|
|
// � 1998-1999 Microsoft Corporation. All rights reserved.
#pragma autorecover#pragma classflags("forceupdate")
Qualifier Description : ToSubClass Amended;Qualifier Values : ToSubClass Amended;Qualifier DisplayName : Amended;Qualifier BitValues:ToSubClass Amended ;
Qualifier Aggregate : ToSubClass ;Qualifier Aggregation : ToSubClass ; Qualifier ArrayType : ToSubClass ;Qualifier Association : ToInstance ToSubClass DisableOverride ; Qualifier BitMap : ToSubClass ;Qualifier CIM_Key : ToSubClass ;Qualifier CIMTYPE : ToSubClass ;Qualifier Deprecated : ToSubClass ;Qualifier Enumeration : ToSubClass ;Qualifier EnumPrivileges : ToSubClass ;Qualifier ImplementationSource : ToSubClass ;Qualifier Key : ToInstance ToSubClass DisableOverride ;Qualifier Locale : ToInstance ;Qualifier MappingStrings : ToSubClass ;Qualifier Max : ToSubClass ;Qualifier MaxLen : ToSubClass ;Qualifier Min : ToSubClass ;Qualifier ModelCorrespondence : ToSubClass ;Qualifier Not_Null : ToSubClass ;Qualifier Override : Restricted ;Qualifier Privileges : ToSubClass ; Qualifier Propagated : ToSubClass ;Qualifier provider : ToInstance ;Qualifier Range : ToSubClass ;Qualifier Read : ToSubClass ;Qualifier Schema : ToInstance ;Qualifier Singleton : ToSubClass ToInstance ;Qualifier SUBTYPE : ToSubClass ;Qualifier Units : ToSubClass ;Qualifier UUID : ToInstance ;Qualifier Volatile : ToSubClass ; Qualifier Weak : ToSubClass ;Qualifier Write : ToSubClass ;Qualifier WritePrivileges : ToSubClass ;
#pragma namespace ("\\\\.\\root\\cimv2") instance of __Win32Provider as $P{ Name = "SECRCW32"; ClsId = "{d63a5850-8f16-11cf-9f47-00aa00bf345c}"; ImpersonationLevel = 1; PerUserInitialization = "FALSE"; HostingModel = "NetworkServiceHost";};
instance of __InstanceProviderRegistration{ Provider = $P;
SupportsGet = "TRUE"; SupportsPut = "TRUE"; SupportsDelete = "TRUE"; SupportsEnumeration = "TRUE";
QuerySupportLevels = {"WQL:UnarySelect"};};
instance of __MethodProviderRegistration{ Provider = $P;};
////////////////// GENERIC READ-ONLY MODEL ///////////////////////////////////
[Dynamic, Provider ("SECRCW32"), description("Represents an arbitrary SID -- CANNOT BE ENUMERATED"), Locale (0x409), UUID ("{8502C581-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SID { [Description ( "The SID in string format" ) , Read, Key] string SID;
[Description ( "The SID in binary format" ) , Read] uint8 BinaryRepresentation[];
[Description ( "The name of the account associated with the SID" ) , Read] string AccountName; [Description ( "The domain of the account associated with the SID" ) , Read] string ReferencedDomainName;
[Description("The SidLength property indicates the length of the " "SID in bytes"), Units("Bytes"), Read] uint32 SidLength;};
//RuleBased("Select * From "// "Win32_Account As A "// "Join "// "Win32_SID As B "// "On A.SID = B.SID") [Dynamic, Provider ("SECRCW32"), Association, description("The SID of an account"), Locale (0x409), UUID ("{8502C582-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_AccountSID { [Description ( "The account" ) , Read, Key] Win32_Account ref Element; [Description ( "The SID of the account" ) , Read, Key] Win32_SID ref Setting;};
[abstract, description("Represents security settings for a managed element"), Locale (0x409), UUID ("{8502C583-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SecuritySetting : CIM_Setting{ [description("Inheritance-related flags. " "See SECURITY_DESCRIPTOR_CONTROL"), read] uint32 ControlFlags;
[description("Retrieves a structural representation of the object's " "security descriptor"), Privileges{"SeSecurityPrivilege","SeRestorePrivilege"}] uint32 GetSecurityDescriptor([OUT] Win32_SecurityDescriptor Descriptor);
[description("Sets security descriptor to the specified structure"), Privileges{"SeSecurityPrivilege","SeRestorePrivilege"}] uint32 SetSecurityDescriptor([IN] Win32_SecurityDescriptor Descriptor);};
[Abstract, description("Associates an object to its security settings"), Locale (0x409), UUID ("{8502C584-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SecuritySettingOfObject : CIM_ElementSetting{ [Override ("Element"): ToSubClass, Description ( "The object with security settings" )] CIM_LogicalElement ref Element; [Override ("Setting"): ToSubClass, Description ( "The security settings of the object" )] Win32_SecuritySetting ref Setting;};
[abstract, Association, description("Association between the security settings of an object and " "its owner"), Locale (0x409), UUID ("{8502C585-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SecuritySettingOwner{ [Description ("The security settings of an object"), key, read] Win32_SecuritySetting ref SecuritySetting; [Description ("The Win32_SID of the object's owner"), key, read] Win32_SID ref Owner;};
[abstract, Association, description("Association between the security of an object and its group"), Locale (0x409), UUID ("{8502C586-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SecuritySettingGroup{ [Description ( "The security settings of an object" ) , key, read] Win32_SecuritySetting ref SecuritySetting; [Description ( "The Win32_SID of the object's group" ) , key, read] Win32_SID ref Group;};
[abstract, Association, description("Specifies the rights granted and denied to a trustee " "for a given object. Modeled after EXPLICIT_ACCESS"), Locale (0x409), UUID ("{8502C587-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SecuritySettingAccess{ [Description ( "The security settings of an object" ) , key, read] Win32_SecuritySetting ref SecuritySetting; [Description ( "The Win32_SID of the trustee for this access entry" ) , key, read] Win32_SID ref Trustee; [Description ("The type of access specified for the trustee"), Values {"Set", "Deny"}, read] uint32 Type; [Description ( "Bit flags specifying how the access rights are inherited" ), read] uint32 Inheritance; [Description ( "Bit flags specifying what permissions are affected" ),read] uint32 AccessMask; [Description ( "The guid of the type of object the security settings are applied to" ),read] string GuidObjectType; [Description ( "The guid of the type of object this object inherits from" ),read] string GuidInheritedObjectType;};
[abstract, Association, description("Specifies the auditing for a given trustee on a given object." " Modeled after EXPLICIT_ACCESS"), Locale (0x409), UUID ("{8502C588-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SecuritySettingAuditing{ [Description ( "The security settings of an object" ) , key,read] Win32_SecuritySetting ref SecuritySetting; [Description ( "The Win32_SID of the trustee for this audit entry" ) , key,read] Win32_SID ref Trustee; [Description ("The type of access specified for the trustee"), Values{"Audit success", "Audit failure"},read] uint32 Type; [Description ( "Bit flags specifying how the audit policies are inherited" ),read] uint32 Inheritance; [Description ( "Bit flags specifying what activities are audited" ),read] uint32 AuditedAccessMask; [Description ( "The guid of the type of object the security settings are applied to" ),read] string GuidObjectType; [Description ( "The guid of the type of object this object inherits from" ),read] string GuidInheritedObjectType;};
////////////////// WRITABLE SCHEMA ////////////////////////////////////////////
[abstract, description("Specifies a trustee. Either a name or " "a SID (byte array) can be used"), Locale (0x409), UUID ("{8502C589-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_Trustee : Win32_MethodParameterClass{ [Description ( "The SID of the trustee"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] uint8 SID[];
[Description ( "The SID of the trustee in string format (e.g., S-1-1-0)"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] string SIDString; [Description ( "The name portion of the account"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] string Name;
[Description ( "The domain portion of the account"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] string Domain;
[Description ( "The length of the SID in BYTES"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] uint32 SidLength;};
[abstract, description("Specifies an access control entry"), Locale (0x409), UUID ("{8502C58A-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_ACE : Win32_MethodParameterClass{ [Description ( "The trustee of this ACE entry"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] Win32_Trustee Trustee; [Description ( "The type of ACE entry this is"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"}, Values {"Access Allowed", "Access Denied", "Audit"}] uint32 AceType; [Description ( "Bit flags specifying inheritance of the ACE"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] uint32 AceFlags; [Description ( "Bit flags representing rights granted/denied to the trustee"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] uint32 AccessMask;
[Description ( "The guid associated with the type of object these rights apply to"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] string GuidObjectType; [Description ( "The guid associated with the parent of the object these rights apply to"), write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] string GuidInheritedObjectType;};
[abstract, description("Structural representation of a SECURITY_DESCRIPTOR"), Locale (0x409), UUID ("{8502C58B-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SecurityDescriptor : Win32_MethodParameterClass{ [Description ( "The trustee representing the owner of the object"), read, write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] Win32_Trustee Owner; [Description ( "The trustee representing the group of the object"), read, write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] Win32_Trustee Group; [Description ( "An array of Win32_ACE entries that specify access to the object"), read, write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] Win32_ACE DACL[]; [Description ( "An array of Win32_ACE entries that specify which users/groups auditing information is gathered for"), read, write, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] Win32_ACE SACL[]; [Description ( "Bit flags that provide information about the descriptor's contents and format"), read, WritePrivileges{"SeSecurityPrivilege", "SeRestorePrivilege"} ] uint32 ControlFlags;};
///////////// SPECIALIZATION OF READ-ONLY MODEL FOR FILES /////////////////////
[Dynamic, Provider ("SECRCW32") , Description("security settings for a logical file"), Locale (0x409), UUID ("{8502C58C-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_LogicalFileSecuritySetting : Win32_SecuritySetting{ [read, key, Description("The full pathname of the file or directory")] string Path;
[description("Indicates whether the caller has Owner permissions " "to the object. "), read] boolean OwnerPermissions;
[implemented, description("Retrieves a structural representation of the object's " "security descriptor.\n" "The method returns an integer value that can be " "interpretted as follows: \n" "0 - Successful completion.\n" "2 - The user does not have access to the requested information.\n" "8 - Unknown failure.\n" "9 - The user does not have adequate privileges.\n" "21 - The specified parameter is invalid.\n" "Other - For integer values other than those listed above, " "refer to Win32 error code documentation."), Values{ "Success", "Access denied", "Unknown failure", "Privilege missing", "Invalid parameter", "Other" }, ValueMap{ "0", "2", "8", "9", "21", ".." }, Privileges{"SeSecurityPrivilege","SeRestorePrivilege"}] uint32 GetSecurityDescriptor([out] Win32_SecurityDescriptor Descriptor);
[implemented, description("Sets security descriptor to the specified structure. \n" "The method returns an integer value that can be " "interpretted as follows: \n" "0 - Successful completion.\n" "2 - The user does not have access to the requested information.\n" "8 - Unknown failure.\n" "9 - The user does not have adequate privileges.\n" "21 - The specified parameter is invalid.\n" "Other - For integer values other than those listed above, " "refer to Win32 error code documentation."), Values{ "Success", "Access denied", "Unknown failure", "Privilege missing", "Invalid parameter", "Other" }, ValueMap{ "0", "2", "8", "9", "21", ".." }, Privileges{"SeSecurityPrivilege","SeRestorePrivilege"}] uint32 SetSecurityDescriptor([in] Win32_SecurityDescriptor Descriptor);};
