wfascim.dll.mui Network Management Value Objects 9e5d3e4ea8bf29b4f972834560edef78

File info

File name: wfascim.dll.mui
Size: 243200 byte
MD5: 9e5d3e4ea8bf29b4f972834560edef78
SHA1: 4ca1827b980f39fb75f0451292f1341600822331
SHA256: eaf2ccd1100b2edeb2642802b4cc23f76aaa1c4f19ae9578c8314011c6b7e4c5
Operating systems: Windows 10
Extension: MUI

Translations messages and strings

If an error occurred or the following message in English (British) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id English (British) English
1InstanceID is an optional property that may be used to opaquely and uniquely identify an instance of this class within the scope of the instantiating Namespace. Various subclasses of this class may override this property to make it required, or a key. Such subclasses may also modify the preferred algorithms for ensuring uniqueness that are defined below.
To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm:
:
Where and are separated by a colon (:), and where must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the _ structure of Schema class names.) In addition, to ensure uniqueness, must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between and .
is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If not null and the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
If not set to null for DMTF-defined instances, the "preferred" algorithm must be used with the set to CIM.
InstanceID is an optional property that may be used to opaquely and uniquely identify an instance of this class within the scope of the instantiating Namespace. Various subclasses of this class may override this property to make it required, or a key. Such subclasses may also modify the preferred algorithms for ensuring uniqueness that are defined below.
To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm:
:
Where and are separated by a colon (:), and where must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the _ structure of Schema class names.) In addition, to ensure uniqueness, must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between and .
is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If not null and the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
If not set to null for DMTF-defined instances, the "preferred" algorithm must be used with the set to CIM.
2The Caption property is a short textual description (one- line string) of the object. The Caption property is a short textual description (one- line string) of the object.
3The Description property provides a textual description of the object. The Description property provides a textual description of the object.
4A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class.
A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class.
52.19.0 2.19.0
6ManagedElement is an abstract class that provides a common superclass (or top of the inheritance tree) for the non-association classes in the CIM Schema. ManagedElement is an abstract class that provides a common superclass (or top of the inheritance tree) for the non-association classes in the CIM Schema.
7A datetime value that indicates when the object was installed. Lack of a value does not indicate that the object is not installed. A datetime value that indicates when the object was installed. Lack of a value does not indicate that the object is not installed.
8The Name property defines the label by which the object is known. When subclassed, the Name property can be overridden to be a Key property. The Name property defines the label by which the object is known. When subclassed, the Name property can be overridden to be a Key property.
9Indicates the current statuses of the element. Various operational statuses are defined. Many of the enumeration\'s values are self-explanatory. However, a few are not and are described here in more detail.
"Stressed" indicates that the element is functioning, but needs attention. Examples of "Stressed" states are overload, overheated, and so on.
"Predictive Failure" indicates that an element is functioning nominally but predicting a failure in the near future.
"In Service" describes an element being configured, maintained, cleaned, or otherwise administered.
"No Contact" indicates that the monitoring system has knowledge of this element, but has never been able to establish communications with it.
"Lost Communication" indicates that the ManagedSystem Element is known to exist and has been contacted successfully in the past, but is currently unreachable.
"Stopped" and "Aborted" are similar, although the former implies a clean and orderly stop, while the latter implies an abrupt stop where the state and configuration of the element might need to be updated.
"Dormant" indicates that the element is inactive or quiesced.
"Supporting Entity in Error" indicates that this element might be "OK" but that another element, on which it is dependent, is in error. An example is a network service or endpoint that cannot function due to lower-layer networking problems.
"Completed" indicates that the element has completed its operation. This value should be combined with either OK, Error, or Degraded so that a client can tell if the complete operation Completed with OK (passed), Completed with Error (failed), or Completed with Degraded (the operation finished, but it did not complete OK or did not report an error).
"Power Mode" indicates that the element has additional power model information contained in the Associated PowerManagementService association.
OperationalStatus replaces the Status property on ManagedSystemElement to provide a consistent approach to enumerations, to address implementation needs for an array property, and to provide a migration path from today\'s environment to the future. This change was not made earlier because it required the deprecated qualifier. Due to the widespread use of the existing Status property in management applications, it is strongly recommended that providers or instrumentation provide both the Status and OperationalStatus properties. Further, the first value of OperationalStatus should contain the primary status for the element. When instrumented, Status (because it is single-valued) should also provide the primary status of the element.
Indicates the current statuses of the element. Various operational statuses are defined. Many of the enumeration\'s values are self-explanatory. However, a few are not and are described here in more detail.
"Stressed" indicates that the element is functioning, but needs attention. Examples of "Stressed" states are overload, overheated, and so on.
"Predictive Failure" indicates that an element is functioning nominally but predicting a failure in the near future.
"In Service" describes an element being configured, maintained, cleaned, or otherwise administered.
"No Contact" indicates that the monitoring system has knowledge of this element, but has never been able to establish communications with it.
"Lost Communication" indicates that the ManagedSystem Element is known to exist and has been contacted successfully in the past, but is currently unreachable.
"Stopped" and "Aborted" are similar, although the former implies a clean and orderly stop, while the latter implies an abrupt stop where the state and configuration of the element might need to be updated.
"Dormant" indicates that the element is inactive or quiesced.
"Supporting Entity in Error" indicates that this element might be "OK" but that another element, on which it is dependent, is in error. An example is a network service or endpoint that cannot function due to lower-layer networking problems.
"Completed" indicates that the element has completed its operation. This value should be combined with either OK, Error, or Degraded so that a client can tell if the complete operation Completed with OK (passed), Completed with Error (failed), or Completed with Degraded (the operation finished, but it did not complete OK or did not report an error).
"Power Mode" indicates that the element has additional power model information contained in the Associated PowerManagementService association.
OperationalStatus replaces the Status property on ManagedSystemElement to provide a consistent approach to enumerations, to address implementation needs for an array property, and to provide a migration path from today\'s environment to the future. This change was not made earlier because it required the deprecated qualifier. Due to the widespread use of the existing Status property in management applications, it is strongly recommended that providers or instrumentation provide both the Status and OperationalStatus properties. Further, the first value of OperationalStatus should contain the primary status for the element. When instrumented, Status (because it is single-valued) should also provide the primary status of the element.
10Unknown Unknown
11Other Other
12OK OK
13Degraded Degraded
14Stressed Stressed
15Predictive Failure Predictive Failure
16Error Error
17Non-Recoverable Error Non-Recoverable Error
18Starting Starting
19Stopping Stopping
20Stopped Stopped
21In Service In Service
22No Contact No Contact
23Lost Communication Lost Communication
24Aborted Aborted
25Dormant Dormant
26Supporting Entity in Error Supporting Entity in Error
27Completed Completed
28Power Mode Power Mode
29DMTF Reserved DMTF Reserved
30Vendor Reserved Vendor Reserved
31Strings describing the various OperationalStatus array values. For example, if "Stopping" is the value assigned to OperationalStatus, then this property may contain an explanation as to why an object is being stopped. Note that entries in this array are correlated with those at the same array index in OperationalStatus. Strings describing the various OperationalStatus array values. For example, if "Stopping" is the value assigned to OperationalStatus, then this property may contain an explanation as to why an object is being stopped. Note that entries in this array are correlated with those at the same array index in OperationalStatus.
32A string indicating the current status of the object. Various operational and non-operational statuses are defined. This property is deprecated in lieu of OperationalStatus, which includes the same semantics in its enumeration. This change is made for 3 reasons:
1) Status is more correctly defined as an array. This definition overcomes the limitation of describing status using a single value, when it is really a multi-valued property (for example, an element might be OK AND Stopped.
2) A MaxLen of 10 is too restrictive and leads to unclear enumerated values.
3) The change to a uint16 data type was discussed when CIM V2.0 was defined. However, existing V1.0 implementations used the string property and did not want to modify their code. Therefore, Status was grandfathered into the Schema. Use of the deprecated qualifier allows the maintenance of the existing property, but also permits an improved definition using OperationalStatus.
A string indicating the current status of the object. Various operational and non-operational statuses are defined. This property is deprecated in lieu of OperationalStatus, which includes the same semantics in its enumeration. This change is made for 3 reasons:
1) Status is more correctly defined as an array. This definition overcomes the limitation of describing status using a single value, when it is really a multi-valued property (for example, an element might be OK AND Stopped.
2) A MaxLen of 10 is too restrictive and leads to unclear enumerated values.
3) The change to a uint16 data type was discussed when CIM V2.0 was defined. However, existing V1.0 implementations used the string property and did not want to modify their code. Therefore, Status was grandfathered into the Schema. Use of the deprecated qualifier allows the maintenance of the existing property, but also permits an improved definition using OperationalStatus.
33Indicates the current health of the element. This attribute expresses the health of this element but not necessarily that of its subcomponents. The possible values are 0 to 30, where 5 means the element is entirely healthy and 30 means the element is completely non-functional. The following continuum is defined:
"Non-recoverable Error" (30) - The element has completely failed, and recovery is not possible. All functionality provided by this element has been lost.
"Critical Failure" (25) - The element is non-functional and recovery might not be possible.
"Major Failure" (20) - The element is failing. It is possible that some or all of the functionality of this component is degraded or not working.
"Minor Failure" (15) - All functionality is available but some might be degraded.
"Degraded/Warning" (10) - The element is in working order and all functionality is provided. However, the element is not working to the best of its abilities. For example, the element might not be operating at optimal performance or it might be reporting recoverable errors.
"OK" (5) - The element is fully functional and is operating within normal operational parameters and without error.
"Unknown" (0) - The implementation cannot report on HealthState at this time.
DMTF has reserved the unused portion of the continuum for additional HealthStates in the future.
Indicates the current health of the element. This attribute expresses the health of this element but not necessarily that of its subcomponents. The possible values are 0 to 30, where 5 means the element is entirely healthy and 30 means the element is completely non-functional. The following continuum is defined:
"Non-recoverable Error" (30) - The element has completely failed, and recovery is not possible. All functionality provided by this element has been lost.
"Critical Failure" (25) - The element is non-functional and recovery might not be possible.
"Major Failure" (20) - The element is failing. It is possible that some or all of the functionality of this component is degraded or not working.
"Minor Failure" (15) - All functionality is available but some might be degraded.
"Degraded/Warning" (10) - The element is in working order and all functionality is provided. However, the element is not working to the best of its abilities. For example, the element might not be operating at optimal performance or it might be reporting recoverable errors.
"OK" (5) - The element is fully functional and is operating within normal operational parameters and without error.
"Unknown" (0) - The implementation cannot report on HealthState at this time.
DMTF has reserved the unused portion of the continuum for additional HealthStates in the future.
34Degraded/Warning Degraded/Warning
35Minor failure Minor failure
36Major failure Major failure
37Critical failure Critical failure
38Non-recoverable error Non-recoverable error
39CommunicationStatus indicates the ability of the instrumentation to communicate with the underlying ManagedElement. CommunicationStatus consists of one of the following values: Unknown, None, Communication OK, Lost Communication, or No Contact.
A Null return indicates the implementation (provider) does not implement this property.
"Unknown" indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
"Not Available" indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
"Communication OK " indicates communication is established with the element, but does not convey any quality of service.
"No Contact" indicates that the monitoring system has knowledge of this element, but has never been able to establish communications with it.
"Lost Communication" indicates that the Managed Element is known to exist and has been contacted successfully in the past, but is currently unreachable.
CommunicationStatus indicates the ability of the instrumentation to communicate with the underlying ManagedElement. CommunicationStatus consists of one of the following values: Unknown, None, Communication OK, Lost Communication, or No Contact.
A Null return indicates the implementation (provider) does not implement this property.
"Unknown" indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
"Not Available" indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
"Communication OK " indicates communication is established with the element, but does not convey any quality of service.
"No Contact" indicates that the monitoring system has knowledge of this element, but has never been able to establish communications with it.
"Lost Communication" indicates that the Managed Element is known to exist and has been contacted successfully in the past, but is currently unreachable.
40Not Available Not Available
41Communication OK Communication OK
42DetailedStatus compliments PrimaryStatus with additional status detail. It consists of one of the following values: Not Available, No Additional Information, Stressed, Predictive Failure, Error, Non-Recoverable Error, SupportingEntityInError. Detailed status is used to expand upon the PrimaryStatus of the element.
A Null return indicates the implementation (provider) does not implement this property.
"Not Available" indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
"No Additional Information" indicates that the element is functioning normally as indicated by PrimaryStatus = "OK".
"Stressed" indicates that the element is functioning, but needs attention. Examples of "Stressed" states are overload, overheated, and so on.
"Predictive Failure" indicates that an element is functioning normally but a failure is predicted in the near future.
"Non-Recoverable Error " indicates that this element is in an error condition that requires human intervention.
"Supporting Entity in Error" indicates that this element might be "OK" but that another element, on which it is dependent, is in error. An example is a network service or endpoint that cannot function due to lower-layer networking problems.
DetailedStatus compliments PrimaryStatus with additional status detail. It consists of one of the following values: Not Available, No Additional Information, Stressed, Predictive Failure, Error, Non-Recoverable Error, SupportingEntityInError. Detailed status is used to expand upon the PrimaryStatus of the element.
A Null return indicates the implementation (provider) does not implement this property.
"Not Available" indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
"No Additional Information" indicates that the element is functioning normally as indicated by PrimaryStatus = "OK".
"Stressed" indicates that the element is functioning, but needs attention. Examples of "Stressed" states are overload, overheated, and so on.
"Predictive Failure" indicates that an element is functioning normally but a failure is predicted in the near future.
"Non-Recoverable Error " indicates that this element is in an error condition that requires human intervention.
"Supporting Entity in Error" indicates that this element might be "OK" but that another element, on which it is dependent, is in error. An example is a network service or endpoint that cannot function due to lower-layer networking problems.
43No Additional Information No Additional Information
44OperatingStatus provides a current status value for the operational condition of the element and can be used for providing more detail with respect to the value of EnabledState. It can also provide the transitional states when an element is transitioning from one state to another, such as when an element is transitioning between EnabledState and RequestedState, as well as other transitional conditions.
OperatingStatus consists of one of the following values: Unknown, Not Available, In Service, Starting, Stopping, Stopped, Aborted, Dormant, Completed, Migrating, Emmigrating, Immigrating, Snapshotting. Shutting Down, In Test
A Null return indicates the implementation (provider) does not implement this property.
"Unknown" indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
"None" indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
"Servicing" describes an element being configured, maintained, cleaned, or otherwise administered.
"Starting" describes an element being initialized.
"Stopping" describes an element being brought to an orderly stop.
"Stopped" and "Aborted" are similar, although the former implies a clean and orderly stop, while the latter implies an abrupt stop where the state and configuration of the element might need to be updated.
"Dormant" indicates that the element is inactive or quiesced.
"Completed" indicates that the element has completed its operation. This value should be combined with either OK, Error, or Degraded in the PrimaryStatus so that a client can tell if the complete operation Completed with OK (passed), Completed with Error (failed), or Completed with Degraded (the operation finished, but it did not complete OK or did not report an error).
"Migrating" element is being moved between host elements.
"Immigrating" element is being moved to new host element.
"Emigrating" element is being moved away from host element.
"Shutting Down" describes an element being brought to an abrupt stop.
"In Test" element is performing test functions.
"Transitioning" describes an element that is between states, that is, it is not fully available in either its previous state or its next state. This value should be used if other values indicating a transition to a specific state are not applicable.
"In Service" describes an element that is in service and operational.
OperatingStatus provides a current status value for the operational condition of the element and can be used for providing more detail with respect to the value of EnabledState. It can also provide the transitional states when an element is transitioning from one state to another, such as when an element is transitioning between EnabledState and RequestedState, as well as other transitional conditions.
OperatingStatus consists of one of the following values: Unknown, Not Available, In Service, Starting, Stopping, Stopped, Aborted, Dormant, Completed, Migrating, Emmigrating, Immigrating, Snapshotting. Shutting Down, In Test
A Null return indicates the implementation (provider) does not implement this property.
"Unknown" indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
"None" indicates that the implementation (provider) is capable of returning a value for this property, but not ever for this particular piece of hardware/software or the property is intentionally not used because it adds no meaningful information (as in the case of a property that is intended to add additional info to another property).
"Servicing" describes an element being configured, maintained, cleaned, or otherwise administered.
"Starting" describes an element being initialized.
"Stopping" describes an element being brought to an orderly stop.
"Stopped" and "Aborted" are similar, although the former implies a clean and orderly stop, while the latter implies an abrupt stop where the state and configuration of the element might need to be updated.
"Dormant" indicates that the element is inactive or quiesced.
"Completed" indicates that the element has completed its operation. This value should be combined with either OK, Error, or Degraded in the PrimaryStatus so that a client can tell if the complete operation Completed with OK (passed), Completed with Error (failed), or Completed with Degraded (the operation finished, but it did not complete OK or did not report an error).
"Migrating" element is being moved between host elements.
"Immigrating" element is being moved to new host element.
"Emigrating" element is being moved away from host element.
"Shutting Down" describes an element being brought to an abrupt stop.
"In Test" element is performing test functions.
"Transitioning" describes an element that is between states, that is, it is not fully available in either its previous state or its next state. This value should be used if other values indicating a transition to a specific state are not applicable.
"In Service" describes an element that is in service and operational.
45Servicing Servicing
46Migrating Migrating
47Emigrating Emigrating
48Immigrating Immigrating
49Snapshotting Snapshotting
50Shutting Down Shutting Down
51In Test In Test
52Transitioning Transitioning
53PrimaryStatus provides a high level status value, intended to align with Red-Yellow-Green type representation of status. It should be used in conjunction with DetailedStatus to provide high level and detailed health status of the ManagedElement and its subcomponents.
PrimaryStatus consists of one of the following values: Unknown, OK, Degraded or Error. "Unknown" indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
"OK" indicates the ManagedElement is functioning normally.
"Degraded" indicates the ManagedElement is functioning below normal.
"Error" indicates the ManagedElement is in an Error condition.
PrimaryStatus provides a high level status value, intended to align with Red-Yellow-Green type representation of status. It should be used in conjunction with DetailedStatus to provide high level and detailed health status of the ManagedElement and its subcomponents.
PrimaryStatus consists of one of the following values: Unknown, OK, Degraded or Error. "Unknown" indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
"OK" indicates the ManagedElement is functioning normally.
"Degraded" indicates the ManagedElement is functioning below normal.
"Error" indicates the ManagedElement is in an Error condition.
54CIM_ManagedSystemElement is the base class for the System Element hierarchy. Any distinguishable component of a System is a candidate for inclusion in this class. Examples of system components include:
- software components such as application servers, databases, and applications
- operating system components such as files, processes, and threads
- device components such as disk drives, controllers, processors, and printers
- physical components such as chips and cards.
CIM_ManagedSystemElement is the base class for the System Element hierarchy. Any distinguishable component of a System is a candidate for inclusion in this class. Examples of system components include:
- software components such as application servers, databases, and applications
- operating system components such as files, processes, and threads
- device components such as disk drives, controllers, processors, and printers
- physical components such as chips and cards.
552.22.0 2.22.0
56CIM_LogicalElement is a base class for all the components of a System that represent abstract system components, such as Files, Processes, or LogicalDevices. CIM_LogicalElement is a base class for all the components of a System that represent abstract system components, such as Files, Processes, or LogicalDevices.
572.6.0 2.6.0
58The Name property defines the label by which the Filter Entry is known and uniquely identified. The Name property defines the label by which the Filter Entry is known and uniquely identified.
59The scoping ComputerSystem\'s CreationClassName. The scoping ComputerSystem\'s CreationClassName.
60The scoping ComputerSystem\'s Name. The scoping ComputerSystem\'s Name.
61CreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified. CreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.
62Boolean indicating that the match condition described in the properties of the FilterEntryBase subclass should be negated. This property is defined for ease of use when filtering on simple negations - for example, to select all source ports except 162. It is not recommended that this Boolean be set to True when filtering on multiple criteria, such as defining an IPHeadersFilter based on source/destination addresses, ports, and DiffServ Code Points. Boolean indicating that the match condition described in the properties of the FilterEntryBase subclass should be negated. This property is defined for ease of use when filtering on simple negations - for example, to select all source ports except 162. It is not recommended that this Boolean be set to True when filtering on multiple criteria, such as defining an IPHeadersFilter based on source/destination addresses, ports, and DiffServ Code Points.
63A FilterList aggregates instances of (subclasses of) FilterEntryBase via the aggregation EntriesInFilterList. The filter entries are always ANDed together when grouped by the FilterList. Note that it is possible to aggregate different types of filters into a single FilterList - for example, packet header filters (represented by the IpHeadersFilter class) and IPsec security filters.

