2.2.1.4 Domain ACCESS_MASK Values
These are the specific values available to describe the access control on a domain object. A bitwise OR operation can be performed on these values, along with values from section 2.2.1.1. For more information on the message processing of these values, see section 3.1.5.1.2.
|
Constant/value |
Description |
|---|---|
|
DOMAIN_READ_PASSWORD_PARAMETERS 0x00000001 |
Specifies access control to read password policy. |
|
DOMAIN_WRITE_PASSWORD_PARAMS 0x00000002 |
Specifies access control to write password policy. |
|
DOMAIN_READ_OTHER_PARAMETERS 0x00000004 |
Specifies access control to read attributes not related to password policy. |
|
DOMAIN_WRITE_OTHER_PARAMETERS 0x00000008 |
Specifies access control to write attributes not related to password policy. |
|
DOMAIN_CREATE_USER 0x00000010 |
Specifies access control to create a user object. |
|
DOMAIN_CREATE_GROUP 0x00000020 |
Specifies access control to create a group object. |
|
DOMAIN_CREATE_ALIAS 0x00000040 |
Specifies access control to create an alias object. |
|
DOMAIN_GET_ALIAS_MEMBERSHIP 0x00000080 |
Specifies access control to read the alias membership of a set of SIDs. |
|
DOMAIN_LIST_ACCOUNTS 0x00000100 |
Specifies access control to enumerate objects. |
|
DOMAIN_LOOKUP 0x00000200 |
Specifies access control to look up objects by name and SID. |
|
DOMAIN_ADMINISTER_SERVER 0x00000400 |
Specifies access control to various administrative operations on the server. |
|
DOMAIN_ALL_ACCESS 0x000F07FF |
The specified accesses for a GENERIC_ALL request. |
|
DOMAIN_READ 0x00020084 |
The specified accesses for a GENERIC_READ request. |
|
DOMAIN_WRITE 0x0002047A |
The specified accesses for a GENERIC_WRITE request. |
|
DOMAIN_EXECUTE 0x00020301 |
The specified accesses for a GENERIC_EXECUTE request. |