Win32_NamedJobObjectSecLimitSetting class
The Win32_NamedJobObjectSecLimitSetting WMI class represents the security limit settings for a job object.
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.
Syntax
[Dynamic, Provider("NamedJobObjectSecLimitSettingProv"), UUID("{F2D96E32-2A34-475b-878D-B0AE7657519F}"), AMENDMENT]
class Win32_NamedJobObjectSecLimitSetting : CIM_Setting
{
string Caption;
string Description;
Win32_TokenPrivileges PrivilegesToDelete;
Win32_TokenGroups RestrictedSIDs;
uint32 SecurityLimitFlags;
string SettingID;
Win32_TokenGroups SIDsToDisable;
};
Members
The Win32_NamedJobObjectSecLimitSetting class has these types of members:
Properties
The Win32_NamedJobObjectSecLimitSetting class has these properties.
-
Caption
-
-
Data type: string
-
Access type: Read-only
-
Qualifiers: MaxLen (64)
Short textual description of the CIM_Setting object.
This property is inherited from CIM_Setting.
-
-
Description
-
-
Data type: string
-
Access type: Read-only
Textual description of the CIM_Setting object.
This property is inherited from CIM_Setting.
-
-
PrivilegesToDelete
-
-
Data type: Win32_TokenPrivileges
-
Access type: Read-only
If the SecurityLimitFlags value is set to Filter Tokens you can delete privileges from a token. This property can be NULL if you do not want to delete privileges.
-
-
RestrictedSIDs
-
-
Data type: Win32_TokenGroups
-
Access type: Read-only
Deny-only security identifiers (SID) that are added to an access token, if the SecurityLimitFlags value is set to Filter Tokens. This property can be NULL if you do not want to specify deny-only SIDs.
-
-
SecurityLimitFlags
-
-
Data type: uint32
-
Access type: Read-only
Security limitations for a job. This property requires at least one of the following properties to be set: SIDsToDisable, PrivilegesToDelete, or RestrictedSIDs.
-
-
No Administrator (0)
-
Prevents a process in a job from using a token that specifies the local administrators group.
-
Restricted Token (1)
-
Prevents a process in a job from using a token that is not created with the CreateRestrictedToken function.
-
Specific Token (2)
-
Forces processes in a job to run under the specific user security token that owns the process.
-
Filter Tokens (3)
-
Applies a filter to a token when a process impersonates a client.
SettingID
Instance of a job object security limit setting. Because they are kernel objects, job object names are case sensitive. However, Windows Management Instrumentation (WMI) keys are case insensitive and must specified to distinguish case. To indicate a capital letter, precede the letter by a backslash. For example, "A" and "a" are lowercase and "\A" and "\a" are uppercase.
SIDsToDisable
-
Data type: Win32_TokenGroups
-
Access type: Read-only
SIDs to disable for access checking, if the SecurityLimitFlags value is set to Filter Tokens. This property can be NULL if you do not want to disable SIDs.
Remarks
The Win32_NamedJobObjectSecLimitSetting class is derived from CIM_Setting.
Requirements
| Minimum supported client |
Windows Vista |
| Minimum supported server |
Windows Server 2008 |
| Namespace |
Root\CIMV2 |
| MOF |
|
| DLL |
|