Share via


SccmAceString Simple Type

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

The SccmAceString simple type, in Configuration Manager:

<xs:simpleType name="SccmAceString">
    <xs:restriction
        base="string"
    >
                <xs:pattern
              value= "\((A|D|OA|OD);[^;]*;((GA|GR|GW|GX|RC|SD|WD|WO|RP|WP|CC|DC|LC|SW|LO|DT|CR|KA|KR|KW|KX|FR|FW|FX|FA)+|(0x[0-9A-Fa-f]{1,8}));[^;]*;[^;]*;[^;]*\)"
                  />
    </xs:restriction>
</xs:simpleType>

Child Elements

Element Description

Standard ACE SDDL String Format:

ace_type;ace_flags;rights;object_guid;inherit_object_guid;account_sid

Ace_type

This will only allow for ALLOW and DENY type access control entries (ACEs).

Ace_flags

Not used.

Any values specified here are ignored when doing the IsFullySpecified comparisons. So, IsFullySpecified is still not an exact match.

Rights

The values used here are the entire set of possible string ACE rights or a hexadecimal representation.

Registry

"KR" - key read

"KA" - full control

File/folder

"FR" - file read

"FW" - file write

"FR" - file read

"FX" - file execute

"FA" - all access

Object_guid

Not used.

Any values specified here are ignored when doing the IsFullySpecified comparisons. So, IsFullySpecified is still not an exact match.

Inherit_object_guid

Not used.

Any values specified here are ignored when doing the IsFullySpecified comparisons. So, IsFullySpecified is still not an exact match.

Account_sid

This will either be one of the well-known security identifier (SID) strings or a non-resolved name. Non-resolved names must be wrapped in curly braces {}. Resolution will take place on the target computer where the evaluation occurs.

See Also

Concepts

Authoring Desired Configuration Management Configuration Baselines and Configuration Items