[Dynamic, Provider ("SECRCW32"), Description("Security settings of a file or directory object"), Locale (0x409), UUID ("{8502C58D-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SecuritySettingOfLogicalFile : Win32_SecuritySettingOfObject{ [Override ("Element"): ToSubClass, Description("The file or directory"), key] CIM_LogicalFile ref Element; [Override ("Setting"): ToSubClass, Description("The security settings of the file or directory"), key] Win32_LogicalFileSecuritySetting ref Setting;};
[Dynamic, Provider ("SECRCW32"), Description("Association between the " "security settings of a file/directory and its owner"), Locale (0x409), UUID ("{8502C58E-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_LogicalFileOwner : Win32_SecuritySettingOwner{ [Override ("SecuritySetting"): ToSubClass, Description("The security settings of the file/directory object " "-- CANNOT BE ENUMERATED")] Win32_LogicalFileSecuritySetting ref SecuritySetting; [Override ("Owner"): ToSubClass, Description("The owner of the file/directory object")] Win32_SID ref Owner;};
[Dynamic, Provider ("SECRCW32"), Description("Association between the " "security settings of a file/directory and its group"), Locale (0x409), UUID ("{8502C58F-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_LogicalFileGroup : Win32_SecuritySettingGroup{ [Override ("SecuritySetting"): ToSubClass, Description("The security settings of the file/directory object " "-- CANNOT BE ENUMERATED")] Win32_LogicalFileSecuritySetting ref SecuritySetting; [Override ("Group"): ToSubClass, Description("The group of the file/directory object")] Win32_SID ref Group;};
[Dynamic, Provider ("SECRCW32"), Description("Association between the " "security settings of a file/directory and one member of its DACL"), Locale (0x409), UUID ("{8502C590-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_LogicalFileAccess : Win32_SecuritySettingAccess{ [Override ("SecuritySetting"): ToSubClass, Description("The security settings of the file/directory object " "-- CANNOT BE ENUMERATED")] Win32_LogicalFileSecuritySetting ref SecuritySetting;
[Override ("Trustee"): ToSubClass, Description("An entry on the object's DACL")] Win32_SID ref Trustee;};
[Dynamic, Provider ("SECRCW32"), Locale (0x409) , UUID ( "{FCC86599-DB20-11d2-85FC-0000F8102E5F}" ), Description ("Association between the " "security settings of a file/directory one member of its SACL.") ]class Win32_LogicalFileAuditing : Win32_SecuritySettingAuditing{ [Override ("SecuritySetting"): ToSubClass, Description("The security settings of the file/directory object " "-- CANNOT BE ENUMERATED")] Win32_LogicalFileSecuritySetting ref SecuritySetting; [Override ("Trustee"): ToSubClass, Description("An entry on the object's SACL")] Win32_SID ref Trustee;};
///////////// ASSOCIATION CLASSES FOR NT SHARES /////////////////////
[Dynamic, Provider ("SECRCW32") , Description("security settings for a logical file"), Locale (0x409), UUID ("{8502C591-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_LogicalShareSecuritySetting : Win32_SecuritySetting{ [key, Description("The name of the share"), read] string Name;
[implemented, description("Retrieves a structural representation of the object's " "security descriptor.\n" "The method returns an integer value that can be " "interpretted as follows: \n" "0 - Successful completion.\n" "2 - The user does not have access to the requested information.\n" "8 - Unknown failure.\n" "9 - The user does not have adequate privileges.\n" "21 - The specified parameter is invalid.\n" "Other - For integer values other than those listed above, " "refer to Win32 error code documentation."), Values{ "Success", "Access denied", "Unknown failure", "Privilege missing", "Invalid parameter", "Other" }, ValueMap{ "0", "2", "8", "9", "21", ".." }, Privileges{"SeSecurityPrivilege","SeRestorePrivilege"}] uint32 GetSecurityDescriptor([out] Win32_SecurityDescriptor Descriptor);
