Creates and returns an interface or object that represents the trustee (such as a user, computer or security group) and permission that applies to a single object; for example, to a GPO, SOM or a WMI filter.
HRESULT CreatePermission( BSTR bstrTrustee, GPMPermissionType perm, VARIANT_BOOL bInheritable, IGPMPermission **ppPerm );
Required. Trustee name. This parameter can be a string that specifies the security identifier (SID) of the account. This parameter can also be a Security Accounts Manager (SAM) account name, such as "Engineering\JSmith".
Required. Permission to use for the trustee. The following policy-related permissions are supported. Note that each permission value represents one or more access rights that apply to the GPO.
The following GPO permissions are supported.
The trustee can apply the GPO. This value corresponds to the READ and APPLY Group Policy access rights being set to Allow for a user.
The trustee can read the GPO. This value corresponds to the READ Group Policy access right being set to Allow for a user.
The trustee can read and edit the policy settings for the GPO. This value corresponds to the READ, WRITE, CREATE CHILD OBJECT, and DELETE CHILD OBJECT Group Policy access rights being set to Allow for a user.
The trustee can read, edit and delete the permissions for the GPO. This value corresponds to the Group Policy access rights specified by permGPOEdit plus the DELETE, MODIFY PERMISSIONS, and MODIFY OWNER access rights being set to Allow for a user.
The following WMI filter permissions are supported.
The trustee can edit the WMI filter.
The trustee has full control over the WMI filter.
The following scope of management (SOM) permissions are supported.
The trustee can link GPOs to the SOM. Applies to sites, domains and OUs.
The trustee can generate RSoP logging data for the SOM. Applies to domains and OUs.
The trustee can generate RSoP planning data for the SOM. Applies to domains and OUs.
The trustee can create WMI filters in the domain. Applies to domains only.
The trustee has full control over all the WMI filters in the domain. Applies to domains only.
The trustee can create GPOs in the domain. Applies to domains only.
|C++||VARIANT_BOOL. If VARIANT_TRUE, children inherit the permission. Note that this parameter is significant only when you add permissions to security information using the IGPMSecurityInfo::Add method. This parameter is ignored for searches.|
|JScript||If true, children inherit the permission. Note that this parameter is significant only when you add permissions to security information using the GPMSecurityInfo.Add method. This parameter is ignored for searches.|
Address of a pointer to the IGPMPermission interface.
C++Returns S_OK if successful. Returns a failure code if an error occurs.
JScriptReturns a reference to a GPMPermission object.
VBReturns a reference to a GPMPermission object.
For more information about access control lists (ACLs), access rights, and the security model for controlling access to Windows objects, see Access Control. For more information about security groups, see How Security Groups are Used in Access Control in the Active Directory Programmer's Guide.
|Windows version||Windows Vista Windows Server 2008|