Win32_NamedJobObjectSecLimitSetting class

The Win32_NamedJobObjectSecLimitSetting WMI class represents the security limit settings for a job object.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.

Syntax

[Dynamic, Provider("NamedJobObjectSecLimitSettingProv"), UUID("{F2D96E32-2A34-475b-878D-B0AE7657519F}"), AMENDMENT]
class Win32_NamedJobObjectSecLimitSetting : CIM_Setting
{
  string                Caption;
  string                Description;
  Win32_TokenPrivileges PrivilegesToDelete;
  Win32_TokenGroups     RestrictedSIDs;
  uint32                SecurityLimitFlags;
  string                SettingID;
  Win32_TokenGroups     SIDsToDisable;
};

Members

The Win32_NamedJobObjectSecLimitSetting class has these types of members:

Properties

The Win32_NamedJobObjectSecLimitSetting class has these properties.

Caption
Data type: string
Access type: Read-only
Qualifiers: MaxLen (64)

Short textual description of the CIM_Setting object.

This property is inherited from CIM_Setting.

Description
Data type: string
Access type: Read-only

Textual description of the CIM_Setting object.

This property is inherited from CIM_Setting.

PrivilegesToDelete
Data type: Win32_TokenPrivileges
Access type: Read-only

If the SecurityLimitFlags value is set to Filter Tokens you can delete privileges from a token. This property can be NULL if you do not want to delete privileges.

RestrictedSIDs
Data type: Win32_TokenGroups
Access type: Read-only

Deny-only security identifiers (SID) that are added to an access token, if the SecurityLimitFlags value is set to Filter Tokens. This property can be NULL if you do not want to specify deny-only SIDs.

SecurityLimitFlags
Data type: uint32
Access type: Read-only

Security limitations for a job. This property requires at least one of the following properties to be set: SIDsToDisable, PrivilegesToDelete, or RestrictedSIDs.

No Administrator (0)

Prevents a process in a job from using a token that specifies the local administrators group.

Restricted Token (1)

Prevents a process in a job from using a token that is not created with the CreateRestrictedToken function.

Specific Token (2)

Forces processes in a job to run under the specific user security token that owns the process.

Filter Tokens (3)

Applies a filter to a token when a process impersonates a client.

SettingID
Data type: string
Access type: Read-only
Qualifiers: Override (SettingID), Key

Instance of a job object security limit setting. Because they are kernel objects, job object names are case sensitive. However, Windows Management Instrumentation (WMI) keys are case insensitive and must specified to distinguish case. To indicate a capital letter, precede the letter by a backslash. For example, "A" and "a" are lowercase and "\A" and "\a" are uppercase.

SIDsToDisable
Data type: Win32_TokenGroups
Access type: Read-only

SIDs to disable for access checking, if the SecurityLimitFlags value is set to Filter Tokens. This property can be NULL if you do not want to disable SIDs.

Remarks

The Win32_NamedJobObjectSecLimitSetting class is derived from CIM_Setting.

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Namespace

Root\CIMV2

MOF

Wmipjobj.mof

DLL

Wmipjobj.dll

See also

CIM_Setting
Operating System Classes

 

 

Show: