TaskSecurity Class

Represents the Windows access control security for a Task Scheduler task. This class cannot be inherited.

Definition

Namespace: Microsoft.Win32.TaskScheduler
Assembly: Microsoft.Win32.TaskScheduler (in Microsoft.Win32.TaskScheduler.dll) Version: 2.11.1
public sealed class TaskSecurity : CommonObjectSecurity
Inheritance
Object    ObjectSecurity    CommonObjectSecurity    TaskSecurity

Remarks

A TaskSecurity object specifies access rights for a Task Scheduler task, and also specifies how access attempts are audited. Access rights to the task are expressed as rules, with each access rule represented by a TaskAccessRule object. Each auditing rule is represented by a TaskAuditRule object.

This mirrors the underlying Windows security system, in which each securable object has at most one discretionary access control list (DACL) that controls access to the secured object, and at most one system access control list (SACL) that specifies which access attempts are audited. The DACL and SACL are ordered lists of access control entries (ACE) that specify access and auditing for users and groups. A TaskAccessRule or TaskAuditRule object might represent more than one ACE.

Note

A Task object can represent a local task or a Task Scheduler task. Windows access control security is meaningful only for Task Scheduler tasks.

The TaskSecurity, TaskAccessRule, and TaskAuditRule classes hide the implementation details of ACLs and ACEs. They allow you to ignore the seventeen different ACE types and the complexity of correctly maintaining inheritance and propagation of access rights. These objects are also designed to prevent the following common access control errors:

  • Creating a security descriptor with a null DACL. A null reference to a DACL allows any user to add access rules to an object, potentially creating a denial-of-service attack. A new TaskSecurity object always starts with an empty DACL, which denies all access for all users.
  • Violating the canonical ordering of ACEs. If the ACE list in the DACL is not kept in the canonical order, users might inadvertently be given access to the secured object. For example, denied access rights must always appear before allowed access rights. TaskSecurity objects maintain the correct order internally.
  • Manipulating security descriptor flags, which should be under resource manager control only.
  • Creating invalid combinations of ACE flags.
  • Manipulating inherited ACEs. Inheritance and propagation are handled by the resource manager, in response to changes you make to access and audit rules.
  • Inserting meaningless ACEs into ACLs.

The only capabilities not supported by the .NET security objects are dangerous activities that should be avoided by the majority of application developers, such as the following:

  • Low-level tasks that are normally performed by the resource manager.
  • Adding or removing access control entries in ways that do not maintain the canonical ordering.

To modify Windows access control security for a task, use the GetAccessControl method to get the TaskSecurity object. Modify the security object by adding and removing rules, and then use the SetAccessControl(TaskSecurity) method to reattach it.

Important: Changes you make to a TaskSecurity object do not affect the access levels of the task until you call the SetAccessControl(TaskSecurity) method to assign the altered security object to the task.

To copy access control security from one task to another, use the GetAccessControl method to get a TaskSecurity object representing the access and audit rules for the first task, then use the SetAccessControl(TaskSecurity) method, or a constructor that accepts a TaskSecurity object, to assign those rules to the second task.

Users with an investment in the security descriptor definition language (SDDL) can use the SetSecurityDescriptorSddlForm(String, TaskSetSecurityOptions) method to set access rules for a task, and the GetSecurityDescriptorSddlForm(SecurityInfos) method to obtain a string that represents the access rules in SDDL format. This is not recommended for new development.

Constructors

TaskSecurity Initializes a new instance of the TaskSecurity class with default values.
TaskSecurity(Task, AccessControlSections) Initializes a new instance of the TaskSecurity class with the specified sections of the access control security rules from the specified task.
TaskSecurity(TaskFolder, AccessControlSections) Initializes a new instance of the TaskSecurity class with the specified sections of the access control security rules from the specified task.

Properties

AccessRightType Gets the enumeration that the TaskSecurity class uses to represent access rights.
(Overrides ObjectSecurityAccessRightType)
AccessRuleType Gets the type that the TaskSecurity class uses to represent access rules.
(Overrides ObjectSecurityAccessRuleType)
AuditRuleType Gets the type that the TaskSecurity class uses to represent audit rules.
(Overrides ObjectSecurityAuditRuleType)
DefaultTaskSecurity Gets a TaskSecurity object that represent the default access rights.

Methods

AccessRuleFactory Creates a new access control rule for the specified user, with the specified access rights, access control, and flags.
(Overrides ObjectSecurityAccessRuleFactory(IdentityReference, Int32, Boolean, InheritanceFlags, PropagationFlags, AccessControlType))
AddAccessRule Searches for a matching rule with which the new rule can be merged. If none are found, adds the new rule.
AddAuditRule Searches for an audit rule with which the new rule can be merged. If none are found, adds the new rule.
AuditRuleFactory Creates a new audit rule, specifying the user the rule applies to, the access rights to audit, and the outcome that triggers the audit rule.
(Overrides ObjectSecurityAuditRuleFactory(IdentityReference, Int32, Boolean, InheritanceFlags, PropagationFlags, AuditFlags))
EqualsDetermines whether the specified object is equal to the current object.
(Inherited from Object)
FinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.
(Inherited from Object)
GetHashCodeServes as the default hash function.
(Inherited from Object)
GetTypeGets the Type of the current instance.
(Inherited from Object)
MemberwiseCloneCreates a shallow copy of the current Object.
(Inherited from Object)
Persist Saves the specified sections of the security descriptor associated with this ObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical. For more information, see Remarks.
(Overrides ObjectSecurityPersist(String, AccessControlSections))
RemoveAccessRule Searches for an access control rule with the same user and AccessControlType (allow or deny) as the specified rule, and with compatible inheritance and propagation flags; if such a rule is found, the rights contained in the specified access rule are removed from it.
RemoveAccessRuleAll Searches for all access control rules with the same user and AccessControlType (allow or deny) as the specified rule and, if found, removes them.
RemoveAccessRuleSpecific Searches for an access control rule that exactly matches the specified rule and, if found, removes it.
RemoveAuditRule Searches for an audit control rule with the same user as the specified rule, and with compatible inheritance and propagation flags; if a compatible rule is found, the rights contained in the specified rule are removed from it.
RemoveAuditRuleAll Searches for all audit rules with the same user as the specified rule and, if found, removes them.
RemoveAuditRuleSpecific Searches for an audit rule that exactly matches the specified rule and, if found, removes it.
ResetAccessRule Removes all access control rules with the same user as the specified rule, regardless of AccessControlType, and then adds the specified rule.
SetAccessRule Removes all access control rules with the same user and AccessControlType (allow or deny) as the specified rule, and then adds the specified rule.
SetAuditRule Removes all audit rules with the same user as the specified rule, regardless of the AuditFlags value, and then adds the specified rule.
ToString Returns a String that represents this instance.
(Overrides ObjectToString)

See Also