System.Security.AccessControl

Specifies the actions that are permitted for securable objects.

Specifies write-only access.

Specifies no access.

Specifies read-only access.

Specifies the type of access control modification to perform. This enumeration is used by methods of the class and its descendants.

Add the specified authorization rule to the access control list (ACL).

Remove authorization rules that contain the same security identifier (SID) and access mask as the specified authorization rule from the ACL.

Remove authorization rules that contain the same SID as the specified authorization rule from the ACL.

Remove authorization rules that exactly match the specified authorization rule from the ACL.

Remove authorization rules that contain the same SID as the specified authorization rule from the ACL, and then add the specified authorization rule to the ACL.

Remove all authorization rules from the ACL, then add the specified authorization rule to the ACL.

Specifies which sections of a security descriptor to save or load.

The discretionary access control list (DACL).

The entire security descriptor.

The system access control list (SACL).

The primary group.

No sections.

The owner.

Specifies whether an object is used to allow or deny access. These values are not flags, and they cannot be combined.

The object is used to allow access to a secured object.

The object is used to deny access to a secured object.

Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.

Initializes a new instance of the class by using the specified values.

The identity to which the access rule applies. This parameter must be an object that can be cast as a . The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators. if this rule is inherited from a parent container. The inheritance properties of the access rule. Whether inherited access rules are automatically propagated. The propagation flags are ignored if is set to . The valid access control type. The value of the parameter cannot be cast as a , or the parameter contains an invalid value. The value of the parameter is zero, or the or parameters contain unrecognized flag values.

Gets the value associated with this object.

The value associated with this object.

Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An AccessRule`1 object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.

The access rights type for the access rule.

Initializes a new instance of the AccessRule'1 class by using the specified values.

The identity to which the access rule applies. The rights of the access rule. The valid access control type.

Initializes a new instance of the AccessRule'1 class by using the specified values.

The identity to which the access rule applies. The rights of the access rule. The inheritance properties of the access rule. Whether inherited access rules are automatically propagated. The propagation flags are ignored if is set to . The valid access control type.

Initializes a new instance of the AccessRule'1 class by using the specified values.

The identity to which the access rule applies. The rights of the access rule. The valid access control type.

Initializes a new instance of the AccessRule'1 class by using the specified values.

Gets the rights of the current instance.

The rights, cast as type <T>, of the current instance.

Provides the ability to iterate through the access control entries (ACEs) in an access control list (ACL).

Advances the enumerator to the next element of the collection.

The collection was modified after the enumerator was created. if the enumerator was successfully advanced to the next element; if the enumerator has passed the end of the collection.

Sets the enumerator to its initial position, which is before the first element in the collection.

The collection was modified after the enumerator was created.

Gets the current element in the collection. This property gets the type-friendly version of the object.

The current element in the collection.

Gets the current element in the collection.

The collection was modified after the enumerator was created. The current element in the collection.

Specifies the inheritance and auditing behavior of an access control entry (ACE).

All access attempts are audited.

The access mask is propagated to child container objects.

Failed access attempts are audited.

A logical of , , , and .

An ACE is inherited from a parent container rather than being explicitly set for an object.

The access mask is propagated only to child objects. This includes both container and leaf child objects.

No ACE flags are set.

The access checks do not apply to the object; they only apply to its children.

The access mask is propagated onto child leaf objects.

Successful access attempts are audited.

Specifies the function of an access control entry (ACE).

Allow access.

Deny access.

Cause a system alarm.

Cause a system audit.

Defines the available access control entry (ACE) types.

Allows access to an object for a specific trustee identified by an object.

Allows access to an object for a specific trustee identified by an object. This ACE type may contain optional callback data. The callback data is a resource manager-specific BLOB that is not interpreted.

Allows access to an object, property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object, and an object that identifies the trustee to whom the system will grant access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects. This ACE type may contain optional callback data. The callback data is a resource manager-specific BLOB that is not interpreted.

Defined but never used. Included here for completeness.

Denies access to an object for a specific trustee identified by an object.

Denies access to an object for a specific trustee identified by an object. This ACE type can contain optional callback data. The callback data is a resource manager-specific BLOB that is not interpreted.

Denies access to an object, property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object, and an object that identifies the trustee to whom the system will grant access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects. This ACE type can contain optional callback data. The callback data is a resource manager-specific BLOB that is not interpreted.

Tracks the maximum defined ACE type in the enumeration.

Reserved for future use.

Causes an audit message to be logged when a specified trustee attempts to gain access to an object. The trustee is identified by an object.

Causes an audit message to be logged when a specified trustee attempts to gain access to an object. The trustee is identified by an object. This ACE type can contain optional callback data. The callback data is a resource manager-specific BLOB that is not interpreted.

Causes an audit message to be logged when a specified trustee attempts to gain access to an object or subobjects such as property sets or properties. The ACE contains a set of access rights, a GUID that identifies the type of object or subobject, and an object that identifies the trustee for whom the system will audit access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects. This ACE type can contain optional callback data. The callback data is a resource manager-specific BLOB that is not interpreted.

Specifies the conditions for auditing attempts to access a securable object.

Failed access attempts are to be audited.

No access attempts are to be audited.

Successful access attempts are to be audited.

Represents a combination of a user's identity and an access mask. An object also contains information about how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited.

Initializes a new instance of the class by using the specified values.

The identity to which the audit rule applies. It must be an object that can be cast as a . The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators. to inherit this rule from a parent container. The inheritance properties of the audit rule. Whether inherited audit rules are automatically propagated. The propagation flags are ignored if is set to . The conditions for which the rule is audited. The value of the parameter cannot be cast as a , or the parameter contains an invalid value. The value of the parameter is zero, or the or parameters contain unrecognized flag values.

Gets the audit flags for this audit rule.

A bitwise combination of the enumeration values. This combination specifies the audit conditions for this audit rule.

Represents a combination of a user's identity and an access mask.

The type of the audit rule.

Initializes a new instance of the class by using the specified values.

The identity to which this audit rule applies. The rights of the audit rule. The conditions for which the rule is audited.

Initializes a new instance of the class by using the specified values.

The identity to which the audit rule applies. The rights of the audit rule. The inheritance properties of the audit rule. Whether inherited audit rules are automatically propagated. The conditions for which the rule is audited.

Initializes a new instance of the class by using the specified values.

The identity to which the audit rule applies. The rights of the audit rule. The properties of the audit rule.

Initializes a new instance of the class by using the specified values.

Gets the rights of the audit rule.

The rights of the audit rule.

Determines access to securable objects. The derived classes and offer specializations for access and audit functionality.

Initializes a new instance of the class by using the specified values.

The identity to which the access rule applies. This parameter must be an object that can be cast as a . The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators. to inherit this rule from a parent container. The inheritance properties of the access rule. Whether inherited access rules are automatically propagated. The propagation flags are ignored if is set to . The value of the parameter cannot be cast as a . The value of the parameter is zero, or the or parameters contain unrecognized flag values.

Gets the access mask for this rule.

The access mask for this rule.

Gets the to which this rule applies.

The to which this rule applies.

Gets the value of flags that determine how this rule is inherited by child objects.

A bitwise combination of the enumeration values.

Gets a value indicating whether this rule is explicitly set or is inherited from a parent container object.

if this rule is not explicitly set but is instead inherited from a parent container.

Gets the value of the propagation flags, which determine how inheritance of this rule is propagated to child objects. This property is significant only when the value of the enumeration is not .

A bitwise combination of the enumeration values.

Represents a collection of objects.

Initializes a new instance of the class.

Adds an object to the collection.

The object to add to the collection.

Copies the contents of the collection to an array.

An array to which to copy the contents of the collection. The zero-based index from which to begin copying.

Gets the object at the specified index of the collection.

The zero-based index of the object to get. The object at the specified index.

Represents an access control entry (ACE).

Initializes a new instance of the class.

Flags that specify information about the inheritance, inheritance propagation, and auditing conditions for the new access control entry (ACE). The use of the new ACE. The access mask for the ACE. The associated with the new ACE. to specify that the new ACE is a callback type ACE. Opaque data associated with the new ACE. Opaque data is allowed only for callback ACE types. The length of this array must not be greater than the return value of the method.

Marshals the contents of the object into the specified byte array beginning at the specified offset.

The byte array into which the contents of the object is marshaled. The offset at which to start marshaling. is negative or too high to allow the entire to be copied into the array.

Gets the maximum allowed length of an opaque data BLOB for callback access control entries (ACEs).

to specify that the object is a callback ACE type. The allowed length of an opaque data BLOB.

Gets the length, in bytes, of the binary representation of the current object. Use this length with the method before marshaling the ACL into a binary array.

The length, in bytes, of the binary representation of the current object.

Represents an access control list (ACL) and is the base class for the and classes.

Marshals the contents of the object into the specified byte array beginning at the specified offset.

The byte array into which the contents of the is marshaled. The offset at which to start marshaling.

Removes all access control entries (ACEs) contained by this object that are associated with the specified object.

The object to check for.

Removes all inherited access control entries (ACEs) from this object.

Gets the length, in bytes, of the binary representation of the current object. This length should be used before marshaling the access control list (ACL) into a binary array by using the method.

The length, in bytes, of the binary representation of the current object.

Gets the number of access control entries (ACEs) in the current object.

The number of ACEs in the current object.

Gets a Boolean value that specifies whether the access control entries (ACEs) in the current object are in canonical order.

if the ACEs in the current object are in canonical order; otherwise, .

Sets whether the object is a container.

if the current object is a container.

Sets whether the current object is a directory object access control list (ACL).

if the current object is a directory object ACL.

Gets or sets the at the specified index.

The zero-based index of the to get or set. The at the specified index.

Gets the revision level of the .

A byte value that specifies the revision level of the .

Controls access to objects without direct manipulation of access control lists (ACLs). This class is the abstract base class for the class.

Initializes a new instance of the class.

if the new object is a container object.

Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this object.

The access rule to add.

Adds the specified audit rule to the System Access Control List (SACL) associated with this object.

The audit rule to add.

Gets a collection of the access rules associated with the specified security identifier.

to include access rules explicitly set for the object. to include inherited access rules. Specifies whether the security identifier for which to retrieve access rules is of type or type . The value of this parameter must be a type that can be translated to the type. The collection of access rules associated with the specified object.

Gets a collection of the audit rules associated with the specified security identifier.

to include audit rules explicitly set for the object. to include inherited audit rules. The security identifier for which to retrieve audit rules. This must be an object that can be cast as a object. The collection of audit rules associated with the specified object.

Applies the specified modification to the Discretionary Access Control List (DACL) associated with this object.

The modification to apply to the DACL. The access rule to modify. if the DACL is successfully modified; otherwise, . if the DACL is successfully modified; otherwise, .

Applies the specified modification to the System Access Control List (SACL) associated with this object.

The modification to apply to the SACL. The audit rule to modify. if the SACL is successfully modified; otherwise, . if the SACL is successfully modified; otherwise, .

Removes access rules that contain the same security identifier and access mask as the specified access rule from the Discretionary Access Control List (DACL) associated with this object.

The access rule to remove. if the access rule was successfully removed; otherwise, .

Removes all access rules that have the same security identifier as the specified access rule from the Discretionary Access Control List (DACL) associated with this object.

The access rule to remove.

Removes all access rules that exactly match the specified access rule from the Discretionary Access Control List (DACL) associated with this object.

The access rule to remove.

Removes audit rules that contain the same security identifier and access mask as the specified audit rule from the System Access Control List (SACL) associated with this object.

The audit rule to remove. if the audit rule was successfully removed; otherwise, .

Removes all audit rules that have the same security identifier as the specified audit rule from the System Access Control List (SACL) associated with this object.

The audit rule to remove.

Removes all audit rules that exactly match the specified audit rule from the System Access Control List (SACL) associated with this object.

The audit rule to remove.

Removes all access rules in the Discretionary Access Control List (DACL) associated with this object and then adds the specified access rule.

The access rule to reset.

Removes all access rules that contain the same security identifier and qualifier as the specified access rule in the Discretionary Access Control List (DACL) associated with this object and then adds the specified access rule.

The access rule to set.

Removes all audit rules that contain the same security identifier and qualifier as the specified audit rule in the System Access Control List (SACL) associated with this object and then adds the specified audit rule.

The audit rule to set.

Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

Initializes a new instance of the class from the specified array of byte values.

if the new security descriptor is associated with a container object. if the new security descriptor is associated with a directory object. The array of byte values from which to create the new object. The offset in the array at which to begin copying.

Initializes a new instance of the class from the specified information.

if the new security descriptor is associated with a container object. if the new security descriptor is associated with a directory object. Flags that specify behavior of the new object. The owner for the new object. The primary group for the new object. The System Access Control List (SACL) for the new object. The Discretionary Access Control List (DACL) for the new object.

Initializes a new instance of the class from the specified object.

if the new security descriptor is associated with a container object. if the new security descriptor is associated with a directory object. The object from which to create the new object.