A FilterList is weak to the network device (e.g., the ComputerSystem) that contains it. Hence, the ComputerSystem keys are propagated to this class.
A FilterList aggregates instances of (subclasses of) FilterEntryBase via the aggregation EntriesInFilterList. The filter entries are always ANDed together when grouped by the FilterList. Note that it is possible to aggregate different types of filters into a single FilterList - for example, packet header filters (represented by the IpHeadersFilter class) and IPsec security filters.

A FilterList is weak to the network device (e.g., the ComputerSystem) that contains it. Hence, the ComputerSystem keys are propagated to this class.
642.7.0 2.7.0
65A string that uniquely identifies this instance within the PolicyStore. A string that uniquely identifies this instance within the PolicyStore.
66Used in CimInstance.ToString(). A short string for describing this instance when debugging. Used in CimInstance.ToString(). A short string for describing this instance when debugging.
67This field is ignored. This field is ignored.
68Reserved for internal use by the WMI provider only. Reserved for internal use by the WMI provider only.
69An array of addresses, subnets, ranges, or some of the following tokens: Any, LocalSubnet, DefaultGateway, DHCP, WINS, DNS, Internet, Intranet, IntranetRemoteAccess, PlayToTargets. The 'Any' keyword may only be used by itself. An array of addresses, subnets, ranges, or some of the following tokens: Any, LocalSubnet, DefaultGateway, DHCP, WINS, DNS, Internet, Intranet, IntranetRemoteAccess, PlayToTargets. The 'Any' keyword may only be used by itself.
70Determines whether the the address is considered intranet or Internet. Determines whether the the address is considered intranet or Internet.
71An AddressFilter matches based on the local or remote address of the traffic. An AddressFilter matches based on the local or remote address of the traffic.
72Path and filename of the executable whose traffic to filter. Path and filename of the executable whose traffic to filter.
73The application package this rule applies to, given as a SID. The application package this rule applies to, given as a SID.
74Filters traffic based on which local application is sending or receiving the traffic. Filters traffic based on which local application is sending or receiving the traffic.
75A user-friendly name of this policy-related object. A user-friendly name of this policy-related object.
76An array of keywords for characterizing / categorizing policy objects. Keywords are of one of two types:
- Keywords defined in this and other MOFs, or in DMTF white papers. These keywords provide a vendor- independent, installation-independent way of characterizing policy objects.
- Installation-dependent keywords for characterizing policy objects. Examples include \'Engineering\', \'Billing\', and \'Review in December 2000\'.
This MOF defines the following keywords: \'UNKNOWN\', \'CONFIGURATION\', \'USAGE\', \'SECURITY\', \'SERVICE\', \'MOTIVATIONAL\', \'INSTALLATION\', and \'EVENT\'. These concepts are self-explanatory and are further discussed in the SLA/Policy White Paper. One additional keyword is defined: \'POLICY\'. The role of this keyword is to identify policy-related instances that may not be otherwise identifiable, in some implementations. The keyword \'POLICY\' is NOT mutually exclusive of the other keywords specified above.
An array of keywords for characterizing / categorizing policy objects. Keywords are of one of two types:
- Keywords defined in this and other MOFs, or in DMTF white papers. These keywords provide a vendor- independent, installation-independent way of characterizing policy objects.
- Installation-dependent keywords for characterizing policy objects. Examples include \'Engineering\', \'Billing\', and \'Review in December 2000\'.
This MOF defines the following keywords: \'UNKNOWN\', \'CONFIGURATION\', \'USAGE\', \'SECURITY\', \'SERVICE\', \'MOTIVATIONAL\', \'INSTALLATION\', and \'EVENT\'. These concepts are self-explanatory and are further discussed in the SLA/Policy White Paper. One additional keyword is defined: \'POLICY\'. The role of this keyword is to identify policy-related instances that may not be otherwise identifiable, in some implementations. The keyword \'POLICY\' is NOT mutually exclusive of the other keywords specified above.
77An abstract class defining the common properties of the policy managed elements derived from CIM_Policy. The subclasses are used to create rules and groups of rules that work together to form a coherent set of policies within an administrative domain or set of domains. An abstract class defining the common properties of the policy managed elements derived from CIM_Policy. The subclasses are used to create rules and groups of rules that work together to form a coherent set of policies within an administrative domain or set of domains.
78PolicyDecisionStrategy defines the evaluation method used for policies contained in the PolicySet. There are two values currently defined:
- \'First Matching\' (1) executes the actions of the first rule whose conditions evaluate to TRUE. The concept of \'first\' is determined by examining the priority of the rule within the policy set (i.e., by examining the property, PolicySetComponent.Priority). Note that this ordering property MUST be maintained when processing the PolicyDecisionStrategy.
- \'All\' (2) executes the actions of ALL rules whose conditions evaluate to TRUE, in the set. As noted above, the order of processing of the rules is defined by the property, PolicySetComponent.Priority (and within a rule, the ordering of the actions is defined by the property, PolicyActionStructure.ActionOrder). Note that when this strategy is defined, processing MUST be completed of ALL rules whose conditions evaluate to TRUE, regardless of errors in the execution of the rule actions.
PolicyDecisionStrategy defines the evaluation method used for policies contained in the PolicySet. There are two values currently defined:
- \'First Matching\' (1) executes the actions of the first rule whose conditions evaluate to TRUE. The concept of \'first\' is determined by examining the priority of the rule within the policy set (i.e., by examining the property, PolicySetComponent.Priority). Note that this ordering property MUST be maintained when processing the PolicyDecisionStrategy.
- \'All\' (2) executes the actions of ALL rules whose conditions evaluate to TRUE, in the set. As noted above, the order of processing of the rules is defined by the property, PolicySetComponent.Priority (and within a rule, the ordering of the actions is defined by the property, PolicyActionStructure.ActionOrder). Note that when this strategy is defined, processing MUST be completed of ALL rules whose conditions evaluate to TRUE, regardless of errors in the execution of the rule actions.
79First Matching First Matching
80All All
81The PolicyRoles property represents the roles associated with a PolicySet. All contained PolicySet instances inherit the values of the PolicyRoles of the aggregating PolicySet but the values are not copied. A contained PolicySet instance may, however, add additional PolicyRoles to those it inherits from its aggregating PolicySet(s). Each value in PolicyRoles multi-valued property represents a role for which the PolicySet applies, i.e., the PolicySet should be used by any enforcement point that assumes any of the listed PolicyRoles values.

Although not officially designated as \'role combinations\', multiple roles may be specified using the form:
[&&]*
where the individual role names appear in alphabetical order (according to the collating sequence for UCS-2). Implementations may treat PolicyRoles values that are specified as \'role combinations\' as simple strings.

This property is deprecated in lieu of the use of an association, CIM_PolicySetInRoleCollection. The latter is a more explicit and less error-prone approach to modeling that a PolicySet has one or more PolicyRoles.
The PolicyRoles property represents the roles associated with a PolicySet. All contained PolicySet instances inherit the values of the PolicyRoles of the aggregating PolicySet but the values are not copied. A contained PolicySet instance may, however, add additional PolicyRoles to those it inherits from its aggregating PolicySet(s). Each value in PolicyRoles multi-valued property represents a role for which the PolicySet applies, i.e., the PolicySet should be used by any enforcement point that assumes any of the listed PolicyRoles values.

Although not officially designated as \'role combinations\', multiple roles may be specified using the form:
[&&]*
where the individual role names appear in alphabetical order (according to the collating sequence for UCS-2). Implementations may treat PolicyRoles values that are specified as \'role combinations\' as simple strings.

This property is deprecated in lieu of the use of an association, CIM_PolicySetInRoleCollection. The latter is a more explicit and less error-prone approach to modeling that a PolicySet has one or more PolicyRoles.
82Indicates whether this PolicySet is administratively enabled, administratively disabled, or enabled for debug. The "EnabledForDebug" property value is deprecated and, when it or any value not understood by the receiver is specified, the receiving enforcement point treats the PolicySet as "Disabled". To determine if a PolicySet is "Enabled", the containment hierarchy specified by the PolicySetComponent aggregation is examined and the Enabled property values of the hierarchy are ANDed together. Thus, for example, everything aggregated by a PolicyGroup may be disabled by setting the Enabled property in the PolicyGroup instance to "Disabled" without changing the Enabled property values of any of the aggregated instances. The default value is 1 ("Enabled"). Indicates whether this PolicySet is administratively enabled, administratively disabled, or enabled for debug. The "EnabledForDebug" property value is deprecated and, when it or any value not understood by the receiver is specified, the receiving enforcement point treats the PolicySet as "Disabled". To determine if a PolicySet is "Enabled", the containment hierarchy specified by the PolicySetComponent aggregation is examined and the Enabled property values of the hierarchy are ANDed together. Thus, for example, everything aggregated by a PolicyGroup may be disabled by setting the Enabled property in the PolicyGroup instance to "Disabled" without changing the Enabled property values of any of the aggregated instances. The default value is 1 ("Enabled").
83Enabled Enabled
84Disabled Disabled
85Enabled For Debug Enabled For Debug
86PolicySet is an abstract class that represents a set of policies that form a coherent set. The set of contained policies has a common decision strategy and a common set of policy roles (defined via the PolicySetInRole Collection association). Subclasses include PolicyGroup and PolicyRule. PolicySet is an abstract class that represents a set of policies that form a coherent set. The set of contained policies has a common decision strategy and a common set of policy roles (defined via the PolicySetInRole Collection association). Subclasses include PolicyGroup and PolicyRule.
872.8.0 2.8.0
88The scoping System\'s CreationClassName. The scoping System\'s CreationClassName.
89The scoping System\'s Name. The scoping System\'s Name.
90A user-friendly name of this PolicyRule. A user-friendly name of this PolicyRule.
91Indicates whether the list of PolicyConditions associated with this PolicyRule is in disjunctive normal form (DNF), conjunctive normal form (CNF), or has no conditions (i.e., is an UnconditionalRule) and is automatically evaluated to "True." The default value is 1 ("DNF"). Indicates whether the list of PolicyConditions associated with this PolicyRule is in disjunctive normal form (DNF), conjunctive normal form (CNF), or has no conditions (i.e., is an UnconditionalRule) and is automatically evaluated to "True." The default value is 1 ("DNF").
92Unconditional Rule Unconditional Rule
93DNF DNF
94CNF CNF
95A free-form string that can be used to provide guidelines on how this PolicyRule should be used. A free-form string that can be used to provide guidelines on how this PolicyRule should be used.
96PolicyRule.Priority is deprecated and replaced by providing the priority for a rule (and a group) in the context of the aggregating PolicySet instead of the priority being used for all aggregating PolicySet instances. Thus, the assignment of priority values is much simpler.

A non-negative integer for prioritizing this Policy Rule relative to other Rules. A larger value indicates a higher priority. The default value is 0.
PolicyRule.Priority is deprecated and replaced by providing the priority for a rule (and a group) in the context of the aggregating PolicySet instead of the priority being used for all aggregating PolicySet instances. Thus, the assignment of priority values is much simpler.

A non-negative integer for prioritizing this Policy Rule relative to other Rules. A larger value indicates a higher priority. The default value is 0.
97A flag indicating that the evaluation of the Policy Conditions and execution of PolicyActions (if the Conditions evaluate to TRUE) is required. The evaluation of a PolicyRule MUST be attempted if the Mandatory property value is TRUE. If the Mandatory property is FALSE, then the evaluation of the Rule is \'best effort\' and MAY be ignored. A flag indicating that the evaluation of the Policy Conditions and execution of PolicyActions (if the Conditions evaluate to TRUE) is required. The evaluation of a PolicyRule MUST be attempted if the Mandatory property value is TRUE. If the Mandatory property is FALSE, then the evaluation of the Rule is \'best effort\' and MAY be ignored.
98This property gives a policy administrator a way of specifying how the ordering of the PolicyActions associated with this PolicyRule is to be interpreted. Three values are supported:
o mandatory(1): Do the actions in the indicated order, or don\'t do them at all.
o recommended(2): Do the actions in the indicated order if you can, but if you can\'t do them in this order, do them in another order if you can.
o dontCare(3): Do them -- I don\'t care about the order.
The default value is 3 ("DontCare").
This property gives a policy administrator a way of specifying how the ordering of the PolicyActions associated with this PolicyRule is to be interpreted. Three values are supported:
o mandatory(1): Do the actions in the indicated order, or don\'t do them at all.
o recommended(2): Do the actions in the indicated order if you can, but if you can\'t do them in this order, do them in another order if you can.
o dontCare(3): Do them -- I don\'t care about the order.
The default value is 3 ("DontCare").
99Mandatory Mandatory
100Recommended Recommended
101Dont Care Dont Care
102ExecutionStrategy defines the strategy to be used in executing the sequenced actions aggregated by this PolicyRule. There are three execution strategies:

Do Until Success - execute actions according to predefined order, until successful execution of a single action.
Do All - execute ALL actions which are part of the modeled set, according to their predefined order. Continue doing this, even if one or more of the actions fails.
Do Until Failure - execute actions according to predefined order, until the first failure in execution of an action instance.
ExecutionStrategy defines the strategy to be used in executing the sequenced actions aggregated by this PolicyRule. There are three execution strategies:

Do Until Success - execute actions according to predefined order, until successful execution of a single action.
Do All - execute ALL actions which are part of the modeled set, according to their predefined order. Continue doing this, even if one or more of the actions fails.
Do Until Failure - execute actions according to predefined order, until the first failure in execution of an action instance.
103Do Until Success Do Until Success
104Do All Do All
105Do Until Failure Do Until Failure
106The central class used for representing the \'If Condition then Action\' semantics of a policy rule. A PolicyRule condition, in the most general sense, is represented as either an ORed set of ANDed conditions (Disjunctive Normal Form, or DNF) or an ANDed set of ORed conditions (Conjunctive Normal Form, or CNF). Individual conditions may either be negated (NOT C) or unnegated (C). The actions specified by a PolicyRule are to be performed if and only if the PolicyRule condition (whether it is represented in DNF or CNF) evaluates to TRUE.

The conditions and actions associated with a PolicyRule are modeled, respectively, with subclasses of PolicyCondition and PolicyAction. These condition and action objects are tied to instances of PolicyRule by the PolicyConditionInPolicyRule and PolicyActionInPolicyRule aggregations.

A PolicyRule may also be associated with one or more policy time periods, indicating the schedule according to which the policy rule is active and inactive. In this case it is the PolicySetValidityPeriod aggregation that provides this linkage.

The PolicyRule class uses the property ConditionListType, to indicate whether the conditions for the rule are in DNF (disjunctive normal form), CNF (conjunctive normal form) or, in the case of a rule with no conditions, as an UnconditionalRule. The PolicyConditionInPolicyRule aggregation contains two additional properties to complete the representation of the Rule\'s conditional expression. The first of these properties is an integer to partition the referenced PolicyConditions into one or more groups, and the second is a Boolean to indicate whether a referenced Condition is negated. An example shows how ConditionListType and these two additional properties provide a unique representation of a set of PolicyConditions in either DNF or CNF.

Suppose we have a PolicyRule that aggregates five PolicyConditions C1 through C5, with the following values in the properties of the five PolicyConditionInPolicyRule associations:
C1: GroupNumber = 1, ConditionNegated = FALSE
C2: GroupNumber = 1, ConditionNegated = TRUE
C3: GroupNumber = 1, ConditionNegated = FALSE
C4: GroupNumber = 2, ConditionNegated = FALSE
C5: GroupNumber = 2, ConditionNegated = FALSE

If ConditionListType = DNF, then the overall condition for the PolicyRule is:
(C1 AND (NOT C2) AND C3) OR (C4 AND C5)

On the other hand, if ConditionListType = CNF, then the overall condition for the PolicyRule is:
(C1 OR (NOT C2) OR C3) AND (C4 OR C5)

In both cases, there is an unambiguous specification of the overall condition that is tested to determine whether to perform the PolicyActions associated with the PolicyRule.

PolicyRule instances may also be used to aggregate other PolicyRules and/or PolicyGroups. When used in this way to implement nested rules, the conditions of the aggregating rule apply to the subordinate rules as well. However, any side effects of condition evaluation or the execution of actions MUST NOT affect the result of the evaluation of other conditions evaluated by the rule engine in the same evaluation pass. That is, an implementation of a rule engine MAY evaluate all conditions in any order before applying the priority and determining which actions are to be executed.
The central class used for representing the \'If Condition then Action\' semantics of a policy rule. A PolicyRule condition, in the most general sense, is represented as either an ORed set of ANDed conditions (Disjunctive Normal Form, or DNF) or an ANDed set of ORed conditions (Conjunctive Normal Form, or CNF). Individual conditions may either be negated (NOT C) or unnegated (C). The actions specified by a PolicyRule are to be performed if and only if the PolicyRule condition (whether it is represented in DNF or CNF) evaluates to TRUE.

The conditions and actions associated with a PolicyRule are modeled, respectively, with subclasses of PolicyCondition and PolicyAction. These condition and action objects are tied to instances of PolicyRule by the PolicyConditionInPolicyRule and PolicyActionInPolicyRule aggregations.

A PolicyRule may also be associated with one or more policy time periods, indicating the schedule according to which the policy rule is active and inactive. In this case it is the PolicySetValidityPeriod aggregation that provides this linkage.

The PolicyRule class uses the property ConditionListType, to indicate whether the conditions for the rule are in DNF (disjunctive normal form), CNF (conjunctive normal form) or, in the case of a rule with no conditions, as an UnconditionalRule. The PolicyConditionInPolicyRule aggregation contains two additional properties to complete the representation of the Rule\'s conditional expression. The first of these properties is an integer to partition the referenced PolicyConditions into one or more groups, and the second is a Boolean to indicate whether a referenced Condition is negated. An example shows how ConditionListType and these two additional properties provide a unique representation of a set of PolicyConditions in either DNF or CNF.

Suppose we have a PolicyRule that aggregates five PolicyConditions C1 through C5, with the following values in the properties of the five PolicyConditionInPolicyRule associations:
C1: GroupNumber = 1, ConditionNegated = FALSE
C2: GroupNumber = 1, ConditionNegated = TRUE
C3: GroupNumber = 1, ConditionNegated = FALSE
C4: GroupNumber = 2, ConditionNegated = FALSE
C5: GroupNumber = 2, ConditionNegated = FALSE

If ConditionListType = DNF, then the overall condition for the PolicyRule is:
(C1 AND (NOT C2) AND C3) OR (C4 AND C5)

On the other hand, if ConditionListType = CNF, then the overall condition for the PolicyRule is:
(C1 OR (NOT C2) OR C3) AND (C4 OR C5)

In both cases, there is an unambiguous specification of the overall condition that is tested to determine whether to perform the PolicyActions associated with the PolicyRule.

PolicyRule instances may also be used to aggregate other PolicyRules and/or PolicyGroups. When used in this way to implement nested rules, the conditions of the aggregating rule apply to the subordinate rules as well. However, any side effects of condition evaluation or the execution of actions MUST NOT affect the result of the evaluation of other conditions evaluated by the rule engine in the same evaluation pass. That is, an implementation of a rule engine MAY evaluate all conditions in any order before applying the priority and determining which actions are to be executed.
107LimitNegotiation is used as part of processing either a key exchange or IPsec Rule. Before proceeding with either a phase 1 or a phase 2 negotiation, this property is checked to determine if the negotiation role of the Rule matches that defined for the negotiation being undertaken (e.g., Initiator, Responder, or Both). If this check fails, then the negotiation is stopped. Note that this only applies to new negotiations and has no effect on either renegotiation or refresh operations with peers for which an established Security Association already exists. LimitNegotiation is used as part of processing either a key exchange or IPsec Rule. Before proceeding with either a phase 1 or a phase 2 negotiation, this property is checked to determine if the negotiation role of the Rule matches that defined for the negotiation being undertaken (e.g., Initiator, Responder, or Both). If this check fails, then the negotiation is stopped. Note that this only applies to new negotiations and has no effect on either renegotiation or refresh operations with peers for which an established Security Association already exists.
108Initiator-Only Initiator-Only
109Responder-Only Responder-Only
110Either Either
111SARule is a base class for defining IKE and IPsec Rules. Although concrete (because it subclasses from a concrete class), it is not intended to be instantiated. It defines a common connection point for associating conditions and actions for both types of rules. Note that each valid PolicyGroup containing SARules MUST use a unique priority number for the Rule in the aggregation, PolicySetComponent.Priority. SARule is a base class for defining IKE and IPsec Rules. Although concrete (because it subclasses from a concrete class), it is not intended to be instantiated. It defines a common connection point for associating conditions and actions for both types of rules. Note that each valid PolicyGroup containing SARules MUST use a unique priority number for the Rule in the aggregation, PolicySetComponent.Priority.
112Specifies which platforms the rule is applicable on. If null, the rule applies to all platforms (the default). Each entry takes the form Major.Minor+, for instance 6.0, 6.1+, or 6.2. If + is specified, then it means that the rule applies to that version or greater. For instance, Windows Vista could be represented as 6 or 6.0, and Windows 7 or later would be represented as 6.1+. + may only be attached to the final item in the list. 6.0+ is not valid because it means the same thing as null (all platforms). Specifies which platforms the rule is applicable on. If null, the rule applies to all platforms (the default). Each entry takes the form Major.Minor+, for instance 6.0, 6.1+, or 6.2. If + is specified, then it means that the rule applies to that version or greater. For instance, Windows Vista could be represented as 6 or 6.0, and Windows 7 or later would be represented as 6.1+. + may only be attached to the final item in the list. 6.0+ is not valid because it means the same thing as null (all platforms).
113The locale-independent name for the group that this rule belongs to. If this field is non-null, then Windows Firewall with Advanced Security assumes that this rule belongs to a Windows component or an installed application, and some parts of the rule are protected (including but not limited to the Name, Description, Program, and Service). The locale-independent name for the group that this rule belongs to. If this field is non-null, then Windows Firewall with Advanced Security assumes that this rule belongs to a Windows component or an installed application, and some parts of the rule are protected (including but not limited to the Name, Description, Program, and Service).
114The localized name of this rule. This field's value is based on the value of ElementName. Changes to this field are ignored. The localized name of this rule. This field's value is based on the value of ElementName. Changes to this field are ignored.
115The group that this rule belongs to. This field is based on the value of RuleGroup and changes to this field are ignored. The group that this rule belongs to. This field is based on the value of RuleGroup and changes to this field are ignored.
116Which profiles this rule is active on. Which profiles this rule is active on.
117Any Any
118Public Public
119Private Private
120Domain Domain
121The InstanceID of the MainModeCryptoSet to use for Main Mode. The InstanceID of the MainModeCryptoSet to use for Main Mode.
122The InstanceID of the QuickModeCryptoSet to use for Quick Mode. The InstanceID of the QuickModeCryptoSet to use for Quick Mode.
123The InstanceID of the Phase1AuthenticationSet to use for Phase 1 auth. The InstanceID of the Phase1AuthenticationSet to use for Phase 1 auth.
124The InstanceID of the Phase2AuthenticationSet to use for Phase 2 auth. The InstanceID of the Phase2AuthenticationSet to use for Phase 2 auth.
125PrimaryStatus provides a high level status value, intended to align with Red-Yellow-Green type representation of status. It should be used in conjunction with DetailedStatus to provide high level and detailed health status of the ManagedElement and its subcomponents.
PrimaryStatus consists of one of the following values: Unknown, OK, Degraded or Error. "Unknown" indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
"OK" indicates the ManagedElement is functioning normally.
"Degraded" indicates the ManagedElement is functioning below normal.
"Error" indicates the ManagedElement is in an Error condition.
PrimaryStatus provides a high level status value, intended to align with Red-Yellow-Green type representation of status. It should be used in conjunction with DetailedStatus to provide high level and detailed health status of the ManagedElement and its subcomponents.
PrimaryStatus consists of one of the following values: Unknown, OK, Degraded or Error. "Unknown" indicates the implementation is in general capable of returning this property, but is unable to do so at this time.
"OK" indicates the ManagedElement is functioning normally.
"Degraded" indicates the ManagedElement is functioning below normal.
"Error" indicates the ManagedElement is in an Error condition.
126The detailed status of the rule, as a numeric error code. The detailed status of the rule, as a numeric error code.
127The detailed status of the rule, as a string. The detailed status of the rule, as a string.
128If this object is retrieved from the ActiveStore, describes the current enforcement status of the rule. If this object is retrieved from the ActiveStore, describes the current enforcement status of the rule.
129Invalid Invalid
130Full Full
131FirewallOffInProfile FirewallOffInProfile
132CategoryOff CategoryOff
133DisabledObject DisabledObject
134InactiveProfile InactiveProfile
135LocalAddressResolutionEmpty LocalAddressResolutionEmpty
136RemoteAddressResolutionEmpty RemoteAddressResolutionEmpty
137LocalPortResolutionEmpty LocalPortResolutionEmpty
138RemotePortResolutionEmpty RemotePortResolutionEmpty
139InterfaceResolutionEmpty InterfaceResolutionEmpty
140ApplicationResolutionEmpty ApplicationResolutionEmpty
141RemoteMachineEmpty RemoteMachineEmpty
142RemoteUserEmpty RemoteUserEmpty
143LocalGlobalOpenPortsDisallowed LocalGlobalOpenPortsDisallowed
144LocalAuthorizedApplicationsDisallowed LocalAuthorizedApplicationsDisallowed
145LocalFirewallRulesDisallowed LocalFirewallRulesDisallowed
146LocalConsecRulesDisallowed LocalConsecRulesDisallowed
147NotTargetPlatform NotTargetPlatform
148OptimizedOut OptimizedOut
149LocalUserEmpty LocalUserEmpty
150TransportMachinesEmpty TransportMachinesEmpty
151TunnelMachinesEmpty TunnelMachinesEmpty
152TupleResolutionEmpty TupleResolutionEmpty
153If this object is retrieved from the ActiveStore, with the TracePolicyStoreSource option set, describes the type of PolicyStore where this rule originally came from. If this object is retrieved from the ActiveStore, with the TracePolicyStoreSource option set, describes the type of PolicyStore where this rule originally came from.
154If this object is retrieved from the ActiveStore, with the TracePolicyStoreSource option set, contains the path to the PolicyStore where this rule originally came from. If this object is retrieved from the ActiveStore, with the TracePolicyStoreSource option set, contains the path to the PolicyStore where this rule originally came from.
155Represents an IPsec Rule. Subtypes differentiate between Connection Security Rules (MSFT_NetConSecRule) and Main Mode Rules (MSFT_NetMainModeRule). Represents an IPsec Rule. Subtypes differentiate between Connection Security Rules (MSFT_NetConSecRule) and Main Mode Rules (MSFT_NetMainModeRule).
156Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm:
:
Where and are separated by a colon (:), and where must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the _ structure of Schema class names.) In addition, to ensure uniqueness, must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between and .
is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
For DMTF-defined instances, the "preferred" algorithm must be used with the set to CIM.
Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm:
:
Where and are separated by a colon (:), and where must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the _ structure of Schema class names.) In addition, to ensure uniqueness, must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between and .
is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
For DMTF-defined instances, the "preferred" algorithm must be used with the set to CIM.
157The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.) The user-friendly name for this instance of SettingData. In addition, the user-friendly name can be used as an index property for a search or query. (Note: The name does not have to be unique within a namespace.)
158CIM_SettingData is used to represent configuration and and operational parameters for CIM_ManagedElement instances. There are a number of different uses of CIM_SettingData supported in the model today. Additional uses may be defined in the future.
Instances of CIM_SettingData may represent Aspects of a CIM_ManagedElement instance. This is modeled using the CIM_SettingsDefineState association. CIM_SettingData may be used to define capabilities when associated to an instance of CIM_Capabilities through the CIM_SettingsDefineCapabilities association.
Instances of CIM_SettingData may represent different types of configurations for a CIM_ManagedElement, including persistent configurations, in progress configuration changes, or requested configurations. The CIM_ElementSettingData association is used to model the relationship between a CIM_SettingData instance and the CIM_ManagedElement for which it is a configuration.
When an instance of CIM_SettingData represents a configuration, the current operational values for the parameters of the element are reflected by properties in the Element itself or by properties in its associations. These properties do not have to be the same values that are present in the SettingData object. For example, a modem might have a SettingData baud rate of 56Kb/sec but be operating at 19.2Kb/sec.
Note: The CIM_SettingData class is very similar to CIM_Setting, yet both classes are present in the model because many implementations have successfully used CIM_Setting. However, issues have arisen that could not be resolved without defining a new class. Therefore, until a new major release occurs, both classes will exist in the model. Refer to the Core White Paper for additional information. SettingData instances can be aggregated together into higher- level SettingData objects using ConcreteComponent associations.
CIM_SettingData is used to represent configuration and and operational parameters for CIM_ManagedElement instances. There are a number of different uses of CIM_SettingData supported in the model today. Additional uses may be defined in the future.
Instances of CIM_SettingData may represent Aspects of a CIM_ManagedElement instance. This is modeled using the CIM_SettingsDefineState association. CIM_SettingData may be used to define capabilities when associated to an instance of CIM_Capabilities through the CIM_SettingsDefineCapabilities association.
Instances of CIM_SettingData may represent different types of configurations for a CIM_ManagedElement, including persistent configurations, in progress configuration changes, or requested configurations. The CIM_ElementSettingData association is used to model the relationship between a CIM_SettingData instance and the CIM_ManagedElement for which it is a configuration.
When an instance of CIM_SettingData represents a configuration, the current operational values for the parameters of the element are reflected by properties in the Element itself or by properties in its associations. These properties do not have to be the same values that are present in the SettingData object. For example, a modem might have a SettingData baud rate of 56Kb/sec but be operating at 19.2Kb/sec.
Note: The CIM_SettingData class is very similar to CIM_Setting, yet both classes are present in the model because many implementations have successfully used CIM_Setting. However, issues have arisen that could not be resolved without defining a new class. Therefore, until a new major release occurs, both classes will exist in the model. Refer to the Core White Paper for additional information. SettingData instances can be aggregated together into higher- level SettingData objects using ConcreteComponent associations.
159Reserved for internal use by the WMI provider only Reserved for internal use by the WMI provider only
160Action Action
161Add Add
162Delete Delete
163Array of V6 addresses Array of V6 addresses
164Array of V4 addresses Array of V4 addresses
165Policy Store Policy Store
166IPsec rule name IPsec rule name
167endpoint type endpoint type
168Endpoint1 Endpoint1
169Endpoint2 Endpoint2
170Array of names that failed name resolution Array of names that failed name resolution
171The DisplayName of the IPsec rule. The DisplayName of the IPsec rule.
172IPSec policy delta IPSec policy delta
173A brief description of the rule. May be an indirect string. If it is an indirect string, then it may not be overwritten. A brief description of the rule. May be an indirect string. If it is an indirect string, then it may not be overwritten.
174The locale-independent name of the rule. May be an indirect string. The locale-independent name of the rule. May be an indirect string.
175Indicates whether this rule is administratively enabled or disabled. Indicates whether this rule is administratively enabled or disabled.
176The IPsec Encapsulation Mode that should be used. The IPsec Encapsulation Mode that should be used.
177Transport Mode Transport Mode
178Tunnel Mode Tunnel Mode
179Whether to allow Trusted Intermediaries to set the key of SA's created by this rule. Whether to allow Trusted Intermediaries to set the key of SA's created by this rule.
180Whether to allow Trusted Intermediaries to be notified when the encryption keys for this SA change. Whether to allow Trusted Intermediaries to be notified when the encryption keys for this SA change.
181The maximum lifetime, in seconds, for SA's created by this rule across the forwarding path. The maximum lifetime, in seconds, for SA's created by this rule across the forwarding path.
182Determines how aggressively to enforce security on inbound traffic. Determines how aggressively to enforce security on inbound traffic.
183Never Never
184Request Request
185Require Require
186Determines how aggressively to enforce security on outbound traffic. Determines how aggressively to enforce security on outbound traffic.
187Which keying modules to use. Which keying modules to use.
188IKEv1 IKEv1
189IKEv2 IKEv2
190AuthIP AuthIP
191Require authorization for endpoints. The authorization list is part of the IPsec Globals. Require authorization for endpoints. The authorization list is part of the IPsec Globals.
192Authorized users for transport mode, specified as an SDDL string. Authorized users for transport mode, specified as an SDDL string.
193Authorized machines for transport mode, specified as an SDDL string. Authorized machines for transport mode, specified as an SDDL string.
194The local tunnel endpoint address. The local tunnel endpoint address.
195A Fully-Qualified Domain Name that resolves to a list of allowed Remote Endpoints. If present, the value in RemoteEndpoint will be used initially, but will be replaced with all the IP addresses that this name resolves to. A Fully-Qualified Domain Name that resolves to a list of allowed Remote Endpoints. If present, the value in RemoteEndpoint will be used initially, but will be replaced with all the IP addresses that this name resolves to.
196The remote tunnel endpoint(s). The remote tunnel endpoint(s).
197Allow traffic that is already encrypted to bypass the tunnel. Allow traffic that is already encrypted to bypass the tunnel.
198Synchronize IPsec policy Synchronize IPsec policy
199Servers Servers
200Domains Domains
201Endpoint type Endpoint type
202Types of addresses Types of addresses
203IPv4 IPv4
204IPv6 IPv6
205Servers to perform name resolution against Servers to perform name resolution against
206Delta collection Delta collection
207Apply IPsec policy deltas Apply IPsec policy deltas
208IPv6 Addresses IPv6 Addresses
209IPv4 Addresses IPv4 Addresses
210PassThru PassThru
211Output NetConSecRule Output NetConSecRule
212Enumerate all parts of all rules Enumerate all parts of all rules
213Finds the rules that will be used to secure the specified traffic. Finds the rules that will be used to secure the specified traffic.
214Enable this rule. Enable this rule.
215Disable this rule. Disable this rule.
216Rename this rule. Rename this rule.
217The new name for the rule. The new name for the rule.
218Copy this rule. Copy this rule.
219The new policy store for the rule. The new policy store for the rule.
220The new GPOSession for the rule. The new GPOSession for the rule.
221A Connection Security Rule. A Connection Security Rule.
222The parent element in the association. The parent element in the association.
223The child element in the association. The child element in the association.
224CIM_Component is a generic association used to establish \'part of\' relationships between Managed Elements. For example, it could be used to define the components or parts of a System. CIM_Component is a generic association used to establish \'part of\' relationships between Managed Elements. For example, it could be used to define the components or parts of a System.
225The parent Policy in the association. The parent Policy in the association.
226The child/part Policy in the association. The child/part Policy in the association.
227CIM_PolicyComponent is a generic association used to establish \'part of\' relationships between the subclasses of CIM_Policy. For example, the PolicyConditionInPolicyRule association defines that PolicyConditions are part of a PolicyRule. CIM_PolicyComponent is a generic association used to establish \'part of\' relationships between the subclasses of CIM_Policy. For example, the PolicyConditionInPolicyRule association defines that PolicyConditions are part of a PolicyRule.
228The name of the class or the subclass used in the creation of the System object in whose scope this PolicyAction is defined.

This property helps to identify the System object in whose scope this instance of PolicyAction exists. For a rule-specific PolicyAction, this is the System in whose context the PolicyRule is defined. For a reusable PolicyAction, this is the instance of PolicyRepository (which is a subclass of System) that holds the Action.

Note that this property, and the analogous property SystemName, do not represent propagated keys from an instance of the class System. Instead, they are properties defined in the context of this class, which repeat the values from the instance of System to which this PolicyAction is related, either directly via the PolicyActionInPolicyRepository association or indirectly via the PolicyActionInPolicyRule aggregation.
The name of the class or the subclass used in the creation of the System object in whose scope this PolicyAction is defined.

This property helps to identify the System object in whose scope this instance of PolicyAction exists. For a rule-specific PolicyAction, this is the System in whose context the PolicyRule is defined. For a reusable PolicyAction, this is the instance of PolicyRepository (which is a subclass of System) that holds the Action.

Note that this property, and the analogous property SystemName, do not represent propagated keys from an instance of the class System. Instead, they are properties defined in the context of this class, which repeat the values from the instance of System to which this PolicyAction is related, either directly via the PolicyActionInPolicyRepository association or indirectly via the PolicyActionInPolicyRule aggregation.
229The name of the System object in whose scope this PolicyAction is defined.

This property completes the identification of the System object in whose scope this instance of PolicyAction exists. For a rule-specific PolicyAction, this is the System in whose context the PolicyRule is defined. For a reusable PolicyAction, this is the instance of PolicyRepository (which is a subclass of System) that holds the Action.
The name of the System object in whose scope this PolicyAction is defined.

This property completes the identification of the System object in whose scope this instance of PolicyAction exists. For a rule-specific PolicyAction, this is the System in whose context the PolicyRule is defined. For a reusable PolicyAction, this is the instance of PolicyRepository (which is a subclass of System) that holds the Action.
230For a rule-specific PolicyAction, the CreationClassName of the PolicyRule object with which this Action is associated. For a reusable PolicyAction, a special value, \'NO RULE\', should be used to indicate that this Action is reusable and not associated with a single PolicyRule. For a rule-specific PolicyAction, the CreationClassName of the PolicyRule object with which this Action is associated. For a reusable PolicyAction, a special value, \'NO RULE\', should be used to indicate that this Action is reusable and not associated with a single PolicyRule.
231For a rule-specific PolicyAction, the name of the PolicyRule object with which this Action is associated. For a reusable PolicyAction, a special value, \'NO RULE\', should be used to indicate that this Action is reusable and not associated with a single PolicyRule. For a rule-specific PolicyAction, the name of the PolicyRule object with which this Action is associated. For a reusable PolicyAction, a special value, \'NO RULE\', should be used to indicate that this Action is reusable and not associated with a single PolicyRule.
232A user-friendly name of this PolicyAction. A user-friendly name of this PolicyAction.
233DoActionLogging causes a log message to be generated when the action is performed. DoActionLogging causes a log message to be generated when the action is performed.
234A class representing a rule-specific or reusable policy action to be performed if the PolicyConditions for a Policy Rule evaluate to TRUE. Since all operational details of a PolicyAction are provided in subclasses of this object, this class is abstract. A class representing a rule-specific or reusable policy action to be performed if the PolicyConditions for a Policy Rule evaluate to TRUE. Since all operational details of a PolicyAction are provided in subclasses of this object, this class is abstract.
235PolicyAction instances may be aggregated into either PolicyRule instances or CompoundPolicyAction instances. PolicyAction instances may be aggregated into either PolicyRule instances or CompoundPolicyAction instances.
236A PolicyAction aggregated by a PolicyRule or CompoundPolicyAction. A PolicyAction aggregated by a PolicyRule or CompoundPolicyAction.
237ActionOrder is an unsigned integer \'n\' that indicates the relative position of a PolicyAction in the sequence of actions associated with a PolicyRule or CompoundPolicyAction. When \'n\' is a positive integer, it indicates a place in the sequence of actions to be performed, with smaller integers indicating earlier positions in the sequence. The special value \'0\' indicates \'don\'t care\'. If two or more PolicyActions have the same non-zero sequence number, they may be performed in any order, but they must all be performed at the appropriate place in the overall action sequence.

A series of examples will make ordering of PolicyActions clearer:
o If all actions have the same sequence number, regardless of whether it is \'0\' or non-zero, any order is acceptable.
o The values:
1:ACTION A
2:ACTION B
1:ACTION C
3:ACTION D
indicate two acceptable orders: A,C,B,D or C,A,B,D,
since A and C can be performed in either order, but only at the \'1\' position.
o The values:
0:ACTION A
2:ACTION B
3:ACTION C
3:ACTION D
require that B,C, and D occur either as B,C,D or as B,D,C. Action A may appear at any point relative to B, C, and D. Thus the complete set of acceptable orders is: A,B,C,D; B,A,C,D; B,C,A,D; B,C,D,A; A,B,D,C; B,A,D,C; B,D,A,C; B,D,C,A.

Note that the non-zero sequence numbers need not start with \'1\', and they need not be consecutive. All that matters is their relative magnitude.
ActionOrder is an unsigned integer \'n\' that indicates the relative position of a PolicyAction in the sequence of actions associated with a PolicyRule or CompoundPolicyAction. When \'n\' is a positive integer, it indicates a place in the sequence of actions to be performed, with smaller integers indicating earlier positions in the sequence. The special value \'0\' indicates \'don\'t care\'. If two or more PolicyActions have the same non-zero sequence number, they may be performed in any order, but they must all be performed at the appropriate place in the overall action sequence.

A series of examples will make ordering of PolicyActions clearer:
o If all actions have the same sequence number, regardless of whether it is \'0\' or non-zero, any order is acceptable.
o The values:
1:ACTION A
2:ACTION B
1:ACTION C
3:ACTION D
indicate two acceptable orders: A,C,B,D or C,A,B,D,
since A and C can be performed in either order, but only at the \'1\' position.
o The values:
0:ACTION A
2:ACTION B
3:ACTION C
3:ACTION D
require that B,C, and D occur either as B,C,D or as B,D,C. Action A may appear at any point relative to B, C, and D. Thus the complete set of acceptable orders is: A,B,C,D; B,A,C,D; B,C,A,D; B,C,D,A; A,B,D,C; B,A,D,C; B,D,A,C; B,D,C,A.

Note that the non-zero sequence numbers need not start with \'1\', and they need not be consecutive. All that matters is their relative magnitude.
238PolicyActions may be aggregated into rules and into compound actions. PolicyActionStructure is the abstract aggregation class for the structuring of policy actions. PolicyActions may be aggregated into rules and into compound actions. PolicyActionStructure is the abstract aggregation class for the structuring of policy actions.
239This property represents the PolicyRule that contains one or more PolicyActions. This property represents the PolicyRule that contains one or more PolicyActions.
240This property holds the name of a PolicyAction contained by one or more PolicyRules. This property holds the name of a PolicyAction contained by one or more PolicyRules.
241A PolicyRule aggregates zero or more instances of the PolicyAction class, via the PolicyActionInPolicyRule association. A Rule that aggregates zero Actions is not valid--it may, however, be in the process of being entered into a PolicyRepository or being defined for a System. Alternately, the actions of the policy may be explicit in the definition of the PolicyRule. Note that a PolicyRule should have no effect until it is valid.

The Actions associated with a PolicyRule may be given a required order, a recommended order, or no order at all. For Actions represented as separate objects, the PolicyActionInPolicyRule aggregation can be used to express an order.

This aggregation does not indicate whether a specified action order is required, recommended, or of no significance; the property SequencedActions in the aggregating instance of PolicyRule provides this indication.
A PolicyRule aggregates zero or more instances of the PolicyAction class, via the PolicyActionInPolicyRule association. A Rule that aggregates zero Actions is not valid--it may, however, be in the process of being entered into a PolicyRepository or being defined for a System. Alternately, the actions of the policy may be explicit in the definition of the PolicyRule. Note that a PolicyRule should have no effect until it is valid.

The Actions associated with a PolicyRule may be given a required order, a recommended order, or no order at all. For Actions represented as separate objects, the PolicyActionInPolicyRule aggregation can be used to express an order.

This aggregation does not indicate whether a specified action order is required, recommended, or of no significance; the property SequencedActions in the aggregating instance of PolicyRule provides this indication.
242DoPacketLogging causes a log message to be generated when the action is applied to a packet. DoPacketLogging causes a log message to be generated when the action is applied to a packet.
243SAAction is the base class for the various types of key exchange or IPsec actions. It is abstract and used to categorize the different types of actions of SARules. SAAction is the base class for the various types of key exchange or IPsec actions. It is abstract and used to categorize the different types of actions of SARules.
244The IPsec rule. The IPsec rule.
245The auth/crypto sets. The auth/crypto sets.
246Links an IPsec rule to its auth and crypto sets. Links an IPsec rule to its auth and crypto sets.
247MinLifetimeSeconds prevents certain denial of service attacks where the peer requests an arbitrarily low lifetime value, causing renegotiations with expensive Diffie-Hellman operations. The property specifies the minimum lifetime, in seconds, that will be accepted from the peer. A value of zero (the default) indicates that there is no minimum value. A non-zero value specifies the minimum seconds lifetime. MinLifetimeSeconds prevents certain denial of service attacks where the peer requests an arbitrarily low lifetime value, causing renegotiations with expensive Diffie-Hellman operations. The property specifies the minimum lifetime, in seconds, that will be accepted from the peer. A value of zero (the default) indicates that there is no minimum value. A non-zero value specifies the minimum seconds lifetime.
248Seconds Seconds
249IdleDurationSeconds is the time an SA can remain idle (i.e., no traffic protected using the security association) before it is automatically deleted. The default (zero) value indicates that there is no idle duration timer and that the SA is deleted based upon the SA seconds and kilobyte lifetimes. Any non-zero value indicates the number of seconds that the SA may remain unused. IdleDurationSeconds is the time an SA can remain idle (i.e., no traffic protected using the security association) before it is automatically deleted. The default (zero) value indicates that there is no idle duration timer and that the SA is deleted based upon the SA seconds and kilobyte lifetimes. Any non-zero value indicates the number of seconds that the SA may remain unused.
250MinLifetimeKilobytes prevents certain denial of service attacks where the peer requests an arbitrarily low lifetime value, causing renegotiations with expensive Diffie-Hellman operations. The property specifies the minimum lifetime, in kilobytes, that will be accepted from the peer. A value of zero (the default) indicates that there is no minimum value. A non-zero value specifies the minimum kilobytes lifetime. Note that there has been considerable debate regarding the usefulness of applying kilobyte lifetimes to phase 1 security associations, so it is likely that this property will only apply to the subclass, IPsecAction. MinLifetimeKilobytes prevents certain denial of service attacks where the peer requests an arbitrarily low lifetime value, causing renegotiations with expensive Diffie-Hellman operations. The property specifies the minimum lifetime, in kilobytes, that will be accepted from the peer. A value of zero (the default) indicates that there is no minimum value. A non-zero value specifies the minimum kilobytes lifetime. Note that there has been considerable debate regarding the usefulness of applying kilobyte lifetimes to phase 1 security associations, so it is likely that this property will only apply to the subclass, IPsecAction.
251KiloBytes KiloBytes
252SANegotiationAction is the base class for negotiated SAs. It is abstract, specifying the common parameters that control the IPsec phase 1 and phase 2 negotiations. SANegotiationAction is the base class for negotiated SAs. It is abstract, specifying the common parameters that control the IPsec phase 1 and phase 2 negotiations.
253The ExchangeMode designates the mode IKE should use for its key negotiations. The ExchangeMode designates the mode IKE should use for its key negotiations.
254Base Base
255Main Main
256Aggressive Aggressive
257UseIKEIdentityType specifies what network identity type should be used when negotiating with the peer. It is used in conjunction with the available IPNetworkIdentity instances, that are associated with an IPProtocolEndpoint. UseIKEIdentityType specifies what network identity type should be used when negotiating with the peer. It is used in conjunction with the available IPNetworkIdentity instances, that are associated with an IPProtocolEndpoint.
258IPV4 Address IPV4 Address
259FQDN FQDN
260User FQDN User FQDN
261IPV4 Subnet Address IPV4 Subnet Address
262IPV6 Address IPV6 Address
263IPV6 Subnet Address IPV6 Subnet Address
264IPV4 Address Range IPV4 Address Range
265IPV6 Address Range IPV6 Address Range
266DER ASN1 DN DER ASN1 DN
267DER ASN1 GN DER ASN1 GN
268KEY ID KEY ID
269VendorID specifies the value to be used in the Vendor ID payload. An empty string (the default) means that the Vendor ID payload will not be generated or accepted. A non-NULL value means that a Vendor ID payload will be generated (when acting as an initiator) or is expected (when acting as a responder). VendorID specifies the value to be used in the Vendor ID payload. An empty string (the default) means that the Vendor ID payload will not be generated or accepted. A non-NULL value means that a Vendor ID payload will be generated (when acting as an initiator) or is expected (when acting as a responder).
270When IKEAction.ExchangeMode is set to "Aggressive" (4), this property specifies the key exchange groupID to use in the first packets of the phase 1 negotiation. This property is ignored unless the ExchangeMode is \'aggressive\'. If the GroupID number is from the vendor- specific range (32768-65535), the VendorID qualifies the group number. Well-known group identifiers from RFC2412, Appendix E, are: Group 1=\'768 bit prime\', Group 2=\'1024 bit prime\', Group 3=\'Elliptic Curve Group with 155 bit field element\', Group 4=\'Large Elliptic Curve Group with 185 bit field element\', and Group 5=\'1536 bit prime\'. When IKEAction.ExchangeMode is set to "Aggressive" (4), this property specifies the key exchange groupID to use in the first packets of the phase 1 negotiation. This property is ignored unless the ExchangeMode is \'aggressive\'. If the GroupID number is from the vendor- specific range (32768-65535), the VendorID qualifies the group number. Well-known group identifiers from RFC2412, Appendix E, are: Group 1=\'768 bit prime\', Group 2=\'1024 bit prime\', Group 3=\'Elliptic Curve Group with 155 bit field element\', Group 4=\'Large Elliptic Curve Group with 185 bit field element\', and Group 5=\'1536 bit prime\'.
271No Group/Non-Diffie-Hellman Exchange No Group/Non-Diffie-Hellman Exchange
272DH-768 bit prime DH-768 bit prime
273DH-1024 bit prime DH-1024 bit prime
274EC2N-155 bit field element EC2N-155 bit field element
275EC2N-185 bit field element EC2N-185 bit field element
276DH-1536 bit prime DH-1536 bit prime
277Standard Group - Reserved Standard Group - Reserved
278IKEAction specifies the parameters to use for an IPsec IKE phase 1 negotiation. IKEAction specifies the parameters to use for an IPsec IKE phase 1 negotiation.
279The ScopedSettingData class represents the general concept of SettingData, which is scoped or contained by a ManagedElement (that is, settings that are specifically defined for a system, device, and so on). ScopedSettingData is tied to a ManagedElement using the ScopedSetting association. Note that the cardinality of the ManagedElement reference is Min(1), Max(1). This cardinality mandates the instantiation of the ScopedSetting association for the referenced instance of ScopedSettingData. ScopedSetting describes the existence requirements and context for the referenced instance of ManagedElement. Specifically, the ManagedElement must exist and it provides the context for the ScopedSettingData. The ScopedSettingData class represents the general concept of SettingData, which is scoped or contained by a ManagedElement (that is, settings that are specifically defined for a system, device, and so on). ScopedSettingData is tied to a ManagedElement using the ScopedSetting association. Note that the cardinality of the ManagedElement reference is Min(1), Max(1). This cardinality mandates the instantiation of the ScopedSetting association for the referenced instance of ScopedSettingData. ScopedSetting describes the existence requirements and context for the referenced instance of ManagedElement. Specifically, the ManagedElement must exist and it provides the context for the ScopedSettingData.
2802.10.0 2.10.0
281SAProposal is a base class defining the common properties of, and anchoring common associations for, IPsec phase 1 and phase 2 proposals. It is defined as a kind of ScopedSettingData (scoped by a ComputerSystem or AdminDomain), since its subclasses define sets of IPsec properties that MUST be applied together, if negotiated. This subclassing is different than that defined in IETF\'s IPSP Policy draft - where it is subclassed from Policy. The definition as SettingData is more consistent with the application of the properties as a set, to the negotiated Security Association. To indicate that \'this\' proposaltransform is negotiated for a Security Association, use the ElementSettingData to associate the proposal and the SA. SAProposal is a base class defining the common properties of, and anchoring common associations for, IPsec phase 1 and phase 2 proposals. It is defined as a kind of ScopedSettingData (scoped by a ComputerSystem or AdminDomain), since its subclasses define sets of IPsec properties that MUST be applied together, if negotiated. This subclassing is different than that defined in IETF\'s IPSP Policy draft - where it is subclassed from Policy. The definition as SettingData is more consistent with the application of the properties as a set, to the negotiated Security Association. To indicate that \'this\' proposaltransform is negotiated for a Security Association, use the ElementSettingData to associate the proposal and the SA.
282MaxLifetimeSeconds specifies the maximum time the IKE message sender proposes for an SA to be considered valid after it has been created. A value of zero indicates that the default of 8 hours be used. A non-zero value indicates the maximum seconds lifetime. MaxLifetimeSeconds specifies the maximum time the IKE message sender proposes for an SA to be considered valid after it has been created. A value of zero indicates that the default of 8 hours be used. A non-zero value indicates the maximum seconds lifetime.
283MaxLifetimeKilobytes specifies the maximum kilobyte lifetime the IKE message sender proposes for an SA to be considered valid after it has been created. A value of zero (the default) indicates that there should be no maximum kilobyte lifetime. A non-zero value specifies the desired kilobyte lifetime. MaxLifetimeKilobytes specifies the maximum kilobyte lifetime the IKE message sender proposes for an SA to be considered valid after it has been created. A value of zero (the default) indicates that there should be no maximum kilobyte lifetime. A non-zero value specifies the desired kilobyte lifetime.
284CipherAlgorithm is an enumeration that specifies the proposed encryption algorithm. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.CipherAlgorithm. CipherAlgorithm is an enumeration that specifies the proposed encryption algorithm. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.CipherAlgorithm.
285DES DES
286IDEA IDEA
287Blowfish Blowfish
288RC5 RC5
2893DES 3DES
290CAST CAST
291DMTF/IANA Reserved DMTF/IANA Reserved
292Description of the encryption algorithm when the value 1 ("Other") is specified for the property, CipherAlgorithm. Description of the encryption algorithm when the value 1 ("Other") is specified for the property, CipherAlgorithm.
293HashAlgorithm is an enumeration that specifies the proposed hash function. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.HashAlgorithm. HashAlgorithm is an enumeration that specifies the proposed hash function. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.HashAlgorithm.
294MD5 MD5
295SHA-1 SHA-1
296Tiger Tiger
297Description of the hash function when the value 1 ("Other") is specified for the property, HashAlgorithm. Description of the hash function when the value 1 ("Other") is specified for the property, HashAlgorithm.
298AuthenticationMethod is an enumeration that specifies the proposed authentication. The list of methods was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.AuthenticationMethod. There is one change to the list - the value 65000 has special meaning. It is a special value that indicates that this particular proposal should be repeated once for each authentication method corresponding to credentials installed on the machine. For example, if the system has a pre-shared key and an public-key certificate, a proposal list would be constructed which includes a proposal that specifies a pre-shared key and a proposal for any of the public-key certificates. AuthenticationMethod is an enumeration that specifies the proposed authentication. The list of methods was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.AuthenticationMethod. There is one change to the list - the value 65000 has special meaning. It is a special value that indicates that this particular proposal should be repeated once for each authentication method corresponding to credentials installed on the machine. For example, if the system has a pre-shared key and an public-key certificate, a proposal list would be constructed which includes a proposal that specifies a pre-shared key and a proposal for any of the public-key certificates.
299Pre-shared Key Pre-shared Key
300DSS Signatures DSS Signatures
301RSA Signatures RSA Signatures
302Encryption with RSA Encryption with RSA
303Revised Encryption with RSA Revised Encryption with RSA
304Description of the method when the value 1 ("Other") is specified for the property, AuthenticationMethod. Description of the method when the value 1 ("Other") is specified for the property, AuthenticationMethod.
305The property GroupId specifies the proposed phase 1 security association key exchange group. This property is ignored for all aggressive mode exchanges (IKEAction.ExchangeMode = 4). If the GroupID number is from the vendor-specific range (32768-65535), the property VendorID qualifies the group number. Well-known group identifiers from RFC2412, Appendix E, are: Group 1=\'768 bit prime\', Group 2=\'1024 bit prime\', Group 3 =\'Elliptic Curve Group with 155 bit field element\', Group 4= \'Large Elliptic Curve Group with 185 bit field element\', and Group 5=\'1536 bit prime\'. The property GroupId specifies the proposed phase 1 security association key exchange group. This property is ignored for all aggressive mode exchanges (IKEAction.ExchangeMode = 4). If the GroupID number is from the vendor-specific range (32768-65535), the property VendorID qualifies the group number. Well-known group identifiers from RFC2412, Appendix E, are: Group 1=\'768 bit prime\', Group 2=\'1024 bit prime\', Group 3 =\'Elliptic Curve Group with 155 bit field element\', Group 4= \'Large Elliptic Curve Group with 185 bit field element\', and Group 5=\'1536 bit prime\'.
306VendorID identifies the vendor when the value of GroupID is in the vendor-specific range, 32768 to 65535. VendorID identifies the vendor when the value of GroupID is in the vendor-specific range, 32768 to 65535.
307IKEProposal contains the parameters necessary to drive the phase 1 IKE negotiation. IKEProposal contains the parameters necessary to drive the phase 1 IKE negotiation.
308Represents an auth proposal. Represents an auth proposal.
309The locale-independent name for the group that this set belongs to. The locale-independent name for the group that this set belongs to.
310The localized name of this set. This field's value is based on the value of ElementName. Changes to this field are ignored. The localized name of this set. This field's value is based on the value of ElementName. Changes to this field are ignored.
311The group that this set belongs to. This field is based on the value of RuleGroup and changes to this field are ignored. The group that this set belongs to. This field is based on the value of RuleGroup and changes to this field are ignored.
312The proposals within this set, in order of preference. The proposals within this set, in order of preference.
313A list of auth suites, in preferential order, to use when negotiating an SA. A list of auth suites, in preferential order, to use when negotiating an SA.
314A brief description of the set. May be an indirect string. If it is an indirect string, then it may not be overwritten. A brief description of the set. May be an indirect string. If it is an indirect string, then it may not be overwritten.
315The locale-independent name of the set. May be an indirect string. The locale-independent name of the set. May be an indirect string.
316Rename this set. Rename this set.
317The new name for the set. The new name for the set.
318Copy this set. Copy this set.
319The new ID for the set. The new ID for the set.
320The new policy store for the set. The new policy store for the set.
321The new GPOSession for the set. The new GPOSession for the set.
322A set of authentication proposals that can be used in Phase 2 of authentication. A set of authentication proposals that can be used in Phase 2 of authentication.
323The Phase 2 Authentication Set used by the rule. The Phase 2 Authentication Set used by the rule.
324Relates an IPsec rule to its Phase 2 Authentication Set. Relates an IPsec rule to its Phase 2 Authentication Set.
325The connection security rule. The connection security rule.
326Relates a connection security rule to its Phase 2 Authentication Set. Relates a connection security rule to its Phase 2 Authentication Set.
327The rule. The rule.
328The filters associated with the rule. The filters associated with the rule.
329Associates a policy rule to its filters. Associates a policy rule to its filters.
330The connection security rule being filtered. The connection security rule being filtered.
331Associates a connection security rule with its filters. Instances of this class can be traversed and the values in the associated filters can be modified, but instances of this class may not be created or deleted. Associates a connection security rule with its filters. Instances of this class can be traversed and the values in the associated filters can be modified, but instances of this class may not be created or deleted.
332The address filter applied to the rule. The address filter applied to the rule.
333Interfaces that the traffic applies to. They may be specified by LUID or by Alias. Interfaces that the traffic applies to. They may be specified by LUID or by Alias.
334Filters traffic based on what interface it is sent or received on. Filters traffic based on what interface it is sent or received on.
335The interface filter applied to the rule. The interface filter applied to the rule.
336Specifies what types of interface to filter on. Specifies what types of interface to filter on.
337Local area network Local area network
338Remote access Remote access
339Wireless Wireless
340Filters traffic based on the type of interface it is sent or received on. Filters traffic based on the type of interface it is sent or received on.
341The interface type filter applied to the rule. The interface type filter applied to the rule.
342IP Protocol Number that this filter applies to. May be 0-255 or one of the following: ICMPv4, ICMPv6, TCP, UDP. IP Protocol Number that this filter applies to. May be 0-255 or one of the following: ICMPv4, ICMPv6, TCP, UDP.
343Applies only when Protocol is TCP or UDP. Remote ports this filter applies to. May be a number or range 0-65535, or one of the following: Any, IPHTTPSOut. Applies only when Protocol is TCP or UDP. Remote ports this filter applies to. May be a number or range 0-65535, or one of the following: Any, IPHTTPSOut.
344Applies only when Protocol is TCP or UDP. Local ports this filter applies to. May be a number or range 0-65535, or one of the following: Any, RPC, RPC-EPMap, IPHTTPSIn, PlayToDiscovery. Applies only when Protocol is TCP or UDP. Local ports this filter applies to. May be a number or range 0-65535, or one of the following: Any, RPC, RPC-EPMap, IPHTTPSIn, PlayToDiscovery.
345Applies only when Protocol is ICMPv4 or ICMPv6. ICMP Type/Code pairs this filter applies to. May be an ICMP type (0-255), or an ICMP type/code pair in the format Type.Code, where type and code values are numbers from 0 to 255. Applies only when Protocol is ICMPv4 or ICMPv6. ICMP Type/Code pairs this filter applies to. May be an ICMP type (0-255), or an ICMP type/code pair in the format Type.Code, where type and code values are numbers from 0 to 255.
346Allows filtering traffic to/from endpoints by certain kinds of virtual transports, rather than traditional tuples of addresses, protocols, and ports. Allows filtering traffic to/from endpoints by certain kinds of virtual transports, rather than traditional tuples of addresses, protocols, and ports.
347ProximityApps ProximityApps
348ProximitySharing ProximitySharing
349WifiDirectPrinting WifiDirectPrinting
350WifiDirectDisplay WifiDirectDisplay
351WifiDirectDevices WifiDirectDevices
352Filters traffic based on its protocol and port. Filters traffic based on its protocol and port.
353The protocol/port filter applied to the rule. The protocol/port filter applied to the rule.
354A PolicySet that aggregates other PolicySet instances. A PolicySet that aggregates other PolicySet instances.
355A PolicySet aggregated into a PolicySet. A PolicySet aggregated into a PolicySet.
356A non-negative integer for prioritizing this PolicySet component relative to other elements of the same PolicySet. A larger value indicates a higher priority. The Priority property MUST have a unique value when compared with others defined for the same aggregating PolicySet. A non-negative integer for prioritizing this PolicySet component relative to other elements of the same PolicySet. A larger value indicates a higher priority. The Priority property MUST have a unique value when compared with others defined for the same aggregating PolicySet.
357PolicySetComponent is a concrete aggregation that collects instances of the subclasses of PolicySet (i.e., PolicyGroups and PolicyRules). Instances are collected in sets that use the same decision strategy. They are prioritized relative to each other, within the set, using the Priority property of this aggregation.

