Definition of Terms for the Computer Management Provider API

The following Table CMP.1 includes terminology that is used in this API specification. This terminology can be useful to support the generation of XML requests that utilize the methods of the Computer Management Provider.

Table CMP.1: Term Definitions for Computer Management Provider Method Documentation Table caption

Term Definition
Privilege The right of a user to perform various system-related operations, such as shutting down the system, loading device drivers, or changing the system time. A user's access token contains a list of the privileges held by either the user or the user's groups.
Security Identifier (SID) A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account's SID rather than the account's user or group name.
Security Descriptor A structure and associated data that contains the security information for a securable object. A security descriptor identifies the object's owner and primary group. It can also contain a domain access control list (DACL) that controls access to the object, and a security access control list (SACL) that controls the logging of attempts to access the object.
Access Control List (ACL) A domain or namespace that is encompassed by a list of security protections that applies to an object. (An object can be a file, process, event, or anything else having a security descriptor.) An entry in an access control list is an access control entry (ACE). There are two types of access control lists, discretionary and system.
Access Control Entry (ACE) An entry in an access control list (ACL). An ACE contains a set of access rights and a security identifier (SID) that identifies a trustee for whom the rights are allowed, denied, or audited.
WinNT Paths The "Paths" recognized by this provider are valid paths as supported by the WinNT provider for ADSI. The path may or may not contain the domain component and the object type (class). The following formats are exemplary of various formats available:
  • WinNT://<domainName>/<computerName>/<object>,<objectType>
  • WinNT://<computerName>/<object>,<objectType>
  • WinNT://<computerName>
  • WinNT://FABRIKAM/MyServer/MyUser,user
Account Rights
  • SeBatchLogonRight
  • SeInteractiveLogonRight
  • SeNetworkLogonRight
  • SeServiceLogonRight
  • SeDenyBatchLogonRight
  • SeDenyInteractiveLogonRight
  • SeDenyNetworkLogonRight
  • SeDenyServiceLogonRight
Account Privileges
  • SeAssignPrimaryTokenPrivilege
  • SeAuditPrivilege
  • SeBackupPrivilege
  • SeChangeNotifyPrivilege
  • SeCreateGlobalPrivilege
  • SeCreatePagefilePrivilege
  • SeCreatePermanentPrivilege
  • SeCreateTokenPrivilege
  • SeDebugPrivilege
  • SeEnableDelegationPrivilege
  • SeImpersonatePrivilege
  • SeIncreaseBasePriorityPrivilege
  • SeIncreaseQuotaPrivilege
  • SeLoadDriverPrivilege
  • SeLockMemoryPrivilege
  • SeMachineAccountPrivilege
  • SeManageVolumePrivilege
  • SeProfileSingleProcessPrivilege
  • SeRemoteShutdownPrivilege
  • SeRestorePrivilege
  • SeSecurityPrivilege
  • SeShutdownPrivilege
  • SeSyncAgentPrivilege
  • SeSystemEnvironment
  • SeSystemProfilePrivilege
  • SeSystemtimePrivilege
  • SeTakeOwnershipPrivilege
  • SeTcbPrivilege
  • SeUndockPrivilege
  • SeUnsolicitedInputPrivilege