RsopCreateSession method of the RsopLoggingModeProvider class
Takes a snapshot of actual policy data for display by the RSoP MMC snap-in (rsop.msc).
This method is implemented in the provider.
Syntax
static void RsopCreateSession(
[in] uint32 flags,
[in] string userSid,
[out] string nameSpace,
[out] uint32 hResult,
[out] uint32 ExtendedInfo
);
Parameters
-
flags [in]
-
Specifies a set of bit flags. You can use this parameter to specify the type of data to retrieve. If you do not specify a type, the method retrieves both user and computer data. You can also specify whether the system should create a new snapshot of the WMI namespace to contain the RSoP data.
-
FLAG_NO_USER
-
Retrieve RSoP computer data only.
-
FLAG_NO_COMPUTER
-
Retrieve RSoP user data only.
-
FLAG_FORCE_CREATENAMESPACE
-
Create a temporary snapshot of the WMI namespace. For more information, see the following Remarks section.
userSid [in]
Specifies the SID of the user of interest. If this parameter is NULL, the function uses the SID of the calling thread. For more information, see Security Identifiers.
nameSpace [out]
Specifies the RSoP namespace where logging mode data is created. Computer data is stored under "nameSpace\Computer" and user data is stored under "nameSpace\User\{Sid}". An example of a namespace would be "\\.\Root\Rsop\NS71EF4AA3_FB96_465F_AC1C_DFCF9A3E9010".
You can run the RSoP MMC snap-in to display the data in the RSoP namespace, specifying the generated namespace and the computer on which the logging mode provider was invoked. For more information, see the following Remarks section.
hResult [out]
An HRESULT that indicates the success or failure of the method. If the method succeeds, the return value is S_OK. Otherwise, the method returns one of the COM error codes defined in the Platform SDK header file WinError.h.
ExtendedInfo [out]
Currently, this parameter can have one of the following values.
RSOP_USER_ACCESS_DENIED
User RSoP data is not available to the user.
RSOP_COMPUTER_ACCESS_DENIED
Computer RSoP data is not available to the user.
RSOP_TEMPNAMESPACE_EXISTS
The value FLAG_FORCE_CREATENAMESPACE was not specified in the flags parameter and a snapshot of the namespace already exists; the user is not an administrator. For more information, see the following Remarks section.
Return value
This method has no return value. For more information, see the description of the hResult parameter.
Remarks
Non-administrative users and users without RSoP delegation are allowed one temporary RSoP namespace for logging mode data. If you pass the FLAG_FORCE_CREATENAMESPACE flag to the RsopCreateSession method, the logging mode provider deletes the user's existing RSoP namespace and creates a new namespace for the user with updated logging mode data.
To view RSoP logging mode data, an administrator could pass the namespace returned by this method as a command-line parameter to the RSoP MMC snap-in. For example, if you run the snap-in on the computer "TestDC.example.microsoft.com", you could invoke the snap-in in the following manner:
Rsop.msc /RsopNamespace:"\\.\Root\Rsop\NS71EF4AA3_FB96_465F_AC1C_DFCF9A3E9010" /RsopTargetComp:"TestDC.example.microsoft.com"
To remotely target the RSoP snap-in to the same namespace, you could invoke the snap-in in the following manner:
Rsop.msc /RsopNamespace:"\\TestDC.example.microsoft.com\Root\Rsop\NS71EF4AA3_FB96_465F_AC1C_DFCF9A3E9010" /RsopTargetComp:"TestDC.example.microsoft.com"
For more information about running rsop.msc from the command-line, see the Windows Server Help.
Requirements
| Minimum supported client |
Windows Vista |
| Minimum supported server |
Windows Server 2008 |
| Namespace |
Root\RSOP\Computer |
| MOF |
|
| DLL |
|