Together, the PolicySet.PolicyDecisionStrategy and PolicySet Component.Priority properties determine the processing for the groups and rules contained in a PolicySet. A larger priority value represents a higher priority. Note that the Priority property MUST have a unique value when compared with others defined for the same aggregating PolicySet. Thus, the evaluation of rules within a set is deterministically specified.
PolicySetComponent is a concrete aggregation that collects instances of the subclasses of PolicySet (i.e., PolicyGroups and PolicyRules). Instances are collected in sets that use the same decision strategy. They are prioritized relative to each other, within the set, using the Priority property of this aggregation.

Together, the PolicySet.PolicyDecisionStrategy and PolicySet Component.Priority properties determine the processing for the groups and rules contained in a PolicySet. A larger priority value represents a higher priority. Note that the Priority property MUST have a unique value when compared with others defined for the same aggregating PolicySet. Thus, the evaluation of rules within a set is deterministically specified.
358The name of the profile. The name of the profile.
359Whether the firewall is enabled on this profile. Whether the firewall is enabled on this profile.
360The default action for Inbound traffic. The default action for Inbound traffic.
361The default action for outbound traffic. The default action for outbound traffic.
362If this is true, administrators will be able to create firewall rules which allow unsolicited inbound traffic to be accepted. If this is false, such rules will be ignored. If this is true, administrators will be able to create firewall rules which allow unsolicited inbound traffic to be accepted. If this is false, such rules will be ignored.
363Determines whether local firewall rules should be merged into the effective policy along with Group Policy settings. Determines whether local firewall rules should be merged into the effective policy along with Group Policy settings.
364Determines whether local IPsec rules should be merged into the effective policy along with rules from Group Policy. Determines whether local IPsec rules should be merged into the effective policy along with rules from Group Policy.
365Whether to respect user allowed applications created in the legacy Windows XP firewall. Whether to respect user allowed applications created in the legacy Windows XP firewall.
366Whether to respect globally opened ports created in the legacy Windows XP firewall. Whether to respect globally opened ports created in the legacy Windows XP firewall.
367Whether to allow unicast responses to multicast traffic. Whether to allow unicast responses to multicast traffic.
368If true, users will be notified when an application listens on a port that is closed. If true, users will be notified when an application listens on a port that is closed.
369The filename in which to store the firewall log. The filename in which to store the firewall log.
370Maximum size the log file can reach before being rotated. May be a uint32 value, or MAXUINT64 for Not Configured. Maximum size the log file can reach before being rotated. May be a uint32 value, or MAXUINT64 for Not Configured.
371Whether to log allowed packets. Whether to log allowed packets.
372Whether to log blocked traffic. Whether to log blocked traffic.
373Whether to log an event when rules are ignored. Whether to log an event when rules are ignored.
374Interfaces that the firewall profile is disabled on. Interfaces that the firewall profile is disabled on.
375Whether to use Stealth Mode for IPsec-protected traffic. Whether to use Stealth Mode for IPsec-protected traffic.
376Represents a particular firewall profile. Multiple profiles may be in effect on any interface at any given time. Represents a particular firewall profile. Multiple profiles may be in effect on any interface at any given time.
377The firewall profile. The firewall profile.
378The policy rule within the profile. The policy rule within the profile.
379Indicates that a rule applies to a particular firewall profile. Indicates that a rule applies to a particular firewall profile.
380A set of authentication proposals used in Phase 1 of authentication. A set of authentication proposals used in Phase 1 of authentication.
381The Phase 1 Authentication Set used by the rule. The Phase 1 Authentication Set used by the rule.
382Relates an IPsec rule to its Phase 1 Authentication Set. Relates an IPsec rule to its Phase 1 Authentication Set.
383Represents a suite of crypto algorithms to propose. Represents a suite of crypto algorithms to propose.
384A list of crypto suites, in preferential order, to use when negotiating an SA. A list of crypto suites, in preferential order, to use when negotiating an SA.
385Diffie-Hellman Group to use with PFS Diffie-Hellman Group to use with PFS
386DH Group 1 DH Group 1
387DH Group 2 DH Group 2
388DH Group 14 DH Group 14
389DH Group 19 DH Group 19
390DH Group 20 DH Group 20
391DH Group 24 DH Group 24
392Specifies parameters for the quick mode negotiation as well as dictating the crypto sets that should be proposed during the exchange. Specifies parameters for the quick mode negotiation as well as dictating the crypto sets that should be proposed during the exchange.
393The Quick Mode crypto set used by this rule. The Quick Mode crypto set used by this rule.
394Relates an IPsec rule to its Quick Mode crypto set. Relates an IPsec rule to its Quick Mode crypto set.
395Relates a connection security rule to its Quick Mode Crypto Set. Relates a connection security rule to its Quick Mode Crypto Set.
396Whether to group UDP packets into conversations based upon the local address, local port, and remote port. Applies only to UDP. Whether to group UDP packets into conversations based upon the local address, local port, and remote port. Applies only to UDP.
397Whether to group UDP packets into conversations based only upon the local address and port. Applies only to UDP. Whether to group UDP packets into conversations based only upon the local address and port. Applies only to UDP.
398Specifies how this firewall rule will handle edge traversal cases. Specifies how this firewall rule will handle edge traversal cases.
399Block Block
400Allow Allow
401Defer to User Defer to User
402Defer to App Defer to App
403Specifies which direction of traffic to match with this rule. Specifies which direction of traffic to match with this rule.
404Inbound Inbound
405Outbound Outbound
406Specifies the action to take on traffic that matches this rule. Specifies the action to take on traffic that matches this rule.
407AllowBypass AllowBypass
408The owner of the firewall rule, as a SID. The owner of the firewall rule, as a SID.
409Desc Desc
410Represents a Windows firewall rule. Represents a Windows firewall rule.
411The firewall rule. The firewall rule.
412Associates a firewall rule with its filters. Instances of this class can be traversed and the values in the associated filters can be modified, but instances of this class may not be created or deleted. Associates a firewall rule with its filters. Instances of this class can be traversed and the values in the associated filters can be modified, but instances of this class may not be created or deleted.
413Associates a FirewallRule to its AddressFilter. Associates a FirewallRule to its AddressFilter.
414The application filter applied to the rule. The application filter applied to the rule.
415Whether to require Authentication. NoEncapsulation means that authentication is still required, but only once at the beginning of the traffic flow, instead of on every packet. Whether to require Authentication. NoEncapsulation means that authentication is still required, but only once at the beginning of the traffic flow, instead of on every packet.
416NotRequired NotRequired
417Required Required
418NoEncapsulation NoEncapsulation
419Whether to require Encryption. Dynamic encryption means that the first packet may be protected but not encrypted. Whether to require Encryption. Dynamic encryption means that the first packet may be protected but not encrypted.
420Dynamic Dynamic
421Whether to allow this rule to take precedence over Block rules. This setting may only be applied on Allow rules that require Authentication with specific RemoteUsers and/or RemoteMachines. Whether to allow this rule to take precedence over Block rules. This setting may only be applied on Allow rules that require Authentication with specific RemoteUsers and/or RemoteMachines.
422SDDL string describing Local Users that are allowed by this rule. If this is empty, all users are allowed. If LocalUsers/RemoteUsers/RemoteMachines are specified, then they apply conjunctively, and this is an ''Allow-Bypass'' rule and ProtectionLevel must be set above None (so that authentication is required). SDDL string describing Local Users that are allowed by this rule. If this is empty, all users are allowed. If LocalUsers/RemoteUsers/RemoteMachines are specified, then they apply conjunctively, and this is an ''Allow-Bypass'' rule and ProtectionLevel must be set above None (so that authentication is required).
423SDDL string describing Remote Users that are allowed by this rule. If this is empty, all users are allowed. If LocalUsers/RemoteUsers/RemoteMachines are specified, then they apply conjunctively, and this is an ''Allow-Bypass'' rule and ProtectionLevel must be set above None (so that authentication is required). SDDL string describing Remote Users that are allowed by this rule. If this is empty, all users are allowed. If LocalUsers/RemoteUsers/RemoteMachines are specified, then they apply conjunctively, and this is an ''Allow-Bypass'' rule and ProtectionLevel must be set above None (so that authentication is required).
424SDDL string describing Remote Machines that are allowed by this rule. If this is empty, all users are allowed. If LocalUsers/RemoteUsers/RemoteMachines are specified, then they apply conjunctively, and this is an ''Allow-Bypass'' rule and ProtectionLevel must be set above None (so that authentication is required). SDDL string describing Remote Machines that are allowed by this rule. If this is empty, all users are allowed. If LocalUsers/RemoteUsers/RemoteMachines are specified, then they apply conjunctively, and this is an ''Allow-Bypass'' rule and ProtectionLevel must be set above None (so that authentication is required).
425Filters traffic based on certain high-level security constraints, like whether or not the traffic is encrypted. Connection Security rules will have to be created in order for traffic to pass the rule. Filters traffic based on certain high-level security constraints, like whether or not the traffic is encrypted. Connection Security rules will have to be created in order for traffic to pass the rule.
426The security filter applied to the rule. The security filter applied to the rule.
427The short name of the service to be filtered. The short name of the service to be filtered.
428Filters traffic based on which Windows service it is sent or received by. Filters traffic based on which Windows service it is sent or received by.
429The service filter applied to the rule. The service filter applied to the rule.
430Associates a firewall rule with a profile that it is in. Associates a firewall rule with a profile that it is in.
431Specifies the proposed authentication. The list of methods was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.AuthenticationMethod. Specifies the proposed authentication. The list of methods was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list and aligns with the values in IKESAEndpoint.AuthenticationMethod.
432Anonymous Anonymous
433Kerberos (machine as principal) Kerberos (machine as principal)
434NTLM (machine as principal) NTLM (machine as principal)
435Kerberos (user as principal) Kerberos (user as principal)
436NTLM (user as principal) NTLM (user as principal)
437X.509 Certificates (machine as principal) X.509 Certificates (machine as principal)
438X.509 Certificates (user as principal) X.509 Certificates (user as principal)
439X.509 Certificates (machine health) X.509 Certificates (machine health)
440Represents an auth proposal. Instances of this class only exist as embedded instances within a MSFT_NetIKEP1AuthSet and MSFT_NetIKEP2AuthSet. Represents an auth proposal. Instances of this class only exist as embedded instances within a MSFT_NetIKEP1AuthSet and MSFT_NetIKEP2AuthSet.
441Only certs issued by this CA should be allowed. Only certs issued by this CA should be allowed.
442Indicates whether to accept certificates only from the root TrustedCA, or to also accept certificates from Intermediate CA's which are children of the TrustedCA. Indicates whether to accept certificates only from the root TrustedCA, or to also accept certificates from Intermediate CA's which are children of the TrustedCA.
443Root CA Root CA
444Intermediate CA Intermediate CA
445If this flag is set, certificate authority names are excluded. This flag MUST be set only on first authentications. If this flag is set, certificate authority names are excluded. This flag MUST be set only on first authentications.
446If this flag is set, Windows will attempt to map certificates to domain accounts. If this flag is set, Windows will attempt to map certificates to domain accounts.
447Specifies the certificate signing algorithm to use. Specifies the certificate signing algorithm to use.
448RSA RSA
449256-bit Elliptic-Curve DSA 256-bit Elliptic-Curve DSA
450384-bit Elliptic-Curve DSA 384-bit Elliptic-Curve DSA
451The name that should be on the certificate. The name that should be on the certificate.
452The type of name used in CertName. The type of name used in CertName.
453None None
454DNS DNS
455UPN UPN
456RFC822 RFC822
457CN CN
458OU OU
459O O
460DC DC
461The EKU's to accept. The EKU's to accept.
462The thumbprint to accept. The thumbprint to accept.
463Whether to follow certificate renewal. Whether to follow certificate renewal.
464Whether the cert criteria (CertName, EKUs, Thumbprint) should be used when choosing which certificates to offer. Whether the cert criteria (CertName, EKUs, Thumbprint) should be used when choosing which certificates to offer.
465Whether the cert criteria (CertName, EKUs, Thumbprint) should be used for validating the certificates presented. Whether the cert criteria (CertName, EKUs, Thumbprint) should be used for validating the certificates presented.
466Represents an auth proposal that uses certificates to authenticate the remote peer. Instances of this class only exist as embedded instances within a MSFT_NetIKEP1AuthSet and MSFT_NetIKEP2AuthSet. Represents an auth proposal that uses certificates to authenticate the remote peer. Instances of this class only exist as embedded instances within a MSFT_NetIKEP1AuthSet and MSFT_NetIKEP2AuthSet.
