IGPM::CreatePermission method

Creates and returns an interface or object that represents the trustee (such as a user, computer or security group) and permission that applies to a single object; for example, to a GPO, SOM or a WMI filter.

Syntax


HRESULT CreatePermission(
  [in]   BSTR bstrTrustee,
  [in]   GPMPermissionType perm,
  [in]   VARIANT_BOOL bInheritable,
  [in]    bInheritable,
  [out]  IGPMPermission **ppPerm
);

Parameters

bstrTrustee [in]

Required. Trustee name. This parameter can be a string that specifies the security identifier (SID) of the account. This parameter can also be a Security Accounts Manager (SAM) account name, such as Engineering\JSmith.

perm [in]

Required. Permission to use for the trustee. The following policy-related permissions are supported. Note that each permission value represents one or more access rights that apply to the GPO.

The following GPO permissions are supported.

ValueMeaning
permGPOApply

The trustee can apply the GPO. This value corresponds to the READ and APPLY Group Policy access rights being set to Allow for a user.

permGPORead

The trustee can read the GPO. This value corresponds to the READ Group Policy access right being set to Allow for a user.

permGPOEdit

The trustee can read and edit the policy settings for the GPO. This value corresponds to the READ, WRITE, CREATE CHILD OBJECT, and DELETE CHILD OBJECT Group Policy access rights being set to Allow for a user.

permGPOEditSecurityAndDelete

The trustee can read, edit and delete the permissions for the GPO. This value corresponds to the Group Policy access rights specified by permGPOEdit plus the DELETE, MODIFY PERMISSIONS, and MODIFY OWNER access rights being set to Allow for a user.

 

The following WMI filter permissions are supported.

ValueMeaning
permWMIFilterEdit

The trustee can edit the WMI filter.

permWMIFilterFullControl

The trustee has full control over the WMI filter.

 

The following scope of management (SOM) permissions are supported.

ValueMeaning
permSOMLink

The trustee can link GPOs to the SOM. Applies to sites, domains and OUs.

permSOMLogging

The trustee can generate RSoP logging data for the SOM. Applies to domains and OUs.

permSOMPlanning

The trustee can generate RSoP planning data for the SOM. Applies to domains and OUs.

permSOMWMICreate

The trustee can create WMI filters in the domain. Applies to domains only.

permSOMWMIFullControl

The trustee has full control over all the WMI filters in the domain. Applies to domains only.

permSOMGPOCreate

The trustee can create GPOs in the domain. Applies to domains only.

 

bInheritable [in]
C++

VARIANT_BOOL. If VARIANT_TRUE, children inherit the permission. Note that this parameter is significant only when you add permissions to security information using the IGPMSecurityInfo::Add method. This parameter is ignored for searches.

JScript

If true, children inherit the permission. Note that this parameter is significant only when you add permissions to security information using the GPMSecurityInfo.Add method. This parameter is ignored for searches.

ppPerm [out]

Address of a pointer to the IGPMPermission interface.

Return value

C++

Returns S_OK if successful. Returns a failure code if an error occurs.

JScript

Returns a reference to a GPMPermission object.

VB

Returns a reference to a GPMPermission object.

Remarks

For more information about access control lists (ACLs), access rights, and the security model for controlling access to Windows objects, see Access Control. For more information about security groups, see How Security Groups are Used in Access Control in the Active Directory Programmer's Guide.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Redistributable

GPMC on Windows Server 2003 or Windows XP with SP1

Header

Gpmgmt.h

IDL

Gpmgmt.idl

DLL

Gpmgmt.dll

IID

IID_IGPM is defined as F5FAE809-3BD6-4DA9-A65E-17665B41D763

See also

IGPM
IGPMPermission
IGPMTrustee
IGPMSecurityInfo
IGPMWMIFilter

 

 

Show:
© 2014 Microsoft