MSFT_NetConSecRule class
A Connection Security Rule.
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.
Syntax
class MSFT_NetConSecRule : MSFT_NetSARule
{
uint16 Mode;
boolean AllowSetKey;
boolean AllowWatchKey;
uint32 MaxReturnPathLifetimeSeconds;
uint16 InboundSecurity;
uint16 OutboundSecurity;
uint16 KeyModule;
boolean RequireAuthorization;
string Users;
string Machines;
string LocalTunnelEndpoint[];
string RemoteTunnelEndpointDNSName;
string RemoteTunnelEndpoint[];
boolean BypassTunnelIfEncrypted;
string Platforms[];
string RuleGroup;
string DisplayGroup;
uint16 Profiles;
string MainModeCryptoSet;
string QuickModeCryptoSet;
string Phase1AuthSet;
string Phase2AuthSet;
uint16 PrimaryStatus;
uint32 StatusCode;
string Status;
uint16 EnforcementStatus[];
uint16 PolicyStoreSourceType;
string PolicyStoreSource;
string SystemCreationClassName;
string SystemName;
string CreationClassName;
string PolicyRuleName;
uint16 ConditionListType;
string RuleUsage;
uint16 Priority;
boolean Mandatory;
uint16 SequencedActions;
uint16 ExecutionStrategy;
uint16 PolicyDecisionStrategy;
string PolicyRoles[];
uint16 Enabled = 1;
string CommonName;
string PolicyKeywords[];
string InstanceID;
string Caption;
string DisplayName;
string Description;
string ElementName;
};
Members
The MSFT_NetConSecRule class has these types of members:
Methods
The MSFT_NetConSecRule class has these methods.
| Method | Description |
|---|---|
| CloneObject | Copy this rule. |
| Disable | Disable this rule. |
| Enable | Enable this rule. |
| EnumerateFull | Enumerate all parts of all rules |
| Find | Retrieves the specified connection security rule. |
| Rename | Rename this rule. |
| SetPolicyDelta | Apply IPsec policy deltas |
| SyncPolicyDelta | Synchronize IPsec policy |
Properties
The MSFT_NetConSecRule class has these properties.
-
AllowSetKey
-
-
Data type: boolean
-
Access type: Read-only
Whether to allow Trusted Intermediaries to set the key of SA's created by this rule.
-
-
AllowWatchKey
-
-
Data type: boolean
-
Access type: Read-only
Whether to allow Trusted Intermediaries to be notified when the encryption keys for this SA change.
-
-
BypassTunnelIfEncrypted
-
-
Data type: boolean
-
Access type: Read-only
Allow traffic that is already encrypted to bypass the tunnel.
-
-
Caption
-
-
Data type: string
-
Access type: Read-only
-
Qualifiers: Override, MaxLen ( 64 )
The Caption property is a short textual description (one- line string) of the object.
-
-
CommonName
-
-
Data type: string
-
Access type: Read-only
This field is ignored.
-
-
ConditionListType
-
-
Data type: uint16
-
Access type: Read-only
This field is ignored.
-
-
CreationClassName
-
-
Data type: string
-
Access type: Read-only
Reserved for internal use by the WMI provider only.
-
-
Description
-
-
Data type: string
-
Access type: Read-only
A brief description of the rule. May be an indirect string. If it is an indirect string, then it may not be overwritten.
-
-
DisplayGroup
-
-
Data type: string
-
Access type: Read-only
The group that this rule belongs to. This field is based on the value of RuleGroup and changes to this field are ignored.
-
-
DisplayName
-
-
Data type: string
-
Access type: Read-only
The localized name of this rule. This field's value is based on the value of ElementName. Changes to this field are ignored.
-
-
ElementName
-
-
Data type: string
-
Access type: Read-only
The locale-independent name of the rule. May be an indirect string.
-
-
Enabled
-
-
Data type: uint16
-
Access type: Read-only
Indicates whether this rule is administratively enabled or disabled.
