GPPermissionCollection.Remove Method (GPPermission)

  • Article

 

Removes the permission specified in the specified GPPermission object from the GPPermissionCollection instance.

Namespace:   Microsoft.GroupPolicy
Assembly:  Microsoft.GroupPolicy.Management (in Microsoft.GroupPolicy.Management.dll)

Syntax

public void Remove(
    GPPermission item
)

public:
void Remove(
    GPPermission^ item
)

member Remove : 
        item:GPPermission -> unit

Public Sub Remove (
    item As GPPermission
)

Parameters

Exceptions

Exception Condition
ArgumentNullException

item is null.

Remarks

You cannot remove Inherited permissions. To determine if a permission is Inherited, you can examine the GPPermission.Inherited property.

The method checks for the existence of the specified GPPermission object, which is the pairing of a trustee (which is a user, computer, or security group) and a permission that applies to a single object, for example, to a GPO, SOM, or WMI filter. If the object exists in the collection, the method removes it.

If the permission specified for removal represents a higher level than the permission that exists for the trustee, the method removes the lower level permission. An example of this situation is specifying the removal of the GpoEditDeleteModifySecurity permission when the trustee has the lower GpoEdit permission instead. In this case, the method removes the GpoEdit permission.

If the permission specified for removal represents a lower level than the permission that exists for the trustee, no action is taken.

On successful removal of a permission, the method updates all enumerators returned by the GetEnumerator method, even if a removal occurs during the enumeration of elements.

For more information about policy-related permissions, see GPPermissionType.

For more information about security groups, see How Security Groups are Used in Access Control in the Active Directory Programmer's Guide.

See Also

GPPermissionCollection Class
Microsoft.GroupPolicy Namespace

Return to top