[implemented, description("Sets security descriptor to the specified structure.\n" "The method returns an integer value that can be " "interpretted as follows: \n" "0 - Successful completion.\n" "2 - The user does not have access to the requested information.\n" "8 - Unknown failure.\n" "9 - The user does not have adequate privileges.\n" "21 - The specified parameter is invalid.\n" "Other - For integer values other than those listed above, " "refer to Win32 error code documentation."), Values{ "Success", "Access denied", "Unknown failure", "Privilege missing", "Invalid parameter", "Other" }, ValueMap{ "0", "2", "8", "9", "21", ".." }, Privileges{"SeSecurityPrivilege","SeRestorePrivilege"}] uint32 SetSecurityDescriptor([in] Win32_SecurityDescriptor Descriptor);};
//RuleBased("Select * From "// "Win32_LogicalShareSecuritySetting As A "// "Join "// "Win32_Share As B "// "On A.Name = B.Name") [Dynamic, Provider("SECRCW32"), Description("Security settings of a share object"), Locale (0x409), UUID ("{8502C592-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_SecuritySettingOfLogicalShare : Win32_SecuritySettingOfObject{ [Override ("Element"): ToSubClass, Description("The share"), key,read] Win32_Share ref Element; [read,Override ("Setting"): ToSubClass, Description("The security settings of the share"), key] Win32_LogicalShareSecuritySetting ref Setting;};
[Dynamic, Provider("SECRCW32"), Description("Association between the " "security settings of a share and one member of its DACL"), Locale (0x409), UUID ("{8502C593-5FBB-11D2-AAC1-006008C78BC7}")]class Win32_LogicalShareAccess : Win32_SecuritySettingAccess{ [read,Override ("SecuritySetting"): ToSubClass, Description("The security settings of the share object")] Win32_LogicalShareSecuritySetting ref SecuritySetting;
[read,Override ("Trustee"): ToSubClass, Description("An entry on the object's DACL")] Win32_SID ref Trustee;};
[Dynamic, Provider("SECRCW32"), Locale (0x409), UUID ("{8502C594-5FBB-11D2-AAC1-006008C78BC7}"), Description ("Association between the " "security settings of a share and one member of its SACL.")]class Win32_LogicalShareAuditing : Win32_SecuritySettingAuditing{ [read,Override ("SecuritySetting"): ToSubClass, Description("The security settings of the share object")] Win32_LogicalShareSecuritySetting ref SecuritySetting; [read,Override ("Trustee"): ToSubClass, Description("An entry on the object's SACL")] Win32_SID ref Trustee;};
[Association, Dynamic, Provider ("CIMWin32"), Description( "The Win32_DCOMApplicationLaunchAllowedSetting class is an association between the Win32_DCOMApplication" "and the user sid's that can launch it" ), Locale(0x409), UUID("{0F73ED55-8ED9-11d2-B340-00105A1F8569}") ]class Win32_DCOMApplicationLaunchAllowedSetting{ [read, Key, Override ("Element"): ToSubClass, Description( "The Element reference represents the role of the Win32_DCOMApplication" ), MappingStrings {" Microsoft CIM Win32|Win32_DCOMApplication|AppID"} ] Win32_DCOMApplication ref Element; [read, Key, Override ("Setting"): ToSubClass, Description( "The Setting reference represents the role of a user that can launch a component grouped under " "the associated Win32_DCOMApplication" ), MappingStrings {" Microsoft CIM Win32|Win32_SID|SID"} ] Win32_SID ref Setting;};
[Association,Dynamic, Provider ("CIMWin32"), Description( "The Win32_DCOMApplicationAccessAllowedSetting class is an association between the Win32_DCOMApplication" "and the user sid's that can access it" ), Locale(0x409), UUID("{0F73ED59-8ED9-11d2-B340-00105A1F8569}") ]class Win32_DCOMApplicationAccessAllowedSetting{ [read, Key, Override ("Element"): ToSubClass, Description( "The Element reference represents the role of the Win32_DCOMApplication" ), MappingStrings {" Microsoft CIM Win32|Win32_DCOMApplication|AppID"} ] Win32_DCOMApplication ref Element; [read, Key, Override ("Setting"): ToSubClass, Description( "The Setting reference represents the role of a user that can access a component grouped under " "the associated Win32_DCOMApplication" ), MappingStrings {" Microsoft CIM Win32|Win32_SID|SID"} ] Win32_SID ref Setting;};
|