-
Enabled (1)
-
Disabled (2 )
-
-
EnforcementStatus
-
-
Data type: uint16 array
-
Access type: Read-only
If this object is retrieved from the ActiveStore, describes the current enforcement status of the rule.
-
Invalid (0)
-
Full (1)
-
FirewallOffInProfile (2)
-
CategoryOff (3)
-
DisabledObject (4)
-
InactiveProfile (5)
-
LocalAddressResolutionEmpty (6)
-
RemoteAddressResolutionEmpty (7)
-
LocalPortResolutionEmpty (8)
-
RemotePortResolutionEmpty (9)
-
InterfaceResolutionEmpty (10)
-
ApplicationResolutionEmpty (11)
-
RemoteMachineEmpty (12)
-
RemoteUserEmpty (13)
-
LocalGlobalOpenPortsDisallowed (14)
-
LocalAuthorizedApplicationsDisallowed (15)
-
LocalFirewallRulesDisallowed (16)
-
LocalConsecRulesDisallowed (17)
-
NotTargetPlatform (18)
-
OptimizedOut (19)
-
LocalUserEmpty (20)
-
TransportMachinesEmpty (21)
-
TunnelMachinesEmpty (22)
-
TupleResolutionEmpty (23 )
-
-
ExecutionStrategy
-
-
Data type: uint16
-
Access type: Read-only
This field is ignored.
-
-
InboundSecurity
-
-
Data type: uint16
-
Access type: Read-only
Determines how aggressively to enforce security on inbound traffic.
-
Never (0)
-
Request (1)
-
Require (2 )
-
-
InstanceID
-
-
Data type: string
-
Access type: Read-only
A string that uniquely identifies this instance within the PolicyStore.
-
-
KeyModule
-
-
Data type: uint16
-
Access type: Read-only
Which keying modules to use.
-
IKEv1 (0x1)
-
IKEv2 (0x4)
-
AuthIP (0x2 )
-
-
LocalTunnelEndpoint
-
-
Data type: string array
-
Access type: Read-only
The local tunnel endpoint address.
-
-
Machines
-
-
Data type: string
-
Access type: Read-only
Authorized machines for transport mode, specified as an SDDL string.
-
-
MainModeCryptoSet
-
-
Data type: string
-
Access type: Read-only
The InstanceID of the MainModeCryptoSet to use for Main Mode.
-
-
Mandatory
-
-
Data type: boolean
-
Access type: Read-only
This field is ignored.
-
-
MaxReturnPathLifetimeSeconds
-
-
Data type: uint32
-
Access type: Read-only
The maximum lifetime, in seconds, for SA's created by this rule across the forwarding path.
-
-
Mode
-
-
Data type: uint16
-
Access type: Read-only
The IPsec Encapsulation Mode that should be used.
-
Transport Mode (1)
-
Tunnel Mode (2 )
-
-
OutboundSecurity
-
-
Data type: uint16
-
Access type: Read-only
Determines how aggressively to enforce security on outbound traffic.
-
Never (0)
-
Request (1)
-
Require (2 )
-
-
Phase1AuthSet
-
-
Data type: string
-
Access type: Read-only
The InstanceID of the Phase1AuthenticationSet to use for Phase 1 auth.
-
-
Phase2AuthSet
-
-
Data type: string
-
Access type: Read-only
The InstanceID of the Phase2AuthenticationSet to use for Phase 2 auth.
-
-
Platforms
-
-
Data type: string array
-
Access type: Read-only
Specifies which platforms the rule is applicable on. If null, the rule applies to all platforms (the default). Each entry takes the form Major.Minor+, for instance 6.0, 6.1+, or 6.2. If + is specified, then it means that the rule applies to that version or greater. For instance, Windows Vista could be represented as 6 or 6.0, and Windows 7 or later would be represented as 6.1+. + may only be attached to the final item in the list. 6.0+ is not valid because it means the same thing as null (all platforms).
-
-
PolicyDecisionStrategy
-
-
Data type: uint16
-
Access type: Read-only
This field is ignored.
-
-
PolicyKeywords
-
-
Data type: string array
-
Access type: Read-only
This field is ignored.
-
-
PolicyRoles
-
-
Data type: string array
-
Access type: Read-only
This field is ignored.
-
-
PolicyRuleName
-
-
Data type: string
-
Access type: Read-only
Reserved for internal use by the WMI provider only.
-
-
PolicyStoreSource
-
-
Data type: string
-
Access type: Read-only
If this object is retrieved from the ActiveStore, with the TracePolicyStoreSource option set, contains the path to the PolicyStore where this rule originally came from.
-
-
PolicyStoreSourceType
-
-
Data type: uint16
-
Access type: Read-only
If this object is retrieved from the ActiveStore, with the TracePolicyStoreSource option set, describes the type of PolicyStore where this rule originally came from.
-
-
PrimaryStatus
-
-
Data type: uint16
-
Access type: Read-only
PrimaryStatus provides a high level status value, intended to align with Red-Yellow-Green type representation of status. It should be used in conjunction with DetailedStatus to provide high level and detailed health status of the ManagedElement and its subcomponents. PrimaryStatus consists of one of the following values: Unknown, OK, Degraded or Error. "Unknown" indicates the implementation is in general capable of returning this property, but is unable to do so at this time. "OK" indicates the ManagedElement is functioning normally. "Degraded" indicates the ManagedElement is functioning below normal. "Error" indicates the ManagedElement is in an Error condition.
-
Unknown (0)
-
OK (1)
-
Degraded (2)
-
Error (3)
-
DMTF Reserved (..)
-
Vendor Reserved (0x8000.. )
-
-
Priority
-
-
Data type: uint16
-
Access type: Read-only
This field is ignored.
-
-
Profiles
-
-
Data type: uint16
-
Access type: Read-only
Which profiles this rule is active on.
-
Any (0)
-
Public (0x4)
-
Private (0x2)
-
Domain (0x1 )
-
-
QuickModeCryptoSet
-
-
Data type: string
-
Access type: Read-only
The InstanceID of the QuickModeCryptoSet to use for Quick Mode.
-
-
RemoteTunnelEndpoint
-
-
Data type: string array
-
Access type: Read-only
The remote tunnel endpoint(s).
-
-
RemoteTunnelEndpointDNSName
-
-
Data type: string
-
Access type: Read-only
A Fully-Qualified Domain Name that resolves to a list of allowed Remote Endpoints. If present, the value in RemoteEndpoint will be used initially, but will be replaced with all the IP addresses that this name resolves to.
-
-
RequireAuthorization
-
-
Data type: boolean
-
Access type: Read-only
Require authorization for endpoints. The authorization list is part of the IPsec Globals.
-
-
RuleGroup
-
-
Data type: string
-
Access type: Read-only
The locale-independent name for the group that this rule belongs to. If this field is non-null, then Windows Firewall with Advanced Security assumes that this rule belongs to a Windows component or an installed application, and some parts of the rule are protected (including but not limited to the Name, Description, Program, and Service).
-
-
RuleUsage
-
-
Data type: string
-
Access type: Read-only
This field is ignored.
-
-
SequencedActions
-
-
Data type: uint16
-
Access type: Read-only
This field is ignored.
-
-
Status
-
-
Data type: string
-
Access type: Read-only
The detailed status of the rule, as a string.
-
-
StatusCode
-
-
Data type: uint32
-
Access type: Read-only
The detailed status of the rule, as a numeric error code.
-
-
SystemCreationClassName
-
-
Data type: string
-
Access type: Read-only
Reserved for internal use by the WMI provider only.
-
-
SystemName
-
-
Data type: string
-
Access type: Read-only
Reserved for internal use by the WMI provider only.
-
-
Users
-
-
Data type: string
-
Access type: Read-only
Authorized users for transport mode, specified as an SDDL string.
-
Requirements
| Minimum supported client |
Windows 8 |
| Minimum supported server |
Windows Server 2012 |
| Namespace |
Root\StandardCimv2 |
| MOF |
|
| DLL |
|