Initializes a new instance of the class from the specified Security Descriptor Definition Language (SDDL) string.

if the new security descriptor is associated with a container object. if the new security descriptor is associated with a directory object. The SDDL string from which to create the new object.

Sets the property for this instance and sets the flag.

The revision level of the new object. The number of Access Control Entries (ACEs) this object can contain. This number is to be used only as a hint.

Sets the property for this instance and sets the flag.

The revision level of the new object. The number of Access Control Entries (ACEs) this object can contain. This number should only be used as a hint.

Removes all access rules for the specified security identifier from the Discretionary Access Control List (DACL) associated with this object.

The security identifier for which to remove access rules.

Removes all audit rules for the specified security identifier from the System Access Control List (SACL) associated with this object.

The security identifier for which to remove audit rules.

Sets the inheritance protection for the Discretionary Access Control List (DACL) associated with this object. DACLs that are protected do not inherit access rules from parent containers.

to protect the DACL from inheritance. to keep inherited access rules in the DACL; to remove inherited access rules from the DACL.

Sets the inheritance protection for the System Access Control List (SACL) associated with this object. SACLs that are protected do not inherit audit rules from parent containers.

to protect the SACL from inheritance. to keep inherited audit rules in the SACL; to remove inherited audit rules from the SACL.

Gets values that specify behavior of the object.

One or more values of the enumeration combined with a logical OR operation.

Gets or sets the discretionary access control list (DACL) for this object. The DACL contains access rules.

The DACL for this object.

Gets or sets the primary group for this object.

The primary group for this object.

Gets a Boolean value that specifies whether the object associated with this object is a container object.

if the object associated with this object is a container object; otherwise, .

Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated with this object is in canonical order.

if the DACL associated with this object is in canonical order; otherwise, .

Gets a Boolean value that specifies whether the object associated with this object is a directory object.

if the object associated with this object is a directory object; otherwise, .

Gets a Boolean value that specifies whether the System Access Control List (SACL) associated with this object is in canonical order.

if the SACL associated with this object is in canonical order; otherwise, .

Gets or sets the owner of the object associated with this object.

The owner of the object associated with this object.

Gets or sets the System Access Control List (SACL) for this object. The SACL contains audit rules.

The SACL for this object.

Represents a compound Access Control Entry (ACE).

Initializes a new instance of the class.

Contains flags that specify information about the inheritance, inheritance propagation, and auditing conditions for the new Access Control Entry (ACE). The access mask for the ACE. A value from the enumeration. The associated with the new ACE.

Marshals the contents of the object into the specified byte array beginning at the specified offset.

The byte array into which the contents of the is marshaled. The offset at which to start marshaling. is negative or too high to allow the entire to be copied into .

Gets the length, in bytes, of the binary representation of the current object. This length should be used before marshaling the ACL into a binary array with the method.

The length, in bytes, of the binary representation of the current object.

Gets or sets the type of this object.

The type of this object.

Specifies the type of a object.

The object is used for impersonation.

These flags affect the security descriptor behavior.

Specifies that the Discretionary Access Control List (DACL) has been automatically inherited from the parent. Set by resource managers only.

Ignored.

Specifies that the DACL was obtained by a defaulting mechanism. Set by resource managers only.

Specifies that the DACL is not . Set by resource managers or users.

Specifies that the resource manager prevents auto-inheritance. Set by resource managers or users.

Ignored.

Specifies that the group was obtained by a defaulting mechanism. Set by resource managers only; should not be set by callers.

No control flags.

Specifies that the owner was obtained by a defaulting mechanism. Set by resource managers only; should not be set by callers.

Specifies that the contents of the Reserved field are valid.

Specifies that the security descriptor binary representation is in the self-relative format. This flag is always set.

Ignored.

Specifies that the System Access Control List (SACL) has been automatically inherited from the parent. Set by resource managers only.

Ignored.

Specifies that the SACL was obtained by a defaulting mechanism. Set by resource managers only.

Specifies that the SACL is not . Set by resource managers or users.

Specifies that the resource manager prevents auto-inheritance. Set by resource managers or users.

Represents an Access Control Entry (ACE) that is not defined by one of the members of the enumeration.

Returns the maximum allowed length of an opaque data blob for this object.

Initializes a new instance of the class.

Type of the new Access Control Entry (ACE). This value must be greater than . Flags that specify information about the inheritance, inheritance propagation, and auditing conditions for the new ACE. An array of byte values that contains the data for the new ACE. This value can be . The length of this array must not be greater than the value of the field, and must be a multiple of four. The value of the parameter is not greater than or the length of the array is either greater than the value of the field or not a multiple of four.

Marshals the contents of the object into the specified byte array beginning at the specified offset.

The byte array into which the contents of the is marshaled. The offset at which to start marshaling. is negative or too high to allow the entire to be copied into .

Returns the opaque data associated with this object.

An array of byte values that represents the opaque data associated with this object.

Sets the opaque callback data associated with this object.

An array of byte values that represents the opaque callback data for this object.

Gets the length, in bytes, of the binary representation of the current object. This length should be used before marshaling the ACL into a binary array with the method.

The length, in bytes, of the binary representation of the current object.

Gets the length of the opaque data associated with this object.

The length of the opaque callback data.

Represents a Discretionary Access Control List (DACL).

Initializes a new instance of the class with the specified values.

if the new object is a container. if the new object is a directory object Access Control List (ACL). The revision level of the new object. The number of Access Control Entries (ACEs) this object can contain. This number is to be used only as a hint.

Initializes a new instance of the class with the specified values.

if the new object is a container. if the new object is a directory object Access Control List (ACL). The number of Access Control Entries (ACEs) this object can contain. This number is to be used only as a hint.

Initializes a new instance of the class with the specified values from the specified object.

if the new object is a container. if the new object is a directory object Access Control List (ACL). The underlying object for the new object. Specify to create an empty ACL.

Adds an Access Control Entry (ACE) with the specified settings to the current object.

Adds an Access Control Entry (ACE) with the specified settings to the current object. Use this method for directory object Access Control Lists (ACLs) when specifying the object type or the inherited object type for the new ACE.

The type of access control (allow or deny) to add. The for which to add an ACE. The access rule for the new ACE. Flags that specify the inheritance properties of the new ACE. Flags that specify the inheritance propagation properties for the new ACE. Flags that specify if the and parameters contain non- values. The identity of the class of objects to which the new ACE applies. The identity of the class of child objects which can inherit the new ACE.

Adds an Access Control Entry (ACE) with the specified settings to the current object.