467The Kerberos proxy server to use when authenticating remotely. The Kerberos proxy server to use when authenticating remotely.
468Represents an auth proposal for Kerberos. Represents an auth proposal for Kerberos.
469Require use of Diffie-Hellman for enhanced security. Require use of Diffie-Hellman for enhanced security.
470The maximum number of QM SA's that may be established using this MMSA before it must be re-established. The maximum number of QM SA's that may be established using this MMSA before it must be re-established.
471The maximum amount of time that can elapse before this MMSA must be re-established. The maximum amount of time that can elapse before this MMSA must be re-established.
472For a Main Mode or Connection Security rule, sets parameters for the main mode negotiation and describes the crypto proposals that should be negotiated. For a Main Mode or Connection Security rule, sets parameters for the main mode negotiation and describes the crypto proposals that should be negotiated.
473Specifies the proposed encryption algorithm. Specifies the proposed encryption algorithm.
474AES-128 AES-128
475AES-192 AES-192
476AES-256 AES-256
477AES-GCM-128 AES-GCM-128
478AES-GCM-192 AES-GCM-192
479AES-GCM-256 AES-GCM-256
480Specifies the proposed hash algorithm. Specifies the proposed hash algorithm.
481SHA-256 SHA-256
482SHA-384 SHA-384
483AES-GMAC-128 AES-GMAC-128
484AES-GMAC-192 AES-GMAC-192
485AES-GMAC-256 AES-GMAC-256
486The property GroupId specifies the proposed phase 1 security association key exchange group. Well-known group identifiers from RFC2412, Appendix E, are: Group 1='768 bit prime', Group 2='1024 bit prime', Group 3 ='Elliptic Curve Group with 155 bit field element', Group 4= 'Large Elliptic Curve Group with 185 bit field element', and Group 5='1536 bit prime'. Note that only groups 1, 2, 14, 19, 20, and 24 are acceptable in Windows 8. The property GroupId specifies the proposed phase 1 security association key exchange group. Well-known group identifiers from RFC2412, Appendix E, are: Group 1='768 bit prime', Group 2='1024 bit prime', Group 3 ='Elliptic Curve Group with 155 bit field element', Group 4= 'Large Elliptic Curve Group with 185 bit field element', and Group 5='1536 bit prime'. Note that only groups 1, 2, 14, 19, 20, and 24 are acceptable in Windows 8.
487Represents a crypto suite to propose in main mode. Represents a crypto suite to propose in main mode.
488The key to use in the authentication. The key to use in the authentication.
489A Pre-shared Key authentication proposal. A Pre-shared Key authentication proposal.
490The maximum lifetime for a Quick-Mode SA before it must be rekeyed, in kilobytes. The maximum lifetime for a Quick-Mode SA before it must be rekeyed, in kilobytes.
491Hash algorithm to use in AH. Hash algorithm to use in AH.
492Hash algorithm to use in ESP. Hash algorithm to use in ESP.
493What type of encapsulation to use. What type of encapsulation to use.
494AH AH
495ESP ESP
496AH/ESP AH/ESP
497The maximum lifetime for a Quick-Mode SA before it must be rekeyed, in minutes. The maximum lifetime for a Quick-Mode SA before it must be rekeyed, in minutes.
498Represents a crypto suite to propose in quick mode. Represents a crypto suite to propose in quick mode.
499Superclass SettingData for networking Superclass SettingData for networking
500State entry idle timeout in seconds. Value must be 0 State entry idle timeout in seconds. Value must be 0
501Per internal IP address rate limit queue idle timeout in seconds. Value must be 0 Per internal IP address rate limit queue idle timeout in seconds. Value must be 0
502DSCP (RFC 2474) marking for unauthenticated inbound IPv6 IPsec traffic. Value must be DSCP (RFC 2474) marking for unauthenticated inbound IPv6 IPsec traffic. Value must be
503Per internal IP address rate limit for unauthenticated inbound IPv6 IPsec traffic. Per internal IP address rate limit for unauthenticated inbound IPv6 IPsec traffic.
504DSCP (RFC 2474) marking for authenticated inbound IPv6 IPsec traffic. Value must be DSCP (RFC 2474) marking for authenticated inbound IPv6 IPsec traffic. Value must be
505Rate limit for authenticated inbound IPv6 IPsec traffic. Rate limit for authenticated inbound IPv6 IPsec traffic.
506DSCP (RFC 2474) marking for inbound ICMPv6 traffic. Value must be DSCP (RFC 2474) marking for inbound ICMPv6 traffic. Value must be
507Rate limit for inbound ICMPv6 traffic. Rate limit for inbound ICMPv6 traffic.
508DSCP (RFC 2474) marking for inbound IPv6 filter exempted traffic. Value must be DSCP (RFC 2474) marking for inbound IPv6 filter exempted traffic. Value must be
509Rate limit for inbound IPv6 filter exempted traffic. Rate limit for inbound IPv6 filter exempted traffic.
510DSCP (RFC 2474) marking for inbound default-block exempted traffic. Value must be DSCP (RFC 2474) marking for inbound default-block exempted traffic. Value must be
511Rate limit for inbound default-block exempted traffic. Rate limit for inbound default-block exempted traffic.
512Maximum number of state entries in the table. Value must be 0. Maximum number of state entries in the table. Value must be 0.
513Maximum number of per internal IP address rate limit queues for inbound unauthenticated IPv6 IPsec traffic. Value must be 0. Maximum number of per internal IP address rate limit queues for inbound unauthenticated IPv6 IPsec traffic. Value must be 0.
514Enabled keying modules Enabled keying modules
515IkeV1 IkeV1
516IkeV2 IkeV2
517AuthIp AuthIp
518Filtering flags Filtering flags
519DisableDefaultBlock DisableDefaultBlock
520FilterBlock FilterBlock
521FilterExempt FilterExempt
522Public network interfaces Public network interfaces
523Private network interfaces Private network interfaces
524Optional public IPv6 address or subnet, for which this policy is specified. Optional public IPv6 address or subnet, for which this policy is specified.
525Optional private IPv6 address or subnet, for which this policy is specified. Optional private IPv6 address or subnet, for which this policy is specified.
526Address family(ies) currently protected Address family(ies) currently protected
527Denial of Service Prevention Settings for IPsec. Denial of Service Prevention Settings for IPsec.
528Whether to enable stateful FTP. Whether to enable stateful FTP.
529False False
530True True
531NotConfigured NotConfigured
532Whether to enable stateful PPTP. Whether to enable stateful PPTP.
533Current profile. This is only valid in the ActiveStore. Current profile. This is only valid in the ActiveStore.
534Not Applicable Not Applicable
535Specifies which kinds of certificate problems should cause a certificate to be rejected. Specifies which kinds of certificate problems should cause a certificate to be rejected.
536Attempt CRL Check Attempt CRL Check
537Require CRL Check Require CRL Check
538The maximum length of time, in seconds, that an SA may be idle before it will be torn down. 0 means Not Configured. The maximum length of time, in seconds, that an SA may be idle before it will be torn down. 0 means Not Configured.
539When IPsec is in use, extra work is required to enable NAT traversal. This setting indicates on which side NAT traversal should be attempted. When IPsec is in use, extra work is required to enable NAT traversal. This setting indicates on which side NAT traversal should be attempted.
540Server Server
541Both Both
542How to encode Pre-Shared Keys. How to encode Pre-Shared Keys.
543UTF-16 UTF-16
544UTF-8 UTF-8
545Traffic exemptions Traffic exemptions
546NeighborDiscovery NeighborDiscovery
547Icmp Icmp
548RouterDiscovery RouterDiscovery
549Dhcp Dhcp
550Opportunistically match full auth set per key module Opportunistically match full auth set per key module
551SDDL for remote machine tunnel SA authorization SDDL for remote machine tunnel SA authorization
552SDDL for remote user tunnel SA authorization SDDL for remote user tunnel SA authorization
553SDDL for remote machine transport SA authorization SDDL for remote machine transport SA authorization
554SDDL for remote user transport SA authorization SDDL for remote user transport SA authorization
555Toggle IPSec queuing of packets for RSS-like functionality Toggle IPSec queuing of packets for RSS-like functionality
556Receive Receive
557Forward Forward
558Global settings for IPsec. Global settings for IPsec.
559The InstanceID of the CryptoSet to use for Main Mode. The InstanceID of the CryptoSet to use for Main Mode.
560The InstanceID of the CryptoSet to use for Quick Mode. The InstanceID of the CryptoSet to use for Quick Mode.
561The InstanceID of the AuthSet to use for Phase 1 auth. The InstanceID of the AuthSet to use for Phase 1 auth.
562The InstanceID of the AuthSet to use for Phase 2 auth. The InstanceID of the AuthSet to use for Phase 2 auth.
563A rule that alters the behavior of main-mode authentications. A rule that alters the behavior of main-mode authentications.
564The main mode rule being filtered. The main mode rule being filtered.
565Associates a main mode rule with its filters. Instances of this class can be traversed and the values in the associated filters can be modified, but instances of this class may not be created or deleted. Associates a main mode rule with its filters. Instances of this class can be traversed and the values in the associated filters can be modified, but instances of this class may not be created or deleted.
566The main mode rule. The main mode rule.
567Relates a main mode rule to its Phase 1 Authentication Set. Relates a main mode rule to its Phase 1 Authentication Set.
568The Main Mode crypto set used in this rule. The Main Mode crypto set used in this rule.
569Relates an IPsec rule to its Main Mode crypto set. Relates an IPsec rule to its Main Mode crypto set.
570The main mode crypto set used in this rule. The main mode crypto set used in this rule.
571Relates a main mode rule to its Main Mode Crypto Set. Relates a main mode rule to its Main Mode Crypto Set.
572ImpersonationType ImpersonationType
573Impersonated Impersonated
574Authentication method used by this identity Authentication method used by this identity
575Preshared key Preshared key
576Certificate Certificate
577Kerberos Kerberos
578SSL SSL
579NTLMV2 NTLMV2
580CGA CGA
581CertificateEcdsa256 CertificateEcdsa256
582CertificateEcdsa384 CertificateEcdsa384
583SSLEcdsa256 SSLEcdsa256
584SSLEcdsa384 SSLEcdsa384
585EAP EAP
586Identity flags Identity flags
587HealthCertificate HealthCertificate
588Identity Identity
589An identity used by IPsec An identity used by IPsec
590A free-form string that represents the status of the job. The primary status is reflected in the inherited OperationalStatus property. JobStatus provides additional, implementation-specific details. A free-form string that represents the status of the job. The primary status is reflected in the inherited OperationalStatus property. JobStatus provides additional, implementation-specific details.
591The time that the Job was submitted to execute. A value of all zeroes indicates that the owning element is not capable of reporting a date and time. Therefore, the ScheduledStartTime and StartTime are reported as intervals relative to the time their values are requested. The time that the Job was submitted to execute. A value of all zeroes indicates that the owning element is not capable of reporting a date and time. Therefore, the ScheduledStartTime and StartTime are reported as intervals relative to the time their values are requested.
592The time that the current Job is scheduled to start. This time can be represented by the actual date and time, or an interval relative to the time that this property is requested. A value of all zeroes indicates that the Job is already executing. The property is deprecated in lieu of the more expressive scheduling properties, RunMonth, RunDay, RunDayOfWeek, and RunStartInterval. The time that the current Job is scheduled to start. This time can be represented by the actual date and time, or an interval relative to the time that this property is requested. A value of all zeroes indicates that the Job is already executing. The property is deprecated in lieu of the more expressive scheduling properties, RunMonth, RunDay, RunDayOfWeek, and RunStartInterval.
593The time that the Job was actually started. This time can be represented by an actual date and time, or by an interval relative to the time that this property is requested. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run time can be stored in this single-valued property. The time that the Job was actually started. This time can be represented by an actual date and time, or by an interval relative to the time that this property is requested. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run time can be stored in this single-valued property.
594The time interval that the Job has been executing or the total execution time if the Job is complete. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run time can be stored in this single-valued property. The time interval that the Job has been executing or the total execution time if the Job is complete. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run time can be stored in this single-valued property.
595The number of times that the Job should be run. A value of 1 indicates that the Job is not recurring, while any non-zero value indicates a limit to the number of times that the Job will recur. Zero indicates that there is no limit to the number of times that the Job can be processed, but that it is terminated either after the UntilTime or by manual intervention. By default, a Job is processed once. The number of times that the Job should be run. A value of 1 indicates that the Job is not recurring, while any non-zero value indicates a limit to the number of times that the Job will recur. Zero indicates that there is no limit to the number of times that the Job can be processed, but that it is terminated either after the UntilTime or by manual intervention. By default, a Job is processed once.
596The month during which the Job should be processed. Specify 0 for January, 1 for February, and so on. The month during which the Job should be processed. Specify 0 for January, 1 for February, and so on.
597January January
598February February
599March March
600April April
601May May
602June June
603July July
604August August
605September September
606October October
607November November
608December December
609The day in the month on which the Job should be processed. There are two different interpretations for this property, depending on the value of DayOfWeek. In one case, RunDay defines the day-in-month on which the Job is processed. This interpretation is used when the DayOfWeek is 0. A positive or negative integer indicates whether the RunDay should be calculated from the beginning or end of the month. For example, 5 indicates the fifth day in the RunMonth and -1 indicates the last day in the RunMonth.

