IGPMSecurityInfo interface (gpmgmt.h)

The IGPMSecurityInfo interface defines the methods of the GPMSecurityInfo collection. This collection represents a set of policy-related permissions that can be set on a particular object, such as a scope of management (SOM), a GPO, or a WMI filter.


The IGPMSecurityInfo interface inherits from the IDispatch interface. IGPMSecurityInfo also has these types of members:


The IGPMSecurityInfo interface has these methods.


Adds the permission specified in a GPMPermission object to the GPMSecurityInfo collection. You can add a permission that is above the level of existing permissions. For more information about restrictions that apply, see the following Remarks section.

Retrieves an enumerator for the collection.

Returns the number of GPMPermission objects in the collection.

Given an index, returns a GPMPermission object from the collection.

Removes the permission specified in a given GPMPermission object from the GPMSecurityInfo collection.

Removes all policy-related permissions for the specified trustee. A trustee is a user, computer, or security group that can be granted permissions on a GPO, SOM, or WMI filter.


The interface divides the policy-related permissions into categories. The following table lists the categories, permissions included in the categories, and the object to which they can be applied.

Securable object Permission category Permission level
Site GPO linking permSOMLink
OU GPO linking permSOMLink
RSoP logging permSOMLogging
RSoP planning permSOMPlanning
Domain GPO linking permSOMLink
Creating GPOs permSOMGPOCreate
RSoP logging permSOMLogging
RSoP planning permSOMPlanning
Creating WMI filters permSOMWMICreate
WMI filter Editing WMI filters permWMIFilterEdit
Full control of all WMI filters permWMIFilterFullControl
Custom control of WMI filters permWMIFilterCustom
GPO Security filtering permGPOApply
Delegation permGPORead

The GPMSecurityInfo collection represents a collection of GPMPermission objects for a particular SOM, GPO, or WMI filter. Note however, that although the GPMSecurityInfo object is a collection object, it is not a typical collection object. This is because no action occurs if the Add method attempts to add a GPMPermission object for a trustee and the permission is below the level of an existing permission for that trustee. For more information, see the Add method.

For more information about policy-related permissions, see IGPM::CreatePermission.


Minimum supported client Windows Vista
Minimum supported server Windows Server 2008
Target Platform Windows
Header gpmgmt.h

See also