<xsd:element name="data" minOccurs="0" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="system_characteristics:dataType">
<xsd:sequence>
<xsd:element name="account_domain" type="system_characteristics:dataStringType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The domain the specified account belongs to.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="account_sid" type="system_characteristics:dataStringType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The SID of the specified account.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seassignprimarytokenprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a parent process to replace the access token that is associated with a child process.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seauditprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to generate audit records in the security log. The security log can be used to trace unauthorized system access.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sebackupprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to circumvent file and directory permissions to back up the system. The privilege is selected only when an application attempts access by using the NTFS backup application programming interface (API). Otherwise, normal file and directory permissions apply.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sechangenotifyprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to pass through folders to which the user otherwise has no access while navigating an object path in the NTFS file system or in the registry. This privilege does not allow the user to list the contents of a folder; it allows the user only to traverse its directories.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secreateglobalprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to create named file mapping objects in the global namespace during Terminal Services sessions.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secreatepagefileprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to create and change the size of a pagefile.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secreatepermanentprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to create a directory object in the object manager. It is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode have this privilege inherently.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secreatetokenprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to create an access token by calling NtCreateToken() or other token-creating APIs.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedebugprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to attach a debugger to any process. It provides access to sensitive and critical operating system components.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seenabledelegationprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to change the Trusted for Delegation setting on a user or computer object in Active Directory. The user or computer that is granted this privilege must also have write access to the account control flags on the object.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seimpersonateprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to impersonate a client after authentication. It is not supported on Windows XP, Windows 2000 SP3 and earlier, or Windows NT.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seincreasebasepriorityprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to increase the base priority class of a process.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seincreasequotaprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process that has access to a second process to increase the processor quota assigned to the second process.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seloaddriverprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to install and remove drivers for Plug and Play devices.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="selockmemoryprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="semachineaccountprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to add a computer to a specific domain.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="semanagevolumeprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a non-administrative or remote user to manage volumes or disks.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seprofilesingleprocessprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to sample the performance of an application process.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seremoteshutdownprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to shut down a computer from a remote location on the network. </xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="serestoreprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to circumvent file and directory permissions when restoring backed-up files and directories and to set any valid security principal as the owner of an object.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesecurityprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to specify object access auditing options for individual resources such as files, Active Directory objects, and registry keys. A user who has this privilege can also view and clear the security log from Event Viewer.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seshutdownprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to shut down the local computer.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesyncagentprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to read all objects and properties in the directory, regardless of the protection on the objects and properties. It is required in order to use Lightweight Directory Access Protocol (LDAP) directory synchronization (Dirsync) services.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesystemenvironmentprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows modification of system environment variables either by a process through an API or by a user through System Properties.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesystemprofileprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to sample the performance of system processes.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesystemtimeprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to adjust the time on the computer's internal clock. It is not required to change the time zone or other display characteristics of the system time.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="setakeownershipprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to take ownership of any securable object in the system, including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes, and threads.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="setcbprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seundockprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user of a portable computer to undock the computer by clicking Eject PC on the Start menu.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seunsolicitedinputprivilege" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to read unsolicited data from a terminal device.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sebatchlogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on using the batch logon type.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seinteractivelogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on using the interactive logon type.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="senetworklogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on using the network logon type.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seremoteinteractivelogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on to the computer by using a Remote Desktop connection.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seservicelogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on using the service logon type.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenybatchLogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the batch logon type.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenyinteractivelogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the interactive logon type.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenynetworklogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the network logon type.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenyremoteInteractivelogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on through Terminal Services.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenyservicelogonright" type="system_characteristics:dataBoolType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the service logon type.</xsd:documentation>
<xsd:appinfo>
<parent_item>accountprivileges_item</parent_item>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>boolean</valid_datatypes>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
|
XSD Schema Diagram:
