SccmAceString Simple Type
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
The SccmAceString simple type, in Configuration Manager:
<xs:simpleType name="SccmAceString">
<xs:restriction
base="string"
>
<xs:pattern
value= "\((A|D|OA|OD);[^;]*;((GA|GR|GW|GX|RC|SD|WD|WO|RP|WP|CC|DC|LC|SW|LO|DT|CR|KA|KR|KW|KX|FR|FW|FX|FA)+|(0x[0-9A-Fa-f]{1,8}));[^;]*;[^;]*;[^;]*\)"
/>
</xs:restriction>
</xs:simpleType>
Child Elements
| Element | Description |
|---|---|
Standard ACE SDDL String Format: |
ace_type;ace_flags;rights;object_guid;inherit_object_guid;account_sid |
Ace_type |
This will only allow for ALLOW and DENY type access control entries (ACEs). |
Ace_flags |
Not used. Any values specified here are ignored when doing the IsFullySpecified comparisons. So, IsFullySpecified is still not an exact match. |
Rights |
The values used here are the entire set of possible string ACE rights or a hexadecimal representation. |
Registry |
"KR" - key read "KA" - full control |
File/folder |
"FR" - file read "FW" - file write "FR" - file read "FX" - file execute "FA" - all access |
Object_guid |
Not used. Any values specified here are ignored when doing the IsFullySpecified comparisons. So, IsFullySpecified is still not an exact match. |
Inherit_object_guid |
Not used. Any values specified here are ignored when doing the IsFullySpecified comparisons. So, IsFullySpecified is still not an exact match. |
Account_sid |
This will either be one of the well-known security identifier (SID) strings or a non-resolved name. Non-resolved names must be wrapped in curly braces {}. Resolution will take place on the target computer where the evaluation occurs. |
See Also
Concepts
Authoring Desired Configuration Management Configuration Baselines and Configuration Items