Editor's Note: This article is the 11th part of a 12-part series about Active Directory Service Interfaces (ADSI). The series started in the January 1999 issue. Refer to previous installments for definitions and background information.
Last month, I introduced you to Security Descriptors (SDs), System Access Control Lists (SACLs), discretionary access control lists (DACLs), and access control entries (ACEs). I also discussed the AccessControlEntry object's seven properties: Trustee, AccessMask, AceType, AceFlags, Flags, ObjectType, and InheritedObjectType. This month, I discuss the possible values for each property and show you how to use those values to create an ACE and an SD.
Trustee
The Trustee property specifies the group or user receiving the permissions or being audited. The value you assign to the Trustee property can take one of several forms:
Domain accounts. These accounts are the logon names that earlier versions of Windows NT used. They take the form domain\useraccount (e.g., windows\jsmith), where domain (e.g., windows) is the name of the NT domain that contains the user and useraccount (e.g., jsmith) is the specified user's sAMAccountName property. Domain accounts are valid in Windows 2000 (Win2K) domains. . . .
Register
peter_cho March 10, 2006 (Article Rating: