IGPMPermission interface

The IGPMPermission interface contains methods to retrieve permission-related properties when using the GPMC. The GPMPermission object represents the pairing of a trustee (such as a user or security group) and a policy-related permission that applies to a single object; for example, to a GPO or a WMI filter. To create a GPMPermission object, call the IGPM::CreatePermission method.

Members

The IGPMPermission interface inherits from the IDispatch interface. IGPMPermission also has these types of members:

Properties

The IGPMPermission interface has these properties.

PropertyDescription

Denied

Value that indicates whether the permission is denied.

Inheritable

Value that indicates whether the permission can be inherited by a child container.

Inherited

Value that indicates whether the permission is inherited from a parent container.

Permission

Policy-related permission level; for example, permGPOApply, permWMIFilterEdit and permSOMLink.

Trustee

Returns the IGPMTrustee interface.

 

Remarks

The interface divides the policy-related permissions into categories. The following table lists the categories, permissions included in the categories, and the object to which they can be applied, as defined in the GPMPermissionType.

Securable objectPermission categoryPermission level

Site

GPO linking

permSOMLink

OU

GPO linking

permSOMLink

RSoP logging

permSOMLogging

RSoP planning

permSOMPlanning

Domain

GPO linking

permSOMLink

Creating GPOs

permSOMGPOCreate

RSoP logging

permSOMLogging

RSoP planning

permSOMPlanning

Creating WMI filters

permSOMWMICreate

permSOMWMIFullControl

WMI filter

Editing WMI filters

permWMIFilterEdit

Full control of all WMI filters

permWMIFilterFullControl

Custom control of WMI filters

permWMIFilterCustom

GPO

Security filtering

permGPOApply

Delegation

permGPORead

permGPOEdit

permGPOEditSecurityAndDelete

permGPOCustom

Starter GPO

Delegation

permStarterGPORead

permStarterGPOEdit

permStarterGPOFullControl

permStarterGPOCustom

permSOMStarterGPOCreate

 

For more information about predefined policy-related permissions, see IGPM::CreatePermission (GPM.CreatePermission).

For more information about security groups, see How Security Groups are Used in Access Control in the Active Directory Programmer's Guide.

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Redistributable

GPMC on Windows Server 2003 or Windows XP with SP1

Header

Gpmgmt.h

IDL

Gpmgmt.idl

DLL

Gpmgmt.dll

IID

IID_IGPMPermission is defined as 35EBCA40-E1A1-4A02-8905-D79416FB464A

See also

IGPM
IGPMTrustee
IGPMSecurityInfo

 

 

Show:
© 2014 Microsoft