Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Central Access Policy ID Retrieval (CAPR) Protocol is designed to allow an administrative tool running on one computer to remotely query the set of central access control policies configured on another computer.
Central access policy objects are created in Active Directory using administrative authorization tools. Selected central access policy objects are deployed to other computers using Group Policy: Central Access Policies Extension (CAPE, described in [MS-GPCAP]). Other administrative tools can then use CAPR to determine which central policy objects have been deployed to a given remote computer.
Within CAPE and CAPR, central access policies are represented by Central Access Policy IDs (CAPIDs). A CAPID is simply the SID of a central access policy object within Active Directory.
The typical use scenario is as follows. An administrative interface tool uses CAPR to obtain the CAPIDs of one or more central access policy objects. The tool then uses these CAPIDs with CAPE and Lightweight Directory Access Protocol (LDAP): The Protocol, specified in [RFC4511], to obtain detailed information about the policies. That data can then be presented to the user and manipulated in whatever manner is appropriate to the administrative interface tool, such as to perform authorization tasks.
This protocol defines one RPC call, LsarGetAvailableCAPIDs, for client applications to use. See section 3.1.4.1 for details of this call's use.