Редактиране

Споделяне чрез


Privilege Constants

The strPrivilege parameter of the SWbemPrivilegeSet.AddAsString method and the iPrivilege parameter for SWbemPrivilegeSet.Add require privilege strings from WbemPrivilegeEnum. For more information about how to use privilege constants, see Executing Privileged Operations.

The following constants are defined in WbemPrivilegeEnum. The following list includes the equivalent constants for C++ and strings for scripting. To form the scripting short name, remove the "Se" and "Privilege" from the C++ constant name.

The following VBScript code example shows how to enable the RemoteShutdown privilege in a script.

Set Service = GetObject("winmgmts:{impersonationLevel=impersonate, (RemoteShutdown)}")

Many WMI methods require that one or more permission be enabled. If an account has not been granted a privilege, it cannot be enabled for the method call.

wbemPrivilegeCreateToken

1 (0x1)

C++ constant: SE_CREATE_TOKEN_NAME string: SeCreateTokenPrivilege

Scripting short name: CreateToken

Required to create a primary token object.

wbemPrivilegePrimaryToken

2 (0x2)

C++ constant: SeAssignPrimaryTokenPrivilege string: SeAssignPrimaryTokenPrivilege

Scripting short name: AssignPrimaryToken

Required to replace a process-level token.

wbemPrivilegeLockMemory

3 (0x3)

C++ constant: SE_LOCK_MEMORY_NAME string: SeLockMemoryPrivilege

Scripting short name: LockMemory

Required to lock pages in memory.

wbemPrivilegeIncreaseQuota

4 (0x4)

C++ constant: SE_INCREASE_QUOTA_NAME string: SeIncreaseQuotaPrivilege

Scripting short name: IncreaseQuotaPrivilege

Required to adjust memory quotas for a process.

wbemPrivilegeMachineAccount

5 (0x5)

C++ constant: SE_MACINE_ACCOUNT_NAME string: SeMachineAccountPrivilege

Scripting short name: MachineAccount

Required to add workstations to a domain.

wbemPrivilegeTcb

6 (0x6)

C++ constant: SE_TCB_NAME string: SeTcbPrivilege

Scripting short name: Tcb

Required to act as part of the operating system. The holder is part of the trusted computer base.

wbemPrivilegeSecurity

7 (0x7)

C++ constant: SE_SECURITY_NAME string: SeSecurityPrivilege

Scripting short name: Security

Required to manage auditing and the NT security log.

wbemPrivilegeTakeOwnership

8 (0x8)

C++ constant: SE_TAKE_OWNERSHIP_NAME string: SeTakeOwnershipPrivilege

Scripting short name: TakeOwnership

Required to assume ownership of files or other objects without having an Access Control Entry (ACE) in the discretionary access control list (DACL).

wbemPrivilegeLoadDriver

9 (0x9)

C++ constant: SE_LOAD_DRIVER string: SeLoadDriverPrivilege

Scripting short name: LoadDriver

Required to load or unload a device driver.

wbemPrivilegeSystemProfile

10 (0xA)

C++ constant: SE_SYSTEM_PROFILE_NAME string: SeSystemProfilePrivilege

Scripting short name: SystemProfile

Required to gather profile information about system performance.

wbemPrivilegeSystemtime

11 (0xB)

C++ constant: SE_SYSTEMTIME_NAME string: SeSystemtimePrivilege

Scripting short name: Systemtime

Required to change the system time.

wbemPrivilegeProfileSingleProcess

12 (0xC)

C++ constant: SE_PROF_SINGLE_PROCESS_NAME string: SeProfileSingleProcessPrivilege

Scripting short name: ProfileSingleProcess

Required to gather profile information for a single process.

wbemPrivilegeIncreaseBasePriority

13 (0xD)

C++ constant: SE_INC_BASE_PRIORITY_NAME string: SeIncreaseBasePriorityPrivilege

Scripting short name: IncreaseBasePriority

Required to increase scheduling priority.

wbemPrivilegeCreatePagefile

14 (0xE)

C++ constant: SE_CREATE_PAGEFILE_NAME string: SeCreatePagefilePrivilege

Scripting short name: CreatePagefile

Required to create a pagefile.

wbemPrivilegeCreatePermanent

15 (0xF)

C++ constant: SE_CREATE_PERMANENT_NAME string: SeCreatePermanentPrivilege

Scripting short name: CreatePermanent

Required to create permanent shared objects.

wbemPrivilegeBackup

16 (0x10)

C++ constant: SE_BACKUP_NAME string: SeBackupPrivilege

Scripting short name: Backup

Required to backup files and directories, regardless of the ACL specified for the file.

wbemPrivilegeRestore

17 (0x11)

C++ constant: SE_RESTORE_NAME string: SeRestorePrivilege

Scripting short name: Restore

Required to restore files and directories, regardless of the ACL specified for the file.

wbemPrivilegeShutdown

18 (0x12)

C++ constant: SE_SHUTDOWN_NAME string: SeShutdownPrivilege

Scripting short name: Shutdown

Required to shut down the local system.

wbemPrivilegeDebug

19 (0x13)

C++ constant: SE_DEBUG_NAME string: SeDebugPrivilege

Scripting short name: Debug

Required to debug and adjust the memory of a process owned by another account.

wbemPrivilegeAudit

20 (0x14)

C++ constant: SE_AUDIT_NAME string: SeAuditPrivilege

Scripting short name: Audit

Required to generate audit entries in the NT Security log. Only secure servers should have this privilege.

wbemPrivilegeSystemEnvironment

21 (0x15)

C++ constant: SE_SYSTEM_ENVIRONMENT_NAME string: SeSystemEnvironmentPrivilege

Scripting short name: SystemEnvironment

Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration data.

wbemPrivilegeChangeNotify

22 (0x16)

C++ constant: SE_CHANGE_NOTIFY_NAME string: SeChangeNotifyPrivilege

Scripting short name: ChangeNotify

Required to receive notifications of changes to files or directories and bypass traversal access checks. This privilege is enabled by default for all users.

wbemPrivilegeRemoteShutdown

23 (0x17)

C++ constant: SE_REMOTE_SHUTDOWN_NAME string: SeRemoteShutdownPrivilege

Scripting short name: RemoteShutdown

Required to shut down a remote computer.

wbemPrivilegeUndock

24 (0x18)

C++ constant: SE_UNDOCK_NAME string: SeUndockPrivilege

Scripting short name: Undock

Required to remove a laptop from a docking station.

wbemPrivilegeSyncAgent

25 (0x19)

C++ constant: SE_SYNC_AGENT_NAME string: SeSyncAgentPrivilege

Scripting short name: SyncAgent

Required to synchronize directory service data.

wbemPrivilegeEnableDelegation

26 (0x1A)

C++ constant: SE_ENABLE_DELEGATION_NAME string: SeEnableDelegationPrivilege

Scripting short name: EnableDelegation

Required to enable computer and user accounts to be trusted for delegation.

wbemPrivilegeManageVolume

27 (0x1B)

C++ constant: SE_MANAGE_VOLUME_NAME string: SeManageVolumePrivilege

Scripting short name: ManageVolume

Required to perform volume maintenance tasks.

Requirements

Requirement Value
Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Header
Wbemdisp.h
IDL
Wbemdisp.idl

See also

Scripting API Constants

SWbemSecurity

WbemPrivilegeEnum

Executing Privileged Operations

Executing Privileged Operations Using VBScript