Share via


SMS_SecuredObject Server WMI Class

 

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager

The SMS_SecuredObject Windows Management Instrumentation (WMI) class is an SMS Provider server class, in Configuration Manager, that represents a secured object.

The following syntax is simplified from Managed Object Format (MOF) code and includes all inherited properties.

Syntax

Class SMS_SecuredObject : SMS_BaseClass
{
     UInt32 AvailableClassPermissions;
     UInt32 AvailableInstancePermissions;
     UInt32 DefaultClassPermissions;
     UInt32 DefaultInstancePermissions;
     UInt32 ObjectKey
     String ObjectName;
};

Methods

The following table lists methods in SMS_SecuredObject.

Method

Description

GetCollectionsWithResourcePermissions Method in Class SMS_SecuredObject

Gets the list of collection identifiers for the collections to which the user has the specified permissions.

RefreshNTGroupMembership Method in Class SMS_SecuredObject

Refreshes the information stored about the user's Windows group membership.

UserHasPermissions Method in Class SMS_SecuredObject

Determines whether a user has permissions for an object.

Properties

  • AvailableClassPermissions
    Data type: UInt32

    Access type: Read-only

    Qualifiers: [bits]

    Set of available global permissions that can be set for the specified class. Possible values are listed below. The default value is 0.

    0

    READ

    1

    MODIFY

    2

    DELETE

    3

    DISTRIBUTE

    4

    Not used

    5

    REMOTE_CONTROL

    6

    ADVERTISE

    7

    MODIFY_RESOURCE

    8

    ADMINISTER

    9

    DELETE_RESOURCE

    10

    CREATE

    11

    VIEW_COLL_FILE

    12

    READ_RESOURCE

    13

    DELEGATE

    14

    METER

    15

    MANAGESQLCOMMAND

    16

    MANAGESTATUSFILTER

    17

    MANAGEFOLDER

    18

    NETWORKACCESS

    19

    IMPORTMACHINE

    20

    CREATETSMEDIA

    21

    MODIFYCOLLECTIONSETTING

    22

    MANAGEOSDCERTIFICATE

    23

    RECOVERUSERSTATE

  • AvailableInstancePermissions
    Data type: UInt32

    Access type: Read-only

    Qualifiers: [bits]

    Set of available permissions that can be set for an instance of the specified class. Possible values are listed below. The default value is 0.

    0

    READ

    1

    MODIFY

    2

    DELETE

    3

    DISTRIBUTE

    4

    Not used

    5

    REMOTE_CONTROL

    6

    ADVERTISE

    7

    MODIFY_RESOURCE

    8

    ADMINISTER

    9

    DELETE_RESOURCE

    10

    CREATE

    11

    VIEW_COLL_FILE

    12

    READ_RESOURCE

    13

    DELEGATE

    14

    METER

    15

    MANAGESQLCOMMAND

    16

    MANAGESTATUSFILTER

    17

    MANAGEFOLDER

    18

    NETWORKACCESS

    19

    IMPORTMACHINE

    20

    CREATETSMEDIA

    21

    MODIFYCOLLECTIONSETTING

    22

    MANAGEOSDCERTIFICATE

    23

    RECOVERUSERSTATE

  • DefaultClassPermissions
    Data type: UInt32

    Access type: Read/Write

    Qualifiers: [bits]

    Set of default permissions that all users and groups are granted for the specified class. Possible values are listed below. The default value is 0.

