Index | Leveraging WMI Scripting: Using Windows Management Instrumentation to Solve Windows Management Problems (HP Technologies)

A

Abstract classes, 20

Access Control Entries (ACEs)

access-allowed, 711

access-denied, 711

ACE AccessMask property, 626–27, 637–91

ACE Flags property, 632–35

ACE Flag Type property, 626, 635–37

ACE InheritedObjectType property, 651, 678–80

ACE ObjectType property, 648, 652–78

ACE Trustee property, 627

ACE Type property, 627–32

adding, in ADSI object model, 499–701

adding, in WMI object model, 701–3

deciphering, 626–91

defined, 545

defined in security descriptor, 624

elements, 546

Extended Rights reference, 666

inheritance, customizing, 677

inheritance control, 632

inheritance support, 625

inheritance to specific object class, 678

inherited, 624, 696, 711

properties, 626

properties, changing, 644

removing, 643, 703–10

removing, in ADSI object model, 703–7

removing, in WMI object model, 707–10

reordering, 710–15

reordering, in ADSI object model, 711–13

reordering, in WMI object model, 713–15

AccessControlEntry object, 548, 616, 701

AccessControlList object, 548

Access Control Lists (ACLs)

deciphering, 625–26

defined, 545

Discretionary (DACL), 545

editor, 710

System (SACL), 546, 551

ACE AccessMask property, 626–27, 637–91

Active Directory object, 648–80

Active Directory object values, 649–52

CIM repository namespace, 687–91

equal value, 667, 668, 670, 679

Exchange 2000 mailbox, 680–84

Exchange 2000 mailbox values, 681

files and folders, 637–44

files and folders values, 642

file system share, 644–47

file system share values, 645

inheritance, 641

registry key, 684–87

registry key values, 684

See also Access Control Entries (ACEs)

ACE Flags property, 632–35

deciphering, 632, 633–34

defined, 632

for Exchange 2000 mailbox, 682

file system share and, 646

inheritance flags, 632–33

values, 634–35

See also Access Control Entries (ACEs)

ACE FlagType property, 626

deciphering, 635–36

defined, 635

values, 636–37

See also Access Control Entries (ACEs)

ACE InheritedObjectType property, 651, 678–80

setting, 680

understanding, 678–80

ACE ObjectType property, 648

deciphering logic, 670

to grant/deny object creation/deletion, 669

GUID number, 667, 668, 670, 679

GUID number origins summary, 676

understanding, 652–78

See also Access Control Entries (ACEs)

ACE Trustee property, 627

ACE Type property, 627–32

Active Directory Extended Rights and, 630–31

for Active Directory security descriptor, 630

aim, 627

bitwise operation, 627

deciphering, 627–32

equal value, 667, 668, 670, 679

function, 627–29

for non-Active Directory security descriptor, 629

values, 670

See also Access Control Entries (ACEs)

Active Directory

classes, 373, 375, 376

creating in, 378–81

Domain Controller, 153

group memberships, monitoring, 383–86

mapping, 375

msExchMailboxSecurityDescriptor, 725

Naming Contexts, 652

objects, creating, 378–79

organizationalPerson class, 373, 374

person class, 373, 374

querying, 381

replication state, 397–99, 401–2

rights, 652

rights, deciphering, 648

schema, 373, 375

search depth, 382

searching in, 381–83

security descriptor inheritance flags, 633

top class, 373, 374

updating in, 378–81

user class, 373, 374, 376

Active Directory Extended Rights

ACE reference to, 666

ACE Type property and, 630–31

"Add/Remove self as member," 677

attributes links, 657

defined, 652

enforced by Active Directory, 653

enforced by applications, 653

enforced by system to perform extra checking, 653

example, 653, 654

GUID number, 655

list of, 658–65

location, 652

name, 666

"Personal Information," 677

"Send As," 677

understanding, 651–52

under Windows Server 2003, 658–65

validAccess attribute value, 657

Active Directory object ACE AccessMask property, 648–80

deciphering, 648

flag values, 652

management, 648

values (advanced view), 651

values (standard view), 649–50

Active Directory object security descriptors, 571–75

with ADSI connection, 573–75

connecting to, 571–75

registry keys retrieval with, 600–602

retrieving, 594–97

retrieving with ADSI, 596–97

retrieving with WMI, 594–96

updating, 721–24

updating, with ADSI, 723–24

updating, with WMI, 721–23

with WMI connection, 571–73

Active Directory providers, 211

activity in log file, 391

capabilities, 372

classes, 377

debugging, 391–94

defined, 212

DS_LDAP_Class_Containment class, 376, 377

DS_LDAP_Instance_Containment class, 376, 377

Level registry key for, 392

RootDSE class, 377

trace logging of, 391

See also WMI providers

Active Directory Replication provider, 394–405

capabilities, 394

classes, 394

defined, 394

implementation, 395

location, 394

MSAD_DomainController class, 395, 400

MSAD_NamingContext class, 399

MSAD_ReplCursor class, 400

MSAD_ReplNeighbor class, 401

MSAD_ReplPendingOp class, 399

Active Directory Service Interfaces. See ADSI

Active Directory Trust Monitoring provider, 211

Active Server Page. See ASP scripts

AddAce() function, 564, 571, 699–701

AccessMask parameter, 700

ACEFlags parameter, 700

ACEType parameter, 700

ACLType parameter, 700, 701, 702

InheritedObjectType parameter, 700

ObjectType parameter, 700

objSD parameter, 699

objWMIServices parameter, 699

Password parameter, 699

SDType parameter, 700

SIDResolutionDC parameter, 699

Trustee parameter, 700

UserID parameter, 699

ADSIHelper object, 595, 598

ActiveX DLL, 608, 609

defined, 608

methods, 608

ADSI object model

adding ACEs in, 699–701

removing ACEs in, 703–7

reordering ACEs in, 711–13

ADSI security descriptor representation, 544, 547–49

ACLs, deciphering, 626

Active Directory objects connection with, 573–75

Active Directory objects retrieval with, 596–97

Active Directory update with, 723–24

CIM repository namespaces connection with, 585

conversion, 607–9

deciphering, 616–19

Exchange 2000 mailbox connection with, 578–79

Exchange 2000 mailbox retrieval with, 598–99

Exchange 2000 mailbox update with, 727–28

file/folder connection with, 565–67

file/folder retrieval with, 587–92

file/folder update with, 718–19

file system share connection with, 569–71

file system share retrieval with, 593–94

file system share update with, 720–21

logical structure, 548

registry keys connection with, 581–83

ADSI WMI Extension, 737–38

ADsSecurity.DLL, 589, 618, 729

ADsSecurity object, 565, 566, 573, 581

GetSecurityDescriptor method, 602

SecurityMask property, 601

ADsSecurityUtility object, 565, 569, 570, 581, 587, 589

bug, 602, 719

ConvertSecurityDescriptor method, 608

for security descriptor conversion, 608

SecurityMask property, 597

ADSUTIL.VBS script, 781

Application WMI providers, 741–860

Cluster, 747–49

Exchange 2000, 785–802

IIS, 776–85

Internet Explorer, 811–13

Microsoft Office, 809–11

Network Load-Balancing, 741–47

OVOW, 825–43

SQL Server 2000, 802–9

Terminal Server, 749–71

WDM, 771–75

See also WMI providers

Arrays

intKeyTypes, 239

strSubKeys, 236, 239

ASP scripts

anonymous/basic authentication, 538

authentication settings, 536–39

configuration under Windows 2000+, 537–38

configuration under Windows NT, 536–37

running, 536

Association view classes

creation, 516

defined, 509

listing, 514–15

output, 517

Win32_DiskQuota class and, 516

Asynchronous event notification, 883–84

Asynchronous scripting, 732–37

access checks and, 734

precautions, 734

AttributeSchema object, 655–56

Authentication

anonymous/basic, 538

definition locations, 539

passport/digest, 537–38

settings, 536–38

WIA, 537

See also Security

AutoDiscovery/AutoPurge (ADAP), 492