The type of access control (allow or deny) to add. The for which to add an ACE. The for the new access.

Removes the specified access control rule from the current object.

The type of access control (allow or deny) to remove. The for which to remove an access control rule. The access mask for the rule to be removed. Flags that specify the inheritance properties of the rule to be removed. Flags that specify the inheritance propagation properties for the rule to be removed. if this method successfully removes the specified access; otherwise, .

Removes the specified access control rule from the current object. Use this method for directory object Access Control Lists (ACLs) when specifying the object type or the inherited object type.

The type of access control (allow or deny) to remove. The for which to remove an access control rule. The access mask for the access control rule to be removed. Flags that specify the inheritance properties of the access control rule to be removed. Flags that specify the inheritance propagation properties for the access control rule to be removed. Flags that specify if the and parameters contain non- values. The identity of the class of objects to which the removed access control rule applies. The identity of the class of child objects which can inherit the removed access control rule. if this method successfully removes the specified access; otherwise, .

Removes the specified access control rule from the current object.

The type of access control (allow or deny) to remove. The for which to remove an access control rule. The for which to remove access. Returns .

Removes the specified Access Control Entry (ACE) from the current object.

Removes the specified Access Control Entry (ACE) from the current object. Use this method for directory object Access Control Lists (ACLs) when specifying the object type or the inherited object type for the ACE to be removed.

The type of access control (allow or deny) to remove. The for which to remove an ACE. The access mask for the ACE to be removed. Flags that specify the inheritance properties of the ACE to be removed. Flags that specify the inheritance propagation properties for the ACE to be removed. Flags that specify if the and parameters contain non- values. The identity of the class of objects to which the removed ACE applies. The identity of the class of child objects which can inherit the removed ACE.

Removes the specified Access Control Entry (ACE) from the current object.

The type of access control (allow or deny) to remove. The for which to remove an ACE. The for which to remove access.

Sets the specified access control for the specified object.

The type of access control (allow or deny) to set. The for which to set an ACE. The access rule for the new ACE. Flags that specify the inheritance properties of the new ACE. Flags that specify the inheritance propagation properties for the new ACE. Flags that specify if the and parameters contain non- values. The identity of the class of objects to which the new ACE applies. The identity of the class of child objects which can inherit the new ACE.

Sets the specified access control for the specified object.

The type of access control (allow or deny) to set. The for which to set an ACE. The for which to set access.

Represents an Access Control Entry (ACE), and is the base class for all other ACE classes.

Creates a deep copy of this Access Control Entry (ACE).

The object that this method creates.

Creates a object from the specified binary data.

The binary data from which to create the new object. The offset at which to begin unmarshaling. The object this method creates.

Determines whether the specified object is equal to the current object.

The object to compare to the current object. if the specified object is equal to the current object; otherwise, .

Marshals the contents of the object into the specified byte array beginning at the specified offset.

The byte array into which the contents of the is marshaled. The offset at which to start marshaling. is negative or too high to allow the entire to be copied into .

Serves as a hash function for the class. The method is suitable for use in hashing algorithms and data structures like a hash table.

A hash code for the current object.

Determines whether the specified objects are considered equal.

The first object to compare. The second to compare. if the two objects are equal; otherwise, .

Determines whether the specified objects are considered unequal.

The first object to compare. The second to compare. if the two objects are unequal; otherwise, .

Gets or sets the associated with this object.

The associated with this object.

Gets the type of this Access Control Entry (ACE).

The type of this ACE.

Gets the audit information associated with this Access Control Entry (ACE).

The audit information associated with this Access Control Entry (ACE).

Gets the length, in bytes, of the binary representation of the current object. This length should be used before marshaling the ACL into a binary array with the method.

The length, in bytes, of the binary representation of the current object.

Gets flags that specify the inheritance properties of this Access Control Entry (ACE).

Flags that specify the inheritance properties of this ACE.

Gets a Boolean value that specifies whether this Access Control Entry (ACE) is inherited or is set explicitly.

if this ACE is inherited; otherwise, .

Gets flags that specify the inheritance propagation properties of this Access Control Entry (ACE).

Flags that specify the inheritance propagation properties of this ACE.

Represents an access control list (ACL) and is the base class for the , , , and classes.

The revision level of the current . This value is returned by the property for Access Control Lists (ACLs) that are not associated with Directory Services objects.

The revision level of the current . This value is returned by the property for Access Control Lists (ACLs) that are associated with Directory Services objects.

The maximum allowed binary length of a object.

Initializes a new instance of the class.

Copies each of the current into the specified array.

The array into which copies of the objects contained by the current are placed. The zero-based index of where the copying begins.

Marshals the contents of the object into the specified byte array beginning at the specified offset.

The byte array into which the contents of the is marshaled. The offset at which to start marshaling. is negative or too high to allow the entire to be copied into .

Retrieves an object that you can use to iterate through the access control entries (ACEs) in an access control list (ACL).

An enumerator object.

Copies each of the current into the specified array.

The array into which copies of the objects contained by the current are placed. The zero-based index of where the copying begins.

Returns a new instance of the class cast as an instance of the interface.

A new object, cast as an instance of the interface.

Gets the length, in bytes, of the binary representation of the current object. This length should be used before marshaling the ACL into a binary array with the method.

The length, in bytes, of the binary representation of the current object.

Gets the number of access control entries (ACEs) in the current object.

The number of ACEs in the current object.

This property is always set to . It is implemented only because it is required for the implementation of the interface.

Always .

Gets or sets the at the specified index.

The zero-based index of the to get or set. The at the specified index.

Gets the revision level of the .

A byte value that specifies the revision level of the .

This property always returns . It is implemented only because it is required for the implementation of the interface.

Always returns .

Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

Returns an array of byte values that represents the information contained in this object.

The byte array into which the contents of the is marshaled. The offset at which to start marshaling. is negative or too high to allow the entire to be copied into .

Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections of the security descriptor that this object represents.

Specifies which sections (access rules, audit rules, primary group, owner) of the security descriptor to get. The SDDL representation of the specified sections of the security descriptor associated with this object.

Returns a boolean value that specifies whether the security descriptor associated with this object can be converted to the Security Descriptor Definition Language (SDDL) format.

if the security descriptor associated with this object can be converted to the Security Descriptor Definition Language (SDDL) format; otherwise, .

Gets the length, in bytes, of the binary representation of the current object. This length should be used before marshaling the ACL into a binary array with the method.

The length, in bytes, of the binary representation of the current object.

Gets values that specify behavior of the object.

One or more values of the enumeration combined with a logical OR operation.

Gets or sets the primary group for this object.

The primary group for this object.

Gets or sets the owner of the object associated with this object.

The owner of the object associated with this object.

Gets the revision level of the object.

A byte value that specifies the revision level of the .

Inheritance flags specify the semantics of inheritance for access control entries (ACEs).

The ACE is inherited by child container objects.

The ACE is not inherited by child objects.

The ACE is inherited by child leaf objects.

Encapsulates all Access Control Entry (ACE) types currently defined by Microsoft Corporation. All objects contain a 32-bit access mask and a object.

Gets or sets the access mask for this object.

The access mask for this object.

Gets or sets the object associated with this object.

The object associated with this object.

Provides the ability to control access to native objects without direct manipulation of Access Control Lists (ACLs). Native object types are defined by the enumeration.

Initializes a new instance of the class with the specified values.

if the new object is a container object. The type of securable object with which the new object is associated.

Initializes a new instance of the class with the specified values. We recommend that the values of the parameters passed to the constructor and persist methods be identical.

if the new object is a container object. The type of securable object with which the new object is associated. The handle of the securable object with which the new object is associated. One of the enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to include in this object. A delegate implemented by integrators that provides custom exceptions. An object that contains contextual information about the source or destination of the exception.

Initializes a new instance of the class by using the specified values.

if the new object is a container object. The type of securable object with which the new object is associated. A delegate implemented by integrators that provides custom exceptions. An object that contains contextual information about the source or destination of the exception.

Initializes a new instance of the class with the specified values. We recommend that the values of the parameters passed to the constructor and persist methods be identical.

if the new object is a container object. The type of securable object with which the new object is associated. The name of the securable object with which the new object is associated. One of the enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to include in this object. A delegate implemented by integrators that provides custom exceptions. An object that contains contextual information about the source or destination of the exception.

Saves the specified sections of the security descriptor associated with this object to permanent storage. We recommend.persist that the values of the parameters passed to the constructor and persist methods be identical.

The handle of the securable object with which this object is associated. One of the enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save. The securable object with which this object is associated is either a directory or a file, and that directory or file could not be found.

Saves the specified sections of the security descriptor associated with this object to permanent storage. We recommend that the values of the parameters passed to the constructor and persist methods be identical.

The handle of the securable object with which this object is associated. One of the enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save. An object that contains contextual information about the source or destination of the exception. The securable object with which this object is associated is either a directory or a file, and that directory or file could not be found.

The name of the securable object with which this object is associated. One of the enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save. The securable object with which this object is associated is either a directory or a file, and that directory or file could not be found.

The name of the securable object with which this object is associated. One of the enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save. An object that contains contextual information about the source or destination of the exception. The securable object with which this object is associated is either a directory or a file, and that directory or file could not be found.

Provides a way for integrators to map numeric error codes to specific exceptions that they create.

The numeric error code. The name of the securable object with which the object is associated. The handle of the securable object with which the object is associated. An object that contains contextual information about the source or destination of the exception. The this delegate creates.

Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated.

Initializes a new instance of the class with the specified values.

The identity to which the access rule applies. It must be an object that can be cast as a . The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators. if this rule is inherited from a parent container. Specifies the inheritance properties of the access rule. Specifies whether inherited access rules are automatically propagated. The propagation flags are ignored if is set to . The type of object to which the rule applies. The type of child object that can inherit the rule. Specifies whether this rule allows or denies access. The value of the parameter cannot be cast as a , or the parameter contains an invalid value. The value of the parameter is 0, or the or parameters contain unrecognized flag values.

Gets the type of child object that can inherit the object.

The type of child object that can inherit the object.

Gets flags that specify if the and properties of the object contain valid values.

specifies that the property contains a valid value. specifies that the property contains a valid value. These values can be combined with a logical OR.

Gets the type of object to which the applies.

The type of object to which the applies.

Controls access to Directory Services objects. This class represents an Access Control Entry (ACE) associated with a directory object.

Initiates a new instance of the class.

The inheritance, inheritance propagation, and auditing conditions for the new Access Control Entry (ACE). The use of the new ACE. The access mask for the ACE. The associated with the new ACE. Whether the and parameters contain valid object GUIDs. A GUID that identifies the object type to which the new ACE applies. A GUID that identifies the object type that can inherit the new ACE. if the new ACE is a callback type ACE. Opaque data associated with the new ACE. This is allowed only for callback ACE types. The length of this array must not be greater than the return value of the method. The qualifier parameter contains an invalid value or the length of the value of the opaque parameter is greater than the return value of the method.

Marshals the contents of the object into the specified byte array beginning at the specified offset.

The byte array into which the contents of the is marshaled. The offset at which to start marshaling. is negative or too high to allow the entire to be copied into .

Returns the maximum allowed length, in bytes, of an opaque data BLOB for callback Access Control Entries (ACEs).

True if the is a callback ACE type. The maximum allowed length, in bytes, of an opaque data BLOB for callback Access Control Entries (ACEs).

Gets the length, in bytes, of the binary representation of the current object. This length should be used before marshaling the ACL into a binary array with the method.

The length, in bytes, of the binary representation of the current object.

Gets or sets the GUID of the object type that can inherit the Access Control Entry (ACE) that this object represents.

The GUID of the object type that can inherit the Access Control Entry (ACE) that this object represents.

Gets or sets flags that specify whether the and properties contain values that identify valid object types.

On or more members of the enumeration combined with a logical OR operation.

Gets or sets the GUID of the object type associated with this object.

The GUID of the object type associated with this object.

Specifies the presence of object types for Access Control Entries (ACEs).

The type of object that can inherit the ACE.

No object types are present.

The type of object that is associated with the ACE is present.

Represents a combination of a user's identity, an access mask, and audit conditions. An object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated.

Initializes a new instance of the class.

The identity to which the access rule applies. It must be an object that can be cast as a . The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators. if this rule is inherited from a parent container. Specifies the inheritance properties of the access rule. Whether inherited access rules are automatically propagated. The propagation flags are ignored if is set to . The type of object to which the rule applies. The type of child object that can inherit the rule. The audit conditions. The value of the parameter cannot be cast as a , or the parameter contains an invalid value. The value of the parameter is 0, or the or parameters contain unrecognized flag values.

Gets the type of child object that can inherit the object.

The type of child object that can inherit the object.

and properties of the object contain valid values.

specifies that the property contains a valid value. specifies that the property contains a valid value. These values can be combined with a logical OR.

Gets the type of object to which the applies.

The type of object to which the applies.

Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs). This class is the abstract base class for the and classes.

Initializes a new instance of the class.

if the new object is a container object. True if the new object is a directory object.

Initializes a new instance of the class.

The of the new instance.

Initializes a new instance of the class with the specified values.

The identity to which the audit rule applies. It must be an object that can be cast as a . The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators. if this rule is inherited from a parent container. Specifies the inheritance properties of the audit rule. Specifies whether inherited audit rules are automatically propagated. The propagation flags are ignored if is set to . Specifies the conditions for which the rule is audited. The object that this method creates.

Gets the primary group associated with the specified owner.

The owner for which to get the primary group. The primary group associated with the specified owner.

Gets the owner associated with the specified primary group.

The primary group for which to get the owner. is . is not an type. Some or all identity references could not be translated. A Win32 error code was returned. The owner associated with the specified group.

Returns an array of byte values that represents the security descriptor information for this object.

An array of byte values that represents the security descriptor for this object. This method returns if there is no security information in this object.

Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections of the security descriptor associated with this object.

Returns a Boolean value that specifies whether the security descriptor associated with this object can be converted to the Security Descriptor Definition Language (SDDL) format.

if the security descriptor associated with this object can be converted to the Security Descriptor Definition Language (SDDL) format; otherwise, .

Applies the specified modification to the Discretionary Access Control List (DACL) associated with this object.

The modification to apply to the DACL. The access rule to modify. if the DACL is successfully modified; otherwise, . if the DACL is successfully modified; otherwise, .

Applies the specified modification to the Discretionary Access Control List (DACL) associated with this object.

The modification to apply to the DACL. The access rule to modify. if the DACL is actually modified; otherwise, . if the DACL is successfully modified; otherwise, .

Applies the specified modification to the System Access Control List (SACL) associated with this object.

The modification to apply to the SACL. The audit rule to modify. if the SACL is actually modified; otherwise, . if the SACL is successfully modified; otherwise, .

Applies the specified modification to the System Access Control List (SACL) associated with this object.

The modification to apply to the SACL. The audit rule to modify. if the SACL is successfully modified; otherwise, . if the SACL is successfully modified; otherwise, .

to enable the privilege that allows the caller to take ownership of the object. The name used to retrieve the persisted information. One of the enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.

The handle used to retrieve the persisted information. One of the enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.

The name used to retrieve the persisted information. One of the enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.

Removes all access rules associated with the specified .

The for which to remove all access rules. All access rules are not in canonical order.

Removes all audit rules associated with the specified .

The for which to remove all audit rules. All audit rules are not in canonical order.

Locks this object for read access.

Unlocks this object for read access.

Sets or removes protection of the access rules associated with this object. Protected access rules cannot be modified by parent objects through inheritance.

to protect the access rules associated with this object from inheritance; to allow inheritance. to preserve inherited access rules; to remove inherited access rules. This parameter is ignored if is . This method attempts to remove inherited rules from a non-canonical Discretionary Access Control List (DACL).

Sets or removes protection of the audit rules associated with this object. Protected audit rules cannot be modified by parent objects through inheritance.

to protect the audit rules associated with this object from inheritance; to allow inheritance. to preserve inherited audit rules; to remove inherited audit rules. This parameter is ignored if is . This method attempts to remove inherited rules from a non-canonical System Access Control List (SACL).

Sets the primary group for the security descriptor associated with this object.

The primary group to set.

Sets the owner for the security descriptor associated with this object.

The owner to set.

Sets the security descriptor for this object from the specified array of byte values.

The array of bytes from which to set the security descriptor.

Sets the specified sections of the security descriptor for this object from the specified array of byte values.

The array of bytes from which to set the security descriptor. The sections (access rules, audit rules, owner, primary group) of the security descriptor to set.

Sets the security descriptor for this object from the specified Security Descriptor Definition Language (SDDL) string.

The SDDL string from which to set the security descriptor.

Sets the specified sections of the security descriptor for this object from the specified Security Descriptor Definition Language (SDDL) string.

The SDDL string from which to set the security descriptor. The sections (access rules, audit rules, owner, primary group) of the security descriptor to set.

Locks this object for write access.

Unlocks this object for write access.

Gets the of the securable object associated with this object.

The type of the securable object associated with this object.

Gets or sets a Boolean value that specifies whether the access rules associated with this object have been modified.

if the access rules associated with this object have been modified; otherwise, .

Gets the of the object associated with the access rules of this object. The object must be an object that can be cast as a object.

The type of the object associated with the access rules of this object.

Gets a Boolean value that specifies whether the access rules associated with this object are in canonical order.

if the access rules are in canonical order; otherwise, .

Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated with this object is protected.

if the DACL is protected; otherwise, .

Gets a Boolean value that specifies whether the audit rules associated with this object are in canonical order.

if the audit rules are in canonical order; otherwise, .

Gets a Boolean value that specifies whether the System Access Control List (SACL) associated with this object is protected.

if the SACL is protected; otherwise, .

Gets or sets a Boolean value that specifies whether the audit rules associated with this object have been modified.

if the audit rules associated with this object have been modified; otherwise, .

Gets the object associated with the audit rules of this object. The object must be an object that can be cast as a object.

The type of the object associated with the audit rules of this object.

Gets or sets a Boolean value that specifies whether the group associated with the securable object has been modified.

if the group associated with the securable object has been modified; otherwise, .

Gets a Boolean value that specifies whether this object is a container object.

if the object is a container object; otherwise, .

Gets a Boolean value that specifies whether this object is a directory object.

if the object is a directory object; otherwise, .

Gets or sets a Boolean value that specifies whether the owner of the securable object has been modified.

if the owner of the securable object has been modified; otherwise, .

Gets the security descriptor for this instance.

The security descriptor for this instance.

Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs); also grants the ability to type-cast access rights.

The access rights for the object.

Initializes a new instance of the ObjectSecurity`1 class.

if the new object is a container object. The type of resource.

Initializes a new instance of the ObjectSecurity`1 class.

if the new object is a container object. The type of resource. A handle. The sections to include.

Initializes a new instance of the ObjectSecurity`1 class.

if the new object is a container object. The type of resource. A handle. The sections to include. A delegate implemented by integrators that provides custom exceptions. An object that contains contextual information about the source or destination of the exception.

Initializes a new instance of the ObjectSecurity`1 class.

if the new object is a container object. The type of resource. The name of the securable object with which the new object is associated. The sections to include.

Initializes a new instance of the ObjectSecurity`1 class.

if the new object is a container object. The type of resource. The name of the securable object with which the new object is associated. The sections to include. A delegate implemented by integrators that provides custom exceptions. An object that contains contextual information about the source or destination of the exception.

Initializes a new instance of the ObjectAccessRule class that represents a new access control rule for the associated security object.

Represents a user account. The access type. if the access rule is inherited; otherwise, . Specifies how to propagate access masks to child objects. Specifies how to propagate Access Control Entries (ACEs) to child objects. Specifies whether access is allowed or denied. Represents a new access control rule for the specified user, with the specified access rights, access control, and flags.

Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object.

The rule to add.

Adds the specified audit rule to the System Access Control List (SACL) associated with this ObjectSecurity`1 object.

The audit rule to add.

Initializes a new instance of the class representing the specified audit rule for the specified user.

Represents a user account. An integer that specifies an access type. if the access rule is inherited; otherwise, . Specifies how to propagate access masks to child objects. Specifies how to propagate Access Control Entries (ACEs) to child objects. Describes the type of auditing to perform. The specified audit rule for the specified user.

Saves the security descriptor associated with this ObjectSecurity`1 object to permanent storage, using the specified handle.

The handle of the securable object with which this ObjectSecurity`1 object is associated.

Saves the security descriptor associated with this ObjectSecurity`1 object to permanent storage, using the specified name.

The name of the securable object with which this ObjectSecurity`1 object is associated.

Removes access rules that contain the same security identifier and access mask as the specified access rule from the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object.

The rule to remove. if the access rule was successfully removed; otherwise, .

Removes all access rules that have the same security identifier as the specified access rule from the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object.

The access rule to remove.

Removes all access rules that exactly match the specified access rule from the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object.

The access rule to remove.

Removes audit rules that contain the same security identifier and access mask as the specified audit rule from the System Access Control List (SACL) associated with this ObjectSecurity`1 object.

The audit rule to remove. if the object was removed; otherwise, .

Removes all audit rules that have the same security identifier as the specified audit rule from the System Access Control List (SACL) associated with this ObjectSecurity`1 object.

The audit rule to remove.

Removes all audit rules that exactly match the specified audit rule from the System Access Control List (SACL) associated with this ObjectSecurity`1 object.

The audit rule to remove.

Removes all access rules in the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object and then adds the specified access rule.

The access rule to reset.

The access rule to set.

Removes all audit rules that contain the same security identifier and qualifier as the specified audit rule in the System Access Control List (SACL) associated with this ObjectSecurity`1 object and then adds the specified audit rule.

The audit rule to set.

Gets the Type of the securable object associated with this ObjectSecurity`1 object.

The type of the securable object associated with the current instance.

Gets the Type of the object associated with the access rules of this ObjectSecurity`1 object.

The Type of the object associated with the access rules of the current instance.

Gets the Type object associated with the audit rules of this ObjectSecurity`1 object.

The Type object associated with the audit rules of the current instance.

The exception that is thrown when a method in the namespace attempts to enable a privilege that it does not have.

Initializes a new instance of the class.

Initializes a new instance of the class by using the specified privilege.

The privilege that is not enabled.

Initializes a new instance of the class by using the specified exception.

The privilege that is not enabled. The exception that is the cause of the current exception. If the innerException parameter is not a null reference ( in Visual Basic), the current exception is raised in a block that handles the inner exception.

Sets the parameter with information about the exception.

The that holds the serialized object data about the exception being thrown. The that contains contextual information about the source or destination.

Gets the name of the privilege that is not enabled.

The name of the privilege that the method failed to enable.

Specifies how Access Control Entries (ACEs) are propagated to child objects. These flags are significant only if inheritance flags are present.

Specifies that the ACE is propagated only to child objects. This includes both container and leaf child objects.

Specifies that no inheritance flags are set.

Specifies that the ACE is not propagated to child objects.

Represents an Access Control Entry (ACE) that contains a qualifier. The qualifier, represented by an object, specifies whether the ACE allows access, denies access, causes system audits, or causes system alarms. The class is the abstract base class for the and classes.

Returns the opaque callback data associated with this object.

An array of byte values that represents the opaque callback data associated with this object.

Sets the opaque callback data associated with this object.

An array of byte values that represents the opaque callback data for this object.

Gets a value that specifies whether the ACE allows access, denies access, causes system audits, or causes system alarms.

A value that specifies whether the ACE allows access, denies access, causes system audits, or causes system alarms.

Specifies whether this object contains callback data.

if this object contains callback data; otherwise, false.

Gets the length of the opaque callback data associated with this object. This property is valid only for callback Access Control Entries (ACEs).

The length of the opaque callback data.

Represents an Access Control List (ACL).

Initializes a new instance of the class with the specified revision level.

The revision level of the new Access Control List (ACL). The number of Access Control Entries (ACEs) this object can contain. This number is to be used only as a hint.

Initializes a new instance of the class from the specified binary form.

An array of byte values that represent an Access Control List (ACL). The offset in the parameter at which to begin unmarshaling data.

Marshals the contents of the object into the specified byte array beginning at the specified offset.

The byte array into which the contents of the is marshaled. The offset at which to start marshaling. is negative or too high to allow the entire to be copied into .

Inserts the specified Access Control Entry (ACE) at the specified index.

The position at which to add the new ACE. Specify the value of the property to insert an ACE at the end of the object. The ACE to insert. is negative or too high to allow the entire to be copied into .

Removes the Access Control Entry (ACE) at the specified location.

The zero-based index of the ACE to remove. The value of the parameter is higher than the value of the property minus one or is negative.

Gets the length, in bytes, of the binary representation of the current object. This length should be used before marshaling the ACL into a binary array with the method.

The length, in bytes, of the binary representation of the current object.

Gets the number of access control entries (ACEs) in the current object.

The number of ACEs in the current object.

Gets or sets the Access Control Entry (ACE) at the specified index.

The zero-based index of the ACE to get or set. The ACE at the specified index.

Gets the revision level of the .

A byte value that specifies the revision level of the .

Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

Initializes a new instance of the class from the specified array of byte values.

The array of byte values from which to create the new object. The offset in the array at which to begin copying.

Initializes a new instance of the class with the specified values.

Flags that specify behavior of the new object. The owner for the new object. The primary group for the new object. The System Access Control List (SACL) for the new object. The Discretionary Access Control List (DACL) for the new object.

Initializes a new instance of the class from the specified Security Descriptor Definition Language (SDDL) string.

The SDDL string from which to create the new object. The SDDL form of a security descriptor object is invalid.

Sets the property of this object to the specified value.

One or more values of the enumeration combined with a logical OR operation.

Gets values that specify behavior of the object.

One or more values of the enumeration combined with a logical OR operation.

Gets or sets the Discretionary Access Control List (DACL) for this object. The DACL contains access rules.

The DACL for this object.

Gets or sets the primary group for this object.

The primary group for this object.

Gets or sets the owner of the object associated with this object.

The owner of the object associated with this object.

Gets or sets a byte value that represents the resource manager control bits associated with this object.

A byte value that represents the resource manager control bits associated with this object.

Gets or sets the System Access Control List (SACL) for this object. The SACL contains audit rules.

The SACL for this object.

Specifies the defined native object types.

A directory service (DS) object or a property set or property of a directory service object.

A directory service object and all of its property sets and properties.

A file or directory.

A local kernel object.

A network share.

A printer.

An object defined by a provider.

A registry key.

An object for a registry entry under WOW64.

A Windows service.

An unknown object type.

A window station or desktop object on the local computer.

A Windows Management Instrumentation (WMI) object.

Specifies the section of a security descriptor to be queried or set.

Specifies the discretionary access control list (DACL).

Specifies the primary group identifier.

Specifies the owner identifier.

Specifies the system access control list (SACL).

Represents a System Access Control List (SACL).

Initializes a new instance of the class with the specified values.

Initializes a new instance of the class with the specified values from the specified object.

if the new object is a container. if the new object is a directory object Access Control List (ACL). The underlying object for the new object. Specify to create an empty ACL.

Adds an audit rule to the current object.

Adds an audit rule with the specified settings to the current object. Use this method for directory object Access Control Lists (ACLs) when specifying the object type or the inherited object type for the new audit rule.

The type of audit rule to add. The for which to add an audit rule. The access mask for the new audit rule. Flags that specify the inheritance properties of the new audit rule. Flags that specify the inheritance propagation properties for the new audit rule. Flags that specify if the and parameters contain non- values. The identity of the class of objects to which the new audit rule applies. The identity of the class of child objects which can inherit the new audit rule.

Adds an audit rule to the current object.

The for which to add an audit rule. The for the new audit rule.

Removes the specified audit rule from the current object.

Removes the specified audit rule from the current object. Use this method for directory object Access Control Lists (ACLs) when specifying the object type or the inherited object type.

The type of audit rule to remove. The for which to remove an audit rule. The access mask for the rule to be removed. Flags that specify the inheritance properties of the rule to be removed. Flags that specify the inheritance propagation properties for the rule to be removed. Flags that specify if the and parameters contain non- values. The identity of the class of objects to which the removed audit control rule applies. The identity of the class of child objects which can inherit the removed audit rule. if this method successfully removes the specified audit rule; otherwise, .

Removes the specified audit rule from the current object.

The for which to remove an audit rule. The for which to remove an audit rule. if this method successfully removes the specified audit rule; otherwise, .

Removes the specified audit rule from the current object.

Removes the specified audit rule from the current object. Use this method for directory object Access Control Lists (ACLs) when specifying the object type or the inherited object type.

Removes the specified audit rule from the current object.

The for which to remove an audit rule. The for the rule to be removed.

Sets the specified audit rule for the specified object.

Sets the specified audit rule for the specified object. Use this method for directory object Access Control Lists (ACLs) when specifying the object type or the inherited object type.

The audit condition to set. The for which to set an audit rule. The access mask for the new audit rule. Flags that specify the inheritance properties of the new audit rule. Flags that specify the inheritance propagation properties for the new audit rule. Flags that specify if the and parameters contain non- values. The identity of the class of objects to which the new audit rule applies. The identity of the class of child objects which can inherit the new audit rule.

Sets the specified audit rule for the specified object.

The for which to set an audit rule. The for which to set an audit rule.

Defines the set of information that constitutes input to security policy decisions. This class cannot be inherited.

Initializes a new empty instance of the class.

Initializes a new instance of the class from multiple sets of host and assembly evidence.

The host evidence from which to create the new instance. The assembly evidence from which to create the new instance.

Initializes a new instance of the class from a shallow copy of an existing one.

The instance from which to create the new instance. This instance is not deep-copied. The parameter is not a valid instance of .

Initializes a new instance of the class from multiple sets of host and assembly evidence.

The host evidence from which to create the new instance. The assembly evidence from which to create the new instance.

Adds the specified assembly evidence to the evidence set.

Any evidence object. is null. is not serializable.

Adds an evidence object of the specified type to the assembly-supplied evidence list.

The assembly evidence to add. The type of the object in . is . Evidence of type is already in the list. is not serializable.

Adds the specified evidence supplied by the host to the evidence set.

Any evidence object. is null. is not serializable.

Adds host evidence of the specified type to the host evidence collection.

The host evidence to add. The type of the object in . is . Evidence of type is already in the list.

Removes the host and assembly evidence from the evidence set.

Returns a duplicate copy of this evidence object.

A duplicate copy of this evidence object.

Copies evidence objects to an .

The target array to which to copy evidence objects. The zero-based position in the array to which to begin copying evidence objects. is null. is outside the range of the target array.

Enumerates evidence provided by the assembly.

An enumerator for evidence added by the method.

Gets assembly evidence of the specified type from the collection.

The type of the evidence to get. Evidence of type in the assembly evidence collection.

Enumerates all evidence in the set, both that provided by the host and that provided by the assembly.

An enumerator for evidence added by both the method and the method.

Enumerates evidence supplied by the host.

An enumerator for evidence added by the method.

Gets host evidence of the specified type from the collection.

The type of the evidence to get. Evidence of type in the host evidence collection.

Merges the specified evidence set into the current evidence set.

The evidence set to be merged into the current evidence set. The parameter is not a valid instance of . is , the code that calls this method does not have , and the parameter has a host list that is not empty.

Removes the evidence for a given type from the host and assembly enumerations.

The type of the evidence to be removed. is null.

Gets the number of evidence objects in the evidence set.

The number of evidence objects in the evidence set.

Gets a value indicating whether the evidence set is read-only.

Always , because read-only evidence sets are not supported.

Gets a value indicating whether the evidence set is thread-safe.

Always because thread-safe evidence sets are not supported.

Gets or sets a value indicating whether the evidence is locked.

if the evidence is locked; otherwise, . The default is .

Gets the synchronization root.

Always ( in Visual Basic), because synchronization of evidence sets is not supported.

Provides a base class from which all objects to be used as evidence must derive.

Initializes a new instance of the class.

An object to be used as evidence is not serializable.

Creates a new object that is a complete copy of the current instance.

A duplicate copy of this evidence object.