    0

    READ

    1

    MODIFY

    2

    DELETE

    3

    DISTRIBUTE

    4

    Not used

    5

    REMOTE_CONTROL

    6

    ADVERTISE

    7

    MODIFY_RESOURCE

    8

    ADMINISTER

    9

    DELETE_RESOURCE

    10

    CREATE

    11

    VIEW_COLL_FILE

    12

    READ_RESOURCE

    13

    DELEGATE

    14

    METER

    15

    MANAGESQLCOMMAND

    16

    MANAGESTATUSFILTER

    17

    MANAGEFOLDER

    18

    NETWORKACCESS

    19

    IMPORTMACHINE

    20

    CREATETSMEDIA

    21

    MODIFYCOLLECTIONSETTING

    22

    MANAGEOSDCERTIFICATE

    23

    RECOVERUSERSTATE

    24

    MANAGEBMC

    25

    VIEWBMC

  • DefaultInstancePermissions
    Data type: UInt32

    Access type: Read/Write

    Qualifiers: [bits]

    Set of default instance permissions that all users and groups are granted for the specified class. Possible values are listed below. The default value is 0.

    0

    READ

    1

    MODIFY

    2

    DELETE

    3

    DISTRIBUTE

    4

    Not used

    5

    REMOTE_CONTROL

    6

    ADVERTISE

    7

    MODIFY_RESOURCE

    8

    ADMINISTER

    9

    DELETE_RESOURCE

    10

    CREATE

    11

    VIEW_COLL_FILE

    12

    READ_RESOURCE

    13

    DELEGATE

    14

    METER

    15

    MANAGESQLCOMMAND

    16

    MANAGESTATUSFILTER

    17

    MANAGEFOLDER

    18

    NETWORKACCESS

    19

    IMPORTMACHINE

    20

    CREATETSMEDIA

    21

    MODIFYCOLLECTIONSETTING

    22

    MANAGEOSDCERTIFICATE

    23

    RECOVERUSERSTATE

    24

    MANAGEBMC

    25

    VIEWBMC

  • ObjectKey
    Data type: UInt32

    Access type: Read/Write

    Qualifiers: [key]

    Numeric key that describes the type of secured object being specified. Possible values are listed below. The default value is 0.

    1

    SMS_Collection Server WMI Class 

    2

    SMS_Package Server WMI Class 

    3

    SMS_Advertisement Server WMI Class 

    4

    SMS_StatusMessage Server WMI Class 

    5

    (Not used)

    6

    SMS_Site Server WMI Class 

    7

    SMS_Query Server WMI Class 

    8

    SMS_Report Server WMI Class 

    9

    SMS_MeteredProductRule Server WMI Class 

    10

    SMS_ApplicableUpdatesSummaryEx Server WMI Class

    11

    SMS_ConfigurationItem Server WMI Class

    14

    SMS_OperatingSystemInstallPackage Server WMI Class

    15

    SMS_Template Server WMI Class

    16

    SMS_UpdatesAssignment Server WMI Class

    17

    SMS_StateMigration Server WMI Class

    18

    SMS_ImagePackage Server WMI Class

    19

    SMS_BootImagePackage Server WMI Class

    20

    SMS_TaskSequencePackage Server WMI Class

    21

    SMS_DeviceSettingPackage Server WMI Class

    22

    SMS_DeviceSettingItem Server WMI Class

    23

    SMS_DriverPackage Server WMI Class

    24

    SMS_SoftwareUpdatesPackage Server WMI Class

    25

    SMS_Driver Server WMI Class

  • ObjectName
    Data type: String

    Access type: Read/Write

    Qualifiers: none

    Class name of the secured object.

Remarks

There are no special class qualifiers for this class. For more information about both the class qualifiers and the property qualifiers included in the Properties section, see Configuration Manager Class and Property Qualifiers.

The Configuration Manager objects that can be secured are defined by the ObjectKey property.

The DELEGATE permission applies to all objects listed in ObjectKey except SMS_StatusMessage.

METER only applies to the SMS_Site object and allows the targeting of metering rules to a site.

Manage SQL commands and Manage Status Filter only apply to SMS_Site. These permissions allow management of SQL commands and status filter rules, respectively. Because both of these permissions can allow arbitrary code to run with elevated privileges, they require special credentials.

For more information about SMS Provider rights, see Classes and Instances for Object Security in Configuration Manager.

Requirements

Runtime Requirements

For more information, see Configuration Manager Server Runtime Requirements.

Development Requirements

For more information, see Configuration Manager Server Development Requirements.