Directory Services

ADS_SD_CONTROL_ENUM

The ADS_SD_CONTROL_ENUM enumeration specifies control flags for a security descriptor.

typedef enum 
{
  ADS_SD_CONTROL_SE_OWNER_DEFAULTED = 0x0001, 
  ADS_SD_CONTROL_SE_GROUP_DEFAULTED = 0x0002, 
  ADS_SD_CONTROL_SE_DACL_PRESENT = 0x0004, 
  ADS_SD_CONTROL_SE_DACL_DEFAULTED = 0x0008, 
  ADS_SD_CONTROL_SE_SACL_PRESENT = 0x0010, 
  ADS_SD_CONTROL_SE_SACL_DEFAULTED = 0x0020, 
  ADS_SD_CONTROL_SE_DACL_AUTO_INHERIT_REQ = 0x0100, 
  ADS_SD_CONTROL_SE_SACL_AUTO_INHERIT_REQ = 0x0200, 
  ADS_SD_CONTROL_SE_DACL_AUTO_INHERITED = 0x0400, 
  ADS_SD_CONTROL_SE_SACL_AUTO_INHERITED = 0x0800, 
  ADS_SD_CONTROL_SE_DACL_PROTECTED = 0x1000, 
  ADS_SD_CONTROL_SE_SACL_PROTECTED = 0x2000, 
  ADS_SD_CONTROL_SE_SELF_RELATIVE = 0x8000
} ADS_SD_CONTROL_ENUM;

Values

ADS_SD_CONTROL_SE_OWNER_DEFAULTED
A default mechanism provides the owner security identifier (SID) of the security descriptor rather than the original provider of the security descriptor.
ADS_SD_CONTROL_SE_GROUP_DEFAULTED
A default mechanism provides the group SID of the security descriptor rather than the original provider of the security descriptor.
ADS_SD_CONTROL_SE_DACL_PRESENT
The discretionary access-control list (DACL) is present in the security descriptor. If this flag is not set, or if this flag is set and the DACL is NULL, the security descriptor allows full access to everyone.
ADS_SD_CONTROL_SE_DACL_DEFAULTED
The security descriptor uses a default DACL built from the creator's access token.
ADS_SD_CONTROL_SE_SACL_PRESENT
The system access-control list (SACL) is present in the security descriptor.
ADS_SD_CONTROL_SE_SACL_DEFAULTED
The security descriptor uses a default SACL built from the creator's access token.
ADS_SD_CONTROL_SE_DACL_AUTO_INHERIT_REQ
THE DACL of the security descriptor must be inherited.
ADS_SD_CONTROL_SE_SACL_AUTO_INHERIT_REQ
The SACL of the security descriptor must be inherited.
ADS_SD_CONTROL_SE_DACL_AUTO_INHERITED
The DACL of the security descriptor supports automatic propagation of inheritable access-control entries (ACEs) to existing child objects.
ADS_SD_CONTROL_SE_SACL_AUTO_INHERITED
The SACL of the security descriptor supports automatic propagation of inheritable ACEs to existing child objects.
ADS_SD_CONTROL_SE_DACL_PROTECTED
The security descriptor will not allow inheritable ACEs to modify the DACL.
ADS_SD_CONTROL_SE_SACL_PROTECTED
The security descriptor will not allow inheritable ACEs to modify the SACL.
ADS_SD_CONTROL_SE_SELF_RELATIVE
The security descriptor is of self-relative format with all the security information in a continuous block of memory.

Remarks

For more information, see Access Control under Security in the Microsoft Platform SDK documentation.

Since VBScript cannot read information from a type library, VBScript applications do not understand the symbolic constants as defined above. You should use the numerical constants instead to set the appropriate flags in your VBScript applications. If you want to use the symbolic constants as a good programming practice, you should make explicit declarations of such constants, as done here, in your VBScript applications.

Requirements

Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Iads.h.

See Also

ADSI Enumerations, Access Control