Win32_NamedJobObjectSecLimitSetting class

The Win32_NamedJobObjectSecLimitSetting WMI class represents the security limit settings for a job object.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.

Syntax

[Dynamic, Provider("NamedJobObjectSecLimitSettingProv"), UUID("{F2D96E32-2A34-475b-878D-B0AE7657519F}"), AMENDMENT]
class Win32_NamedJobObjectSecLimitSetting : CIM_Setting
{
  string                Caption;
  string                Description;
  Win32_TokenPrivileges PrivilegesToDelete;
  Win32_TokenGroups     RestrictedSIDs;
  uint32                SecurityLimitFlags;
  string                SettingID;
  Win32_TokenGroups     SIDsToDisable;
};

Members

The Win32_NamedJobObjectSecLimitSetting class has these types of members:

Properties

The Win32_NamedJobObjectSecLimitSetting class has these properties.

Caption

Data type: string

Access type: Read-only

Qualifiers: MaxLen (64)

Short textual description of the CIM_Setting object.

This property is inherited from CIM_Setting.

Description

Data type: string

Access type: Read-only

Textual description of the CIM_Setting object.

This property is inherited from CIM_Setting.

PrivilegesToDelete

Data type: Win32_TokenPrivileges

Access type: Read-only

If the SecurityLimitFlags value is set to Filter Tokens you can delete privileges from a token. This property can be NULL if you do not want to delete privileges.

RestrictedSIDs

Data type: Win32_TokenGroups

Access type: Read-only

Deny-only security identifiers (SID) that are added to an access token, if the SecurityLimitFlags value is set to Filter Tokens. This property can be NULL if you do not want to specify deny-only SIDs.

SecurityLimitFlags

Data type: uint32

Access type: Read-only

Security limitations for a job. This property requires at least one of the following properties to be set: SIDsToDisable, PrivilegesToDelete, or RestrictedSIDs.

No Administrator (0)

Prevents a process in a job from using a token that specifies the local administrators group.

Restricted Token (1)

Prevents a process in a job from using a token that is not created with the CreateRestrictedToken function.

Specific Token (2)

Forces processes in a job to run under the specific user security token that owns the process.

Filter Tokens (3)

Applies a filter to a token when a process impersonates a client.

SettingID

Data type: string

Access type: Read-only

Qualifiers: Override (SettingID), Key

Instance of a job object security limit setting. Because they are kernel objects, job object names are case sensitive. However, Windows Management Instrumentation (WMI) keys are case insensitive and must specified to distinguish case. To indicate a capital letter, precede the letter by a backslash. For example, "A" and "a" are lowercase and "\A" and "\a" are uppercase.

SIDsToDisable

Data type: Win32_TokenGroups

Access type: Read-only

SIDs to disable for access checking, if the SecurityLimitFlags value is set to Filter Tokens. This property can be NULL if you do not want to disable SIDs.

Remarks

The Win32_NamedJobObjectSecLimitSetting class is derived from CIM_Setting.

Requirements

Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Namespace
Root\CIMV2
MOF
Wmipjobj.mof
DLL
Wmipjobj.dll

See also

CIM_Setting

Operating System Classes