RsopCreateSession method of the RsopLoggingModeProvider class

Takes a snapshot of actual policy data for display by the RSoP MMC snap-in (rsop.msc).

This method is implemented in the provider.

Syntax


static void RsopCreateSession(
  [in]  uint32 flags,
  [in]  string userSid,
  [out] string nameSpace,
  [out] uint32 hResult,
  [out] uint32 ExtendedInfo
);

Parameters

flags [in]

Specifies a set of bit flags. You can use this parameter to specify the type of data to retrieve. If you do not specify a type, the method retrieves both user and computer data. You can also specify whether the system should create a new snapshot of the WMI namespace to contain the RSoP data.

FLAG_NO_USER

Retrieve RSoP computer data only.

FLAG_NO_COMPUTER

Retrieve RSoP user data only.

FLAG_FORCE_CREATENAMESPACE

Create a temporary snapshot of the WMI namespace. For more information, see the following Remarks section.

userSid [in]

Specifies the SID of the user of interest. If this parameter is NULL, the function uses the SID of the calling thread. For more information, see Security Identifiers.

nameSpace [out]

Specifies the RSoP namespace where logging mode data is created. Computer data is stored under "nameSpace\Computer" and user data is stored under "nameSpace\User\{Sid}". An example of a namespace would be "\\.\Root\Rsop\NS71EF4AA3_FB96_465F_AC1C_DFCF9A3E9010".

You can run the RSoP MMC snap-in to display the data in the RSoP namespace, specifying the generated namespace and the computer on which the logging mode provider was invoked. For more information, see the following Remarks section.

hResult [out]

An HRESULT that indicates the success or failure of the method. If the method succeeds, the return value is S_OK. Otherwise, the method returns one of the COM error codes defined in the Platform SDK header file WinError.h.

ExtendedInfo [out]

Currently, this parameter can have one of the following values.

RSOP_USER_ACCESS_DENIED

User RSoP data is not available to the user.

RSOP_COMPUTER_ACCESS_DENIED

Computer RSoP data is not available to the user.

RSOP_TEMPNAMESPACE_EXISTS

The value FLAG_FORCE_CREATENAMESPACE was not specified in the flags parameter and a snapshot of the namespace already exists; the user is not an administrator. For more information, see the following Remarks section.

Return value

This method has no return value. For more information, see the description of the hResult parameter.

Remarks

Non-administrative users and users without RSoP delegation are allowed one temporary RSoP namespace for logging mode data. If you pass the FLAG_FORCE_CREATENAMESPACE flag to the RsopCreateSession method, the logging mode provider deletes the user's existing RSoP namespace and creates a new namespace for the user with updated logging mode data.

To view RSoP logging mode data, an administrator could pass the namespace returned by this method as a command-line parameter to the RSoP MMC snap-in. For example, if you run the snap-in on the computer "TestDC.example.microsoft.com", you could invoke the snap-in in the following manner:

Rsop.msc /RsopNamespace:"\\.\Root\Rsop\NS71EF4AA3_FB96_465F_AC1C_DFCF9A3E9010" /RsopTargetComp:"TestDC.example.microsoft.com"

To remotely target the RSoP snap-in to the same namespace, you could invoke the snap-in in the following manner:

Rsop.msc /RsopNamespace:"\\TestDC.example.microsoft.com\Root\Rsop\NS71EF4AA3_FB96_465F_AC1C_DFCF9A3E9010" /RsopTargetComp:"TestDC.example.microsoft.com"

For more information about running rsop.msc from the command-line, see the Windows Server Help.

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Namespace

Root\RSOP\Computer

MOF

Rsop.mof

DLL

GPSvc.dll

See also

Group Policy Overview
Group Policy RSoP WMI Classes
RsopLoggingModeProvider
RsopDeleteSession

 

 

Show: