SMS_SecuredObject Server WMI Class

 

Updated: November 1, 2013

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager

The SMS_SecuredObject Windows Management Instrumentation (WMI) class is an SMS Provider server class, in Configuration Manager, that represents a secured object.

The following syntax is simplified from Managed Object Format (MOF) code and includes all inherited properties.

Class SMS_SecuredObject : SMS_BaseClass
{
     UInt32 AvailableClassPermissions;
     UInt32 AvailableInstancePermissions;
     UInt32 DefaultClassPermissions;
     UInt32 DefaultInstancePermissions;
     UInt32 ObjectKey
     String ObjectName;
};

The following table lists methods in SMS_SecuredObject.

Method

Description

GetCollectionsWithResourcePermissions Method in Class SMS_SecuredObject

Gets the list of collection identifiers for the collections to which the user has the specified permissions.

RefreshNTGroupMembership Method in Class SMS_SecuredObject

Refreshes the information stored about the user's Windows group membership.

UserHasPermissions Method in Class SMS_SecuredObject

Determines whether a user has permissions for an object.

AvailableClassPermissions

Data type: UInt32

Access type: Read-only

Qualifiers: [bits]

Set of available global permissions that can be set for the specified class. Possible values are listed below. The default value is 0.

0

READ

1

MODIFY

2

DELETE

3

DISTRIBUTE

4

Not used

5

REMOTE_CONTROL

6

ADVERTISE

7

MODIFY_RESOURCE

8

ADMINISTER

9

DELETE_RESOURCE

10

CREATE

11

VIEW_COLL_FILE

12

READ_RESOURCE

13

DELEGATE

14

METER

15

MANAGESQLCOMMAND

16

MANAGESTATUSFILTER

17

MANAGEFOLDER

18

NETWORKACCESS

19

IMPORTMACHINE

20

CREATETSMEDIA

21

MODIFYCOLLECTIONSETTING

22

MANAGEOSDCERTIFICATE

23

RECOVERUSERSTATE

AvailableInstancePermissions

Data type: UInt32

Access type: Read-only

Qualifiers: [bits]

Set of available permissions that can be set for an instance of the specified class. Possible values are listed below. The default value is 0.

0

READ

1

MODIFY

2

DELETE

3

DISTRIBUTE

4

Not used

5

REMOTE_CONTROL

6

ADVERTISE

7

MODIFY_RESOURCE

8

ADMINISTER

9

DELETE_RESOURCE

10

CREATE

11

VIEW_COLL_FILE

12

READ_RESOURCE

13

DELEGATE

14

METER

15

MANAGESQLCOMMAND

16

MANAGESTATUSFILTER

17

MANAGEFOLDER

18

NETWORKACCESS

19

IMPORTMACHINE

20

CREATETSMEDIA

21

MODIFYCOLLECTIONSETTING

22

MANAGEOSDCERTIFICATE

23

RECOVERUSERSTATE

DefaultClassPermissions

Data type: UInt32

Access type: Read/Write

Qualifiers: [bits]

Set of default permissions that all users and groups are granted for the specified class. Possible values are listed below. The default value is 0.

0

READ

1

MODIFY

2

DELETE

3

DISTRIBUTE

4

Not used

5

REMOTE_CONTROL

6

ADVERTISE

7

MODIFY_RESOURCE

8

ADMINISTER

9

DELETE_RESOURCE

10

CREATE

11

VIEW_COLL_FILE

12

READ_RESOURCE

13

DELEGATE

14

METER

15

MANAGESQLCOMMAND

16

MANAGESTATUSFILTER

17

MANAGEFOLDER

18

NETWORKACCESS

19

IMPORTMACHINE

20

CREATETSMEDIA

21

MODIFYCOLLECTIONSETTING

22

MANAGEOSDCERTIFICATE

23

RECOVERUSERSTATE

24

MANAGEBMC

25

VIEWBMC

DefaultInstancePermissions

Data type: UInt32

Access type: Read/Write

Qualifiers: [bits]

Set of default instance permissions that all users and groups are granted for the specified class. Possible values are listed below. The default value is 0.

0

READ

1

MODIFY

2

DELETE

3

DISTRIBUTE

4

Not used

5

REMOTE_CONTROL

6

ADVERTISE

7

MODIFY_RESOURCE

8

ADMINISTER

9

DELETE_RESOURCE

10

CREATE

11

VIEW_COLL_FILE

12

READ_RESOURCE

13

DELEGATE

14

METER

15

MANAGESQLCOMMAND

16

MANAGESTATUSFILTER

17

MANAGEFOLDER

18

NETWORKACCESS

19

IMPORTMACHINE

20

CREATETSMEDIA

21

MODIFYCOLLECTIONSETTING

22

MANAGEOSDCERTIFICATE

23

RECOVERUSERSTATE

24

MANAGEBMC

25

VIEWBMC

ObjectKey

Data type: UInt32

Access type: Read/Write

Qualifiers: [key]

Numeric key that describes the type of secured object being specified. Possible values are listed below. The default value is 0.

1

SMS_Collection Server WMI Class 

2

SMS_Package Server WMI Class 

3

SMS_Advertisement Server WMI Class 

4

SMS_StatusMessage Server WMI Class 

5

(Not used)

6

SMS_Site Server WMI Class 

7

SMS_Query Server WMI Class 

8

SMS_Report Server WMI Class 

9

SMS_MeteredProductRule Server WMI Class 

10

SMS_ApplicableUpdatesSummaryEx Server WMI Class

11

SMS_ConfigurationItem Server WMI Class

14

SMS_OperatingSystemInstallPackage Server WMI Class

15

SMS_Template Server WMI Class

16

SMS_UpdatesAssignment Server WMI Class

17

SMS_StateMigration Server WMI Class

18

SMS_ImagePackage Server WMI Class

19

SMS_BootImagePackage Server WMI Class

20

SMS_TaskSequencePackage Server WMI Class

21

SMS_DeviceSettingPackage Server WMI Class

22

SMS_DeviceSettingItem Server WMI Class

23

SMS_DriverPackage Server WMI Class

24

SMS_SoftwareUpdatesPackage Server WMI Class

25

SMS_Driver Server WMI Class

ObjectName

Data type: String

Access type: Read/Write

Qualifiers: none

Class name of the secured object.

There are no special class qualifiers for this class. For more information about both the class qualifiers and the property qualifiers included in the Properties section, see Configuration Manager Class and Property Qualifiers.

The Configuration Manager objects that can be secured are defined by the ObjectKey property.

The DELEGATE permission applies to all objects listed in ObjectKey except SMS_StatusMessage.

METER only applies to the SMS_Site object and allows the targeting of metering rules to a site.

Manage SQL commands and Manage Status Filter only apply to SMS_Site. These permissions allow management of SQL commands and status filter rules, respectively. Because both of these permissions can allow arbitrary code to run with elevated privileges, they require special credentials.

For more information about SMS Provider rights, see Classes and Instances for Object Security in Configuration Manager.

Show: