[Flags]
public enum SI_SECURITY_INFORMATION : uint
{
Owner = 0x00000001,
Group = 0x00000002,
Dacl = 0x00000004,
Sacl = 0x00000008,
Label = 0x00000010,
ProtectedDacl = 0x80000000,
ProtectedSacl = 0x40000000,
UnprotectedDacl = 0x20000000,
UnprotectedSacl = 0x10000000
}
/// <summary>
/// A set of bit flags that determine the editing options available to the user. This member can be a combination of the following values.
/// </summary>
[Flags]
public enum SI_OBJECT_FLAGS : uint
{
/// <summary>
/// If this flag is set, the Advanced button is displayed on the basic security property page.
/// If the user clicks this button, the system displays an advanced security property sheet that enables advanced editing of the discretionary access control list (DACL) of the object.
/// Combine this flag with the SI_EDIT_AUDITS, SI_EDIT_OWNER, and SI_EDIT_PROPERTIES flags to enable editing of the object's SACL, owner, and object-specific access control entries (ACEs).
/// </summary>
SI_ADVANCED = 0x00000010,
/// <summary>
/// If this flag is set, a shield is displayed on the Edit button of the advanced Auditing pages. For NTFS objects, this flag is requested when the user does not have READ_CONTROL or ACCESS_SYSTEM_SECURITY access.
/// </summary>
/// <remarks>Windows Server 2003 and Windows XP: This flag is not supported.</remarks>
SI_AUDITS_ELEVATION_REQUIRED = 0x02000000,
/// <summary>
/// Indicates that the object is a container. If this flag is set, the access control editor enables the controls relevant to the inheritance of permissions onto child objects.
/// </summary>
SI_CONTAINER = 0x00000004,
/// <summary>
/// If this flag is set, the system disables denying an ACE. Clients of the access control editor must implement the ISecurityInformation4 interface to set this flag.
/// </summary>
/// <remarks>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This flag is not supported.</remarks>
SI_DISABLE_DENY_ACE = 0x80000000,
/// <summary>
/// Combines the SI_EDIT_PERMS, SI_EDIT_OWNER, and SI_EDIT_AUDITS flags.
/// </summary>
SI_EDIT_ALL = SI_EDIT_PERMS | SI_EDIT_OWNER | SI_EDIT_AUDITS,
/// <summary>
/// If this flag is set and the user clicks the Advanced button, the system displays an advanced security property sheet that includes an Auditing property page for editing the object's SACL. To display the Advanced button, set the SI_ADVANCED flag.
/// </summary>
SI_EDIT_AUDITS = 0x00000002,
/// <summary>
/// If this flag is set, the Effective Permissions page is displayed. This flag is ignored if the ISecurityInformation object that initialized the access control editor does not implement the IEffectivePermission interface.
/// </summary>
SI_EDIT_EFFECTIVE = 0x00020000,
/// <summary>
/// If this flag is set and the user clicks the Advanced button, the system displays an advanced security property sheet that includes an Owner property page for changing the object's owner. To display the Advanced button, set the SI_ADVANCED flag.
/// </summary>
SI_EDIT_OWNER = 0x00000001,
/// <summary>
/// This is the default value. The basic security property page always displays the controls for basic editing of the object's DACL. To disable these controls, set the SI_READONLY flag.
/// </summary>
SI_EDIT_PERMS = 0x00000000, // always implied public const int SI_EDIT_OWNER = 0x00000001;
/// <summary>
/// If this flag is set, the system enables controls for editing ACEs that apply to the object's property sets and properties. These controls are available only on the property sheet displayed when the user clicks the Advanced button.
/// </summary>
SI_EDIT_PROPERTIES = 0x00000080,
/// <summary>
/// If this flag is set, the system enables editing attributes. Clients of the access control editor must implement the ISecurityInformation4 interface to set this flag.
/// </summary>
/// <remarks>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This flag is not supported.</remarks>
SI_ENABLE_CENTRAL_POLICY = 0x40000000,
/// <summary>
/// If this flag is set, the system enables editing attributes. Clients of the access control editor must implement the ISecurityInformation4 interface to set this flag.
/// </summary>
/// <remarks>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This flag is not supported.
SI_ENABLE_EDIT_ATTRIBUTE_CONDITION = 0x20000000,
/// <summary>
/// Indicates that the access control editor cannot read the DACL but might be able to write to the DACL. If a call to the ISecurityInformation::GetSecurity method returns AccessDenied, the user can try to add a new ACE, and a more appropriate warning is displayed.
/// </summary>
SI_MAY_WRITE = 0x10000000, //not sure if user can write permission
/// <summary>
/// If this flag is set, the access control editor hides the check box that allows inheritable ACEs to propagate from the parent object to this object. If this flag is not set, the check box is visible.
/// The check box is clear if the SE_DACL_PROTECTED flag is set in the object's security descriptor. In this case, the object's DACL is protected from being modified by inheritable ACEs.
/// If the user clears the check box, any inherited ACEs in the security descriptor are deleted or converted to noninherited ACEs. Before proceeding with this conversion, the system displays a warning message box to confirm the change.
/// </summary>
SI_NO_ACL_PROTECT = 0x00000200,
/// <summary>
/// If this flag is set, the access control editor hides the Special Permissions tab on the Advanced Security Settings page.
/// </summary>
SI_NO_ADDITIONAL_PERMISSION = 0x00200000,
/// <summary>
/// If this flag is set, the access control editor hides the check box that controls the NO_PROPAGATE_INHERIT_ACE flag. This flag is relevant only when the SI_ADVANCED flag is also set.
/// </summary>
SI_NO_TREE_APPLY = 0x00000400,
/// <summary>
/// When set, indicates that the guidObjectType member of the SI_OBJECT_INFO structure is valid. This is set in comparisons with object-specific ACEs in determining whether the ACE applies to the current object.
/// </summary>
SI_OBJECT_GUID = 0x00010000,
/// <summary>
/// If this flag is set, a shield is displayed on the Edit button of the advanced Owner page. For NTFS objects, this flag is requested when the user does not have WRITE_OWNER access. This flag is valid only if the owner page is requested.
/// </summary>
/// <remarks>Windows Server 2003 and Windows XP: This flag is not supported.</remarks>
SI_OWNER_ELEVATION_REQUIRED = 0x04000000,
/// <summary>
/// If this flag is set, the user cannot change the owner of the object. Set this flag if SI_EDIT_OWNER is set but the user does not have permission to change the owner.
/// </summary>
SI_OWNER_READONLY = 0x00000040,
/// <summary>
/// Combine this flag with SI_CONTAINER to display a check box on the owner page that indicates whether the user intends the new owner to be applied to all child objects as well as the current object. The access control editor does not perform the recursion; the recursion should be performed by the application in ISecurityInformation::SetSecurity.
/// </summary>
SI_OWNER_RECURSE = 0x00000100,
/// <summary>
/// If this flag is set, the pszPageTitle member is used as the title of the basic security property page. Otherwise, a default title is used.
/// </summary>
SI_PAGE_TITLE = 0x00000800,
/// <summary>
/// If this flag is set, an image of a shield is displayed on the Edit button of the simple and advanced Permissions pages. For NTFS objects, this flag is requested when the user does not have READ_CONTROL or WRITE_DAC access.
/// </summary>
/// <remarks>Windows Server 2003 and Windows XP: This flag is not supported.</remarks>
SI_PERMS_ELEVATION_REQUIRED = 0x01000000,
/// <summary>
/// If this flag is set, the editor displays the object's security information, but the controls for editing the information are disabled. This flag cannot be combined with the SI_VIEW_ONLY flag.
/// </summary>
SI_READONLY = 0x00000008,
/// <summary>
/// If this flag is set, the Default button is displayed. If the user clicks this button, the access control editor calls the ISecurityInformation::GetSecurity method to retrieve an application-defined default security descriptor. The access control editor uses this security descriptor to reinitialize the property sheet, and the user is allowed to apply the change or cancel.
/// </summary>
SI_RESET = 0x00000020, //equals to SI_RESET_DACL|SI_RESET_SACL|SI_RESET_OWNER public const int SI_OWNER_READONLY = 0x00000040;
/// <summary>
/// When set, this flag displays the Reset Defaults button on the Permissions page.
/// </summary>
SI_RESET_DACL = 0x00040000,
/// <summary>
/// When set, this flag displays the Reset permissions on all child objects and enable propagation of inheritable permissions check box in the Permissions page of the Access Control Settings window. If this check box is selected when the user clicks the Apply button, a bitwise-OR operation is performed on the SecurityInformation parameter of ISecurityInformation::SetSecurity with SI_RESET_DACL_TREE. This function does not reset the permissions and enable propagation of inheritable permissions; the implementation of ISecurityInformation must do this.
/// </summary>
SI_RESET_DACL_TREE = 0x00004000,
/// <summary>
/// When set, this flag displays the Reset Defaults button on the Owner page.
/// </summary>
SI_RESET_OWNER = 0x00100000,
/// <summary>
/// When set, this flag displays the Reset Defaults button on the Auditing page.
/// </summary>
SI_RESET_SACL = 0x00080000,
/// <summary>
/// When set, this flag displays the Reset auditing entries on all child objects and enables propagation of the inheritable auditing entries check box in the Auditing page of the Access Control Settings window. If this check box is selected when the user clicks the Apply button, a bitwise-OR operation is performed on the SecurityInformation parameter of ISecurityInformation::SetSecurity with SI_RESET_SACL_TREE. This function does not reset the permissions and enable propagation of inheritable permissions; the implementation of ISecurityInformation must do this.
/// </summary>
SI_RESET_SACL_TREE = 0x00008000,
/// <summary>
/// If this flag is set, an image of a shield is displayed on the Change button of the Scope attribute. For NTFS objects, this flag is requested when the user does not have READ_CONTROL or WRITE_DAC access. Clients of the access control editor must implement the ISecurityInformation4 interface to set this flag.
/// </summary>
/// <remarks>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP: This flag is not supported.</remarks>
SI_SCOPE_ELEVATION_REQUIRED = 0x08000000,
/// <summary>
/// Set this flag if the pszServerName computer is known to be a domain controller. If this flag is set, the domain name is included in the scope list of the Add Users and Groups dialog box. Otherwise, the pszServerName computer is used to determine the scope list of the dialog box.
/// </summary>
SI_SERVER_IS_DC = 0x00001000,
/// <summary>
/// This flag is set by the access control editor client to display read-only versions of the access control editor dialog boxes. These versions of the dialog boxes do not allow editing of the associated object's permissions. Clients of the access control editor must implement the ISecurityInformation3 interface to set this flag.
/// This flag cannot be combined with the SI_READONLY flag. Windows Server 2003 and Windows XP: This flag is not supported.
/// </summary>
SI_VIEW_ONLY = 0x00400000
}
/// <summary>
/// A set of bit flags that indicate the property page being initialized. This value is zero if the basic security page is being initialized. Otherwise, it is a combination of the following values.
/// </summary>
[Flags]
public enum SI_ACCESS_RIGHT_FLAG
{
/// <summary>
/// The Advanced Security property sheet is being initialized.
/// </summary>
SI_ADVANCED = 0x00000010,
/// <summary>
/// The Advanced Security property sheet includes the Audit property page.
/// </summary>
SI_EDIT_AUDITS = 0x00000002,
/// <summary>
/// The Advanced Security property sheet enables editing of ACEs that apply to the properties and property sets of the object.
/// </summary>
SI_EDIT_PROPERTIES = 0x00000080
}
/// <summary>
/// The ACCESS_MASK data type is a DWORD value that defines standard, specific, and generic rights. These rights are used in access control entries (ACEs) and are the primary means of specifying the requested or granted access to an object.
/// </summary>
[Flags]
public enum SI_ACCESS_MASK : uint
{
/// <summary>
/// Delete access.
/// Bit 16
/// </summary>
DELETE = 0x00010000,
/// <summary>
/// Read access to the owner, group, and discretionary access control list (DACL) of the security descriptor.
/// Bit 17
/// </summary>
READ_CONTROL = 0x00020000,
/// <summary>
/// Write access to the DACL.
/// Bit 18
/// </summary>
WRITE_DAC = 0x00040000,
/// <summary>
/// Write access to owner.
/// Bit 19
/// </summary>
WRITE_OWNER = 0x00080000,
/// <summary>
/// Synchronize access.
/// Bit 20
/// </summary>
SYNCHRONIZE = 0x00100000,
STANDARD_RIGHTS_REQUIRED = 0x000F0000,
STANDARD_RIGHTS_READ = READ_CONTROL,
STANDARD_RIGHTS_WRITE = READ_CONTROL,
STANDARD_RIGHTS_EXECUTE = READ_CONTROL,
STANDARD_RIGHTS_ALL = 0x001F0000,
SPECIFIC_RIGHTS_ALL = 0x0000FFFF,
/// <summary>
/// Access system security (ACCESS_SYSTEM_SECURITY). It is used to indicate access to a system access control list (SACL). This type of access requires the calling process to have the SE_SECURITY_NAME (Manage auditing and security log) privilege. If this flag is set in the access mask of an audit access ACE (successful or unsuccessful access), the SACL access will be audited.
/// Bit 24
/// </summary>
ACCESS_SYSTEM_SECURITY = 0x01000000,
MAXIMUM_ALLOWED = 0x02000000,
GENERIC_READ = 0x80000000,
GENERIC_WRITE = 0x40000000,
GENERIC_EXECUTE = 0x20000000,
GENERIC_ALL = 0x10000000,
DESKTOP_READOBJECTS = 0x00000001,
DESKTOP_CREATEWINDOW = 0x00000002,
DESKTOP_CREATEMENU = 0x00000004,
DESKTOP_HOOKCONTROL = 0x00000008,
DESKTOP_JOURNALRECORD = 0x00000010,
DESKTOP_JOURNALPLAYBACK = 0x00000020,
DESKTOP_ENUMERATE = 0x00000040,
DESKTOP_WRITEOBJECTS = 0x00000080,
DESKTOP_SWITCHDESKTOP = 0x00000100,
WINSTA_ENUMDESKTOPS = 0x00000001,
WINSTA_READATTRIBUTES = 0x00000002,
WINSTA_ACCESSCLIPBOARD = 0x00000004,
WINSTA_CREATEDESKTOP = 0x00000008,
WINSTA_WRITEATTRIBUTES = 0x00000010,
WINSTA_ACCESSGLOBALATOMS = 0x00000020,
WINSTA_EXITWINDOWS = 0x00000040,
WINSTA_ENUMERATE = 0x00000100,
WINSTA_READSCREEN = 0x00000200,
WINSTA_ALL_ACCESS = 0x0000037F
}
/// <summary>
/// A set of bit flags that indicate where the access right is displayed. This member can be a combination of the following.
/// </summary>
[Flags]
public enum SI_ACCESS_FLAG
{
/// <summary>
/// The access right is displayed on the advanced security pages.
/// </summary>
SI_ACCESS_SPECIFIC = 0x00010000,
/// <summary>
/// The access right is displayed on the basic security page.
/// </summary>
SI_ACCESS_GENERAL = 0x00020000,
/// <summary>
/// Indicates an access right that applies only to containers. If this flag is set, the access right is displayed on the basic security page only if the ISecurityInformation::GetObjectInformation method specifies the SI_CONTAINER flag.
/// </summary>
SI_ACCESS_CONTAINER = 0x00040000,
/// <summary>
/// Indicates a property-specific access right. Used with SI_EDIT_PROPERTIES.
/// </summary>
SI_ACCESS_PROPERTY = 0x00080000
}
public enum SI_CALLBACK_MESSAGE
{
PSPCB_ADDREF = 0,
PSPCB_RELEASE = 1,
PSPCB_CREATE = 2,
PSPCB_SI_INITDIALOG = 0x00401//WM_USER + 1
}
[Flags]
public enum SI_INHERIT_FLAGS
{
CONTAINER_INHERIT_ACE,
INHERIT_ONLY_ACE,
OBJECT_INHERIT_ACE
}
/// <summary>
/// The SI_PAGE_TYPE enumeration contains values that indicate the types of property pages in an access control editor property sheet.
/// </summary>
[Flags]
public enum SI_PAGE_TYPE
{
/// <summary>
/// The basic security property page for editing the object's DACL.
/// </summary>
SI_PAGE_PERM,
/// <summary>
/// The Permissions tab for advanced editing of the object's DACL, such as editing object-specific ACEs.
/// </summary>
SI_PAGE_ADVPERM,
/// <summary>
/// The Auditing tab for editing the object's SACL.
/// </summary>
SI_PAGE_AUDIT,
/// <summary>
/// The Owner tab for editing the object's owner.
/// </summary>
SI_PAGE_OWNER,
/// <summary>
/// The Effective Permission tab that displays the effective permissions granted to a specified user or group for access to the object.
/// </summary>
SI_PAGE_EFFECTIVE,
/// <summary>
/// A dialog box for changing the owner of the object.
/// </summary>
SI_PAGE_TAKEOWNERSHIP
}
|