when it performs the automatic inheritance algorithm for the object and its existing child objects. This bit is not set in SDs for Windows NT versions 4.0 and earlier, which do not support automatic propagation of inheritable ACEs.

SE_SACL_AUTO_INHERITED
2048 (0x800)

Windows 2000: Indicates an SD in which the SACL is set up to support automatic propagation of inheritable ACEs to existing child objects. The system sets this bit when it performs the automatic inheritance algorithm for the object and its existing child objects. This bit is not set in SDs for Windows NT versions 4.0 and earlier, which do not support automatic propagation of inheritable ACEs.

SE_DACL_PROTECTED
4096 (0x1000)

Windows 2000: Prevents the DACL of the SD from being modified by inheritable ACEs.

SE_SACL_PROTECTED
8192 (0x2000)

Windows 2000: Prevents the SACL of the SD from being modified by inheritable ACEs.

SE_SELF_RELATIVE
32768 (0x8000)

Indicates an SD in self-relative format with all of the security information in a contiguous block of memory. If this flag is not set, the SD is in absolute format. For more information, see Absolute and Self-Relative Security Descriptors.

 

Description
Data type: string
Access type: Read-only

Description of the CIM_Setting object.

SettingID
Data type: string
Access type: Read-only

Identifier for the CIM_Setting object.

Remarks

The Win32_SecuritySetting class is derived from CIM_Setting.

The values in ControlFlags indicate which elements of the descriptor that Windows Management Instrumentation (WMI) writes out.

For example, if the SE_DACL_PRESENT bit is not set in the control flags, but a DACL is specified as written out, none will be written out. Conversely, if the SE_DACL_PRESENT bit is set, but no actual DACL parameter is set, a NULL DACL is written out.

Note  A NULL DACL creates a security risk because it gives full access to everyone. For more information, see Creating a DACL.

If the SE_DACL_PRESENT bit is specified, and a DACL entry is also present in the call to SetSecurityDescriptor, an empty DACL is written out.

The ControlFlags property contains individual bit positions to indicate that specific flags are set. You can combine these flags by adding the associated values. For example, to specify both SE_DACL_PRESENT and SE_DACL_AUTO_INHERITED you add the associated values 4 and 1024 to make the value of the ControlFlags property 1028.

Examples

For script code examples, see WMI Tasks for Scripts and Applications and the TechNet ScriptCenter Script Repository.

For C++ code examples, see WMI C++ Application Examples.

Requirements

Minimum supported client

Windows XP

Minimum supported server

Windows Server 2003

Namespace

\root\CIMV2

MOF

Secrcw32.mof

DLL

CIMWin32.dll

See also

Operating System Classes

 

 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.