2.2.1.11.1 Group Inner Element

  • Article

This element refers to a security group object that is local to the client computer. The group can be created, deleted, or modified by the element.

The Local Groups element maintains local groups and delivers the same functionality as the NetLocalGroupAdd API. For more information, see [MSDN-NETLCLGRPADD].

Attribute name

Description

action

(optional) If specified, the value MUST be C, D, R, or U, corresponding to Create, Delete, Replace, and Update. If unspecified, the default value is U.

  • Create: This action MUST be used to create a new local group. If the local group exists, then it MUST NOT be modified, and an error MUST NOT be returned.

  • Delete: This action MUST be used to remove a local group. If the group does not exist, then the client MUST NOT perform an action, and an error MUST NOT be returned.

  • Replace: This action MUST be used to delete and re-create a local group for the client computer. The net result of the Replace action MUST be to overwrite all existing settings associated with the local group. If the local group does not exist, then the Replace action MUST create a new local group.

  • Update: This action MUST be used to rename or modify settings, including group membership, of an existing group. This action differs from Replace in that it MUST update the settings defined within the preference item. All other settings MUST remain as previously configured. If the local group does not exist, then a new local group MUST be created.

    Note The Update action MUST NOT change the SID of the group.

groupName

 MUST be the name of the targeted local group. The preference protocol MUST create a new group with this name if the group does not exist. If the group exists, the preference protocol MUST use the group with this name as the target of the requested action.

groupSid

 (optional) MUST be the SID of a local group on the client machine. If groupSid is specified, it MUST take precedence over the groupName.<9>

newName

(optional) MUST set the new name of the local group. This option is only applicable when using the Update action. The preference protocol MUST rename the group with the name that matches in groupName to the name provided in newName.

description

(optional) MUST be text used to describe the purpose or use of the local group.

userAction

(optional) MUST be ADD or REMOVE to add the current user to the group.

removeAccounts

(optional) MUST be set to 1 to prevent the user currently logged on from being added to or removed from the local group.

deleteAllUsers

(optional) MUST be set to 1 to remove all the user accounts that are members of the local group. The preference protocol MUST perform this work prior to processing the members list defined in the preference item.

deleteAllGroups

 (optional) MUST be set to 1 to remove all the group accounts that are members of the local group. The preference protocol MUST perform this work prior to processing the members list defined in the preference item.

Members

 (optional) List of zero or more Member elements. Each Member element MUST contain a name or sid, and an action.

Member

(optional) Each Member element names a local group member to be added or removed from the local group. There can be zero to many Member elements added within the Members element.

name

(optional) MUST be set to the name of a selected user to add or remove from a local group.

sid

(optional) MUST be the local SID of the user to be added or removed from the local group. If sid is specified, it MUST take precedence over the name.

action

(optional) MUST be ADD or REMOVE for each user from the Members list.