When RunDayOfWeek is not 0, RunDay is the day-in-month on which the Job is processed, defined in conjunction with RunDayOfWeek. For example, if RunDay is 15 and RunDayOfWeek is Saturday, then the Job is processed on the first Saturday on or after the 15th day in the RunMonth (for example, the third Saturday in the month). If RunDay is 20 and RunDayOfWeek is -Saturday, then this indicates the first Saturday on or before the 20th day in the RunMonth. If RunDay is -1 and RunDayOfWeek is -Sunday, then this indicates the last Sunday in the RunMonth.
The day in the month on which the Job should be processed. There are two different interpretations for this property, depending on the value of DayOfWeek. In one case, RunDay defines the day-in-month on which the Job is processed. This interpretation is used when the DayOfWeek is 0. A positive or negative integer indicates whether the RunDay should be calculated from the beginning or end of the month. For example, 5 indicates the fifth day in the RunMonth and -1 indicates the last day in the RunMonth.

When RunDayOfWeek is not 0, RunDay is the day-in-month on which the Job is processed, defined in conjunction with RunDayOfWeek. For example, if RunDay is 15 and RunDayOfWeek is Saturday, then the Job is processed on the first Saturday on or after the 15th day in the RunMonth (for example, the third Saturday in the month). If RunDay is 20 and RunDayOfWeek is -Saturday, then this indicates the first Saturday on or before the 20th day in the RunMonth. If RunDay is -1 and RunDayOfWeek is -Sunday, then this indicates the last Sunday in the RunMonth.
610A positive or negative integer used in conjunction with RunDay to indicate the day of the week on which the Job is processed. RunDayOfWeek is set to 0 to indicate an exact day of the month, such as March 1. A positive integer (representing Sunday, Monday, ..., Saturday) means that the day of week is found on or after the specified RunDay. A negative integer (representing -Sunday, -Monday, ..., -Saturday) means that the day of week is found on or BEFORE the RunDay. A positive or negative integer used in conjunction with RunDay to indicate the day of the week on which the Job is processed. RunDayOfWeek is set to 0 to indicate an exact day of the month, such as March 1. A positive integer (representing Sunday, Monday, ..., Saturday) means that the day of week is found on or after the specified RunDay. A negative integer (representing -Sunday, -Monday, ..., -Saturday) means that the day of week is found on or BEFORE the RunDay.
611-Saturday -Saturday
612-Friday -Friday
613-Thursday -Thursday
614-Wednesday -Wednesday
615-Tuesday -Tuesday
616-Monday -Monday
617-Sunday -Sunday
618ExactDayOfMonth ExactDayOfMonth
619Sunday Sunday
620Monday Monday
621Tuesday Tuesday
622Wednesday Wednesday
623Thursday Thursday
624Friday Friday
625Saturday Saturday
626The time interval after midnight when the Job should be processed. For example,
00000000020000.000000:000
indicates that the Job should be run on or after two o\'clock, local time or UTC time (distinguished using the LocalOrUtcTime property.
The time interval after midnight when the Job should be processed. For example,
00000000020000.000000:000
indicates that the Job should be run on or after two o\'clock, local time or UTC time (distinguished using the LocalOrUtcTime property.
627This property indicates whether the times represented in the RunStartInterval and UntilTime properties represent local times or UTC times. Time values are synchronized worldwide by using the enumeration value 2, "UTC Time". This property indicates whether the times represented in the RunStartInterval and UntilTime properties represent local times or UTC times. Time values are synchronized worldwide by using the enumeration value 2, "UTC Time".
628Local Time Local Time
629UTC Time UTC Time
630The time after which the Job is invalid or should be stopped. This time can be represented by an actual date and time, or by an interval relative to the time that this property is requested. A value of all nines indicates that the Job can run indefinitely. The time after which the Job is invalid or should be stopped. This time can be represented by an actual date and time, or by an interval relative to the time that this property is requested. A value of all nines indicates that the Job can run indefinitely.
631The User who is to be notified upon the Job completion or failure. The User who is to be notified upon the Job completion or failure.
632The User that submitted the Job, or the Service or method name that caused the job to be created. The User that submitted the Job, or the Service or method name that caused the job to be created.
633Indicates the urgency or importance of execution of the Job. The lower the number, the higher the priority. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the setting information that would influence the results of a job. Indicates the urgency or importance of execution of the Job. The lower the number, the higher the priority. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the setting information that would influence the results of a job.
634The percentage of the job that has completed at the time that this value is requested. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run data can be stored in this single-valued property.
Note that the value 101 is undefined and will be not be allowed in the next major revision of the specification.
The percentage of the job that has completed at the time that this value is requested. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run data can be stored in this single-valued property.
Note that the value 101 is undefined and will be not be allowed in the next major revision of the specification.
635Percent Percent
636Indicates whether or not the job should be automatically deleted upon completion. Note that the \'completion\' of a recurring job is defined by its JobRunTimes or UntilTime properties, or when the Job is terminated by manual intervention. If this property is set to false and the job completes, then the extrinsic method DeleteInstance must be used to delete the job instead of updating this property. Indicates whether or not the job should be automatically deleted upon completion. Note that the \'completion\' of a recurring job is defined by its JobRunTimes or UntilTime properties, or when the Job is terminated by manual intervention. If this property is set to false and the job completes, then the extrinsic method DeleteInstance must be used to delete the job instead of updating this property.
637A vendor-specific error code. The value must be set to zero if the Job completed without error. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run error can be stored in this single-valued property. A vendor-specific error code. The value must be set to zero if the Job completed without error. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run error can be stored in this single-valued property.
638A free-form string that contains the vendor error description. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run error can be stored in this single-valued property. A free-form string that contains the vendor error description. Note that this property is also present in the JobProcessingStatistics class. This class is necessary to capture the processing information for recurring Jobs, because only the \'last\' run error can be stored in this single-valued property.
639Describes the recovery action to be taken for an unsuccessfully run Job. The possible values are:
0 = "Unknown", meaning it is unknown as to what recovery action to take
1 = "Other", indicating that the recovery action will be specified in the OtherRecoveryAction property
2 = "Do Not Continue", meaning stop the execution of the job and appropriately update its status
3 = "Continue With Next Job", meaning continue with the next job in the queue
4 = "Re-run Job", indicating that the job should be re-run
5 = "Run Recovery Job", meaning run the Job associated using the RecoveryJob relationship. Note that the recovery Job must already be in the queue from which it will run.
Describes the recovery action to be taken for an unsuccessfully run Job. The possible values are:
0 = "Unknown", meaning it is unknown as to what recovery action to take
1 = "Other", indicating that the recovery action will be specified in the OtherRecoveryAction property
2 = "Do Not Continue", meaning stop the execution of the job and appropriately update its status
3 = "Continue With Next Job", meaning continue with the next job in the queue
4 = "Re-run Job", indicating that the job should be re-run
5 = "Run Recovery Job", meaning run the Job associated using the RecoveryJob relationship. Note that the recovery Job must already be in the queue from which it will run.
640Do Not Continue Do Not Continue
641Continue With Next Job Continue With Next Job
642Re-run Job Re-run Job
643Run Recovery Job Run Recovery Job
644A string describing the recovery action when the RecoveryAction property of the instance is 1 ("Other"). A string describing the recovery action when the RecoveryAction property of the instance is 1 ("Other").
645KillJob is being deprecated because there is no distinction made between an orderly shutdown and an immediate kill. CIM_ConcreteJob.RequestStateChange() provides \'Terminate\' and \'Kill\' options to allow this distinction.
A method to kill this job and any underlying processes, and to remove any \'dangling\' associations.
KillJob is being deprecated because there is no distinction made between an orderly shutdown and an immediate kill. CIM_ConcreteJob.RequestStateChange() provides \'Terminate\' and \'Kill\' options to allow this distinction.
A method to kill this job and any underlying processes, and to remove any \'dangling\' associations.
646Success Success
647Not Supported Not Supported
648Timeout Timeout
649Failed Failed
650Access Denied Access Denied
651Not Found Not Found
652Vendor Specific Vendor Specific
653Indicates whether or not the Job should be automatically deleted upon termination. This parameter takes precedence over the property, DeleteOnCompletion. Indicates whether or not the Job should be automatically deleted upon termination. This parameter takes precedence over the property, DeleteOnCompletion.
654A Job is a LogicalElement that represents an executing unit of work, such as a script or a print job. A Job is distinct from a Process in that a Job can be scheduled or queued, and its execution is not limited to a single system. A Job is a LogicalElement that represents an executing unit of work, such as a script or a print job. A Job is distinct from a Process in that a Job can be scheduled or queued, and its execution is not limited to a single system.
655Primary classification of the error. The following values are defined:
2 - Communications Error. Errors of this type are principally associated with the procedures and/or processes required to convey information from one point to another.
3 - Quality of Service Error. Errors of this type are principally associated with failures that result in reduced functionality or performance.
4 - Software Error. Error of this type are principally associated with a software or processing fault.
5 - Hardware Error. Errors of this type are principally associated with an equipment or hardware failure.
6 - Environmental Error. Errors of this type are principally associated with a failure condition relating the to facility, or other environmental considerations.
7 - Security Error. Errors of this type are associated with security violations, detection of viruses, and similar issues.
8 - Oversubscription Error. Errors of this type are principally associated with the failure to allocate sufficient resources to complete the operation.
9 - Unavailable Resource Error. Errors of this type are principally associated with the failure to access a required resource.
10 -Unsupported Operation Error. Errors of this type are principally associated with requests that are not supported.
Primary classification of the error. The following values are defined:
2 - Communications Error. Errors of this type are principally associated with the procedures and/or processes required to convey information from one point to another.
3 - Quality of Service Error. Errors of this type are principally associated with failures that result in reduced functionality or performance.
4 - Software Error. Error of this type are principally associated with a software or processing fault.
5 - Hardware Error. Errors of this type are principally associated with an equipment or hardware failure.
6 - Environmental Error. Errors of this type are principally associated with a failure condition relating the to facility, or other environmental considerations.
7 - Security Error. Errors of this type are associated with security violations, detection of viruses, and similar issues.
8 - Oversubscription Error. Errors of this type are principally associated with the failure to allocate sufficient resources to complete the operation.
9 - Unavailable Resource Error. Errors of this type are principally associated with the failure to access a required resource.
10 -Unsupported Operation Error. Errors of this type are principally associated with requests that are not supported.
656Communications Error Communications Error
657Quality of Service Error Quality of Service Error
658Software Error Software Error
659Hardware Error Hardware Error
660Environmental Error Environmental Error
661Security Error Security Error
662Oversubscription Error Oversubscription Error
663Unavailable Resource Error Unavailable Resource Error
664Unsupported Operation Error Unsupported Operation Error
665A free-form string describing the ErrorType when 1, "Other", is specified as the ErrorType. A free-form string describing the ErrorType when 1, "Other", is specified as the ErrorType.
666A string that uniquely identifies the entity that owns the definition of the format of the Message described in this instance. OwningEntity MUST include a copyrighted, trademarked or otherwise unique name that is owned by the business entity or standards body defining the format. A string that uniquely identifies the entity that owns the definition of the format of the Message described in this instance. OwningEntity MUST include a copyrighted, trademarked or otherwise unique name that is owned by the business entity or standards body defining the format.
667An opaque string that uniquely identifies, within the scope of the OwningEntity, the format of the Message. An opaque string that uniquely identifies, within the scope of the OwningEntity, the format of the Message.
668The formatted message. This message is constructed by combining some or all of the dynamic elements specified in the MessageArguments property with the static elements uniquely identified by the MessageID in a message registry or other catalog associated with the OwningEntity. The formatted message. This message is constructed by combining some or all of the dynamic elements specified in the MessageArguments property with the static elements uniquely identified by the MessageID in a message registry or other catalog associated with the OwningEntity.
669An array containing the dynamic content of the message. An array containing the dynamic content of the message.
670An enumerated value that describes the severity of the Indication from the notifier\'s point of view:
0 - the Perceived Severity of the indication is unknown or indeterminate.
1 - Other, by CIM convention, is used to indicate that the Severity\'s value can be found in the OtherSeverity property.
2 - Information should be used when providing an informative response.
3 - Degraded/Warning should be used when its appropriate to let the user decide if action is needed.
4 - Minor should be used to indicate action is needed, but the situation is not serious at this time.
5 - Major should be used to indicate action is needed NOW.
6 - Critical should be used to indicate action is needed NOW and the scope is broad (perhaps an imminent outage to a critical resource will result).
7 - Fatal/NonRecoverable should be used to indicate an error occurred, but it\'s too late to take remedial action.
2 and 0 - Information and Unknown (respectively) follow common usage. Literally, the Error is purely informational or its severity is simply unknown.
An enumerated value that describes the severity of the Indication from the notifier\'s point of view:
0 - the Perceived Severity of the indication is unknown or indeterminate.
1 - Other, by CIM convention, is used to indicate that the Severity\'s value can be found in the OtherSeverity property.
2 - Information should be used when providing an informative response.
3 - Degraded/Warning should be used when its appropriate to let the user decide if action is needed.
4 - Minor should be used to indicate action is needed, but the situation is not serious at this time.
5 - Major should be used to indicate action is needed NOW.
6 - Critical should be used to indicate action is needed NOW and the scope is broad (perhaps an imminent outage to a critical resource will result).
7 - Fatal/NonRecoverable should be used to indicate an error occurred, but it\'s too late to take remedial action.
2 and 0 - Information and Unknown (respectively) follow common usage. Literally, the Error is purely informational or its severity is simply unknown.
671Information Information
672Minor Minor
673Major Major
674Critical Critical
675Fatal/NonRecoverable Fatal/NonRecoverable
676An enumerated value that describes the probable cause of the error. An enumerated value that describes the probable cause of the error.
677Adapter/Card Error Adapter/Card Error
678Application Subsystem Failure Application Subsystem Failure
679Bandwidth Reduced Bandwidth Reduced
680Connection Establishment Error Connection Establishment Error
681Communications Protocol Error Communications Protocol Error
682Communications Subsystem Failure Communications Subsystem Failure
683Configuration/Customization Error Configuration/Customization Error
684Congestion Congestion
685Corrupt Data Corrupt Data
686CPU Cycles Limit Exceeded CPU Cycles Limit Exceeded
687Dataset/Modem Error Dataset/Modem Error
688Degraded Signal Degraded Signal
689DTE-DCE Interface Error DTE-DCE Interface Error
690Enclosure Door Open Enclosure Door Open
691Equipment Malfunction Equipment Malfunction
692Excessive Vibration Excessive Vibration
693File Format Error File Format Error
694Fire Detected Fire Detected
695Flood Detected Flood Detected
696Framing Error Framing Error
697HVAC Problem HVAC Problem
698Humidity Unacceptable Humidity Unacceptable
699I/O Device Error I/O Device Error
700Input Device Error Input Device Error
701LAN Error LAN Error
702Non-Toxic Leak Detected Non-Toxic Leak Detected
703Local Node Transmission Error Local Node Transmission Error
704Loss of Frame Loss of Frame
705Loss of Signal Loss of Signal
706Material Supply Exhausted Material Supply Exhausted
707Multiplexer Problem Multiplexer Problem
708Out of Memory Out of Memory
709Output Device Error Output Device Error
710Performance Degraded Performance Degraded
711Power Problem Power Problem
712Pressure Unacceptable Pressure Unacceptable
713Processor Problem (Internal Machine Error) Processor Problem (Internal Machine Error)
714Pump Failure Pump Failure
715Queue Size Exceeded Queue Size Exceeded
716Receive Failure Receive Failure
717Receiver Failure Receiver Failure
718Remote Node Transmission Error Remote Node Transmission Error
719Resource at or Nearing Capacity Resource at or Nearing Capacity
720Response Time Excessive Response Time Excessive
721Retransmission Rate Excessive Retransmission Rate Excessive
722Software Program Abnormally Terminated Software Program Abnormally Terminated
723Software Program Error (Incorrect Results) Software Program Error (Incorrect Results)
724Storage Capacity Problem Storage Capacity Problem
725Temperature Unacceptable Temperature Unacceptable
726Threshold Crossed Threshold Crossed
727Timing Problem Timing Problem
728Toxic Leak Detected Toxic Leak Detected
729Transmit Failure Transmit Failure
730Transmitter Failure Transmitter Failure
731Underlying Resource Unavailable Underlying Resource Unavailable
732Version Mismatch Version Mismatch
733Previous Alert Cleared Previous Alert Cleared
734Login Attempts Failed Login Attempts Failed
735Software Virus Detected Software Virus Detected
736Hardware Security Breached Hardware Security Breached
737Denial of Service Detected Denial of Service Detected
738Security Credential Mismatch Security Credential Mismatch
739Unauthorized Access Unauthorized Access
740Alarm Received Alarm Received
741Loss of Pointer Loss of Pointer
742Payload Mismatch Payload Mismatch
743Transmission Error Transmission Error
744Excessive Error Rate Excessive Error Rate
745Trace Problem Trace Problem
746Element Unavailable Element Unavailable
747Element Missing Element Missing
748Loss of Multi Frame Loss of Multi Frame
749Broadcast Channel Failure Broadcast Channel Failure
750Invalid Message Received Invalid Message Received
751Routing Failure Routing Failure
752Backplane Failure Backplane Failure
753Identifier Duplication Identifier Duplication
754Protection Path Failure Protection Path Failure
755Sync Loss or Mismatch Sync Loss or Mismatch
756Terminal Problem Terminal Problem
757Real Time Clock Failure Real Time Clock Failure
758Antenna Failure Antenna Failure
759Battery Charging Failure Battery Charging Failure
760Disk Failure Disk Failure
761Frequency Hopping Failure Frequency Hopping Failure
762Loss of Redundancy Loss of Redundancy
763Power Supply Failure Power Supply Failure
764Signal Quality Problem Signal Quality Problem
765Battery Discharging Battery Discharging
766Battery Failure Battery Failure
767Commercial Power Problem Commercial Power Problem
768Fan Failure Fan Failure
769Engine Failure Engine Failure
770Sensor Failure Sensor Failure
771Fuse Failure Fuse Failure
772Generator Failure Generator Failure
773Low Battery Low Battery
774Low Fuel Low Fuel
775Low Water Low Water
776Explosive Gas Explosive Gas
777High Winds High Winds
778Ice Buildup Ice Buildup
779Smoke Smoke
780Memory Mismatch Memory Mismatch
781Out of CPU Cycles Out of CPU Cycles
782Software Environment Problem Software Environment Problem
783Software Download Failure Software Download Failure
784Element Reinitialized Element Reinitialized
785Logging Problems Logging Problems
786Leak Detected Leak Detected
787Protection Mechanism Failure Protection Mechanism Failure
788Protecting Resource Failure Protecting Resource Failure
789Database Inconsistency Database Inconsistency
790Authentication Failure Authentication Failure
791Breach of Confidentiality Breach of Confidentiality
792Cable Tamper Cable Tamper
793Delayed Information Delayed Information
794Duplicate Information Duplicate Information
795Information Missing Information Missing
796Information Modification Information Modification
797Information Out of Sequence Information Out of Sequence
798Key Expired Key Expired
799Non-Repudiation Failure Non-Repudiation Failure
800Out of Hours Activity Out of Hours Activity
801Out of Service Out of Service
802Procedural Error Procedural Error
803Unexpected Information Unexpected Information
804A free-form string describing the probable cause of the error. A free-form string describing the probable cause of the error.
805A free-form string describing recommended actions to take to resolve the error. A free-form string describing recommended actions to take to resolve the error.
806The identifying information of the entity (i.e., the instance) generating the error. If this entity is modeled in the CIM Schema, this property contains the path of the instance encoded as a string parameter. If not modeled, the property contains some identifying string that names the entity that generated the error. The path or identifying string is formatted per the ErrorSourceFormat property. The identifying information of the entity (i.e., the instance) generating the error. If this entity is modeled in the CIM Schema, this property contains the path of the instance encoded as a string parameter. If not modeled, the property contains some identifying string that names the entity that generated the error. The path or identifying string is formatted per the ErrorSourceFormat property.
807The format of the ErrorSource property is interpretable based on the value of this property. Values are defined as:
0 - Unknown. The format is unknown or not meaningfully interpretable by a CIM client application.
1 - Other. The format is defined by the value of the OtherErrorSourceFormat property.2 - CIMObjectPath. A CIM Object Path as defined in the CIM Infrastructure specification. Note: CIM 2.5 and earlier used the term object names.
The format of the ErrorSource property is interpretable based on the value of this property. Values are defined as:
0 - Unknown. The format is unknown or not meaningfully interpretable by a CIM client application.
1 - Other. The format is defined by the value of the OtherErrorSourceFormat property.2 - CIMObjectPath. A CIM Object Path as defined in the CIM Infrastructure specification. Note: CIM 2.5 and earlier used the term object names.
808CIMObjectPath CIMObjectPath
809A string defining "Other" values for ErrorSourceFormat. This value MUST be set to a non NULL value when ErrorSourceFormat is set to a value of 1 ("Other"). For all other values of ErrorSourceFormat, the value of this string must be set to NULL. A string defining "Other" values for ErrorSourceFormat. This value MUST be set to a non NULL value when ErrorSourceFormat is set to a value of 1 ("Other"). For all other values of ErrorSourceFormat, the value of this string must be set to NULL.
810The CIM status code that characterizes this instance.
This property defines the status codes that MAY be return by a conforming CIM Server or Listener. Note that not all status codes are valid for each operation. The specification for each operation SHOULD define the status codes that may be returned by that operation.
The following values for CIM status code are defined:
1 - CIM_ERR_FAILED. A general error occurred that is not covered by a more specific error code.
2 - CIM_ERR_ACCESS_DENIED. Access to a CIM resource was not available to the client.
3 - CIM_ERR_INVALID_NAMESPACE. The target namespace does not exist.
4 - CIM_ERR_INVALID_PARAMETER. One or more parameter values passed to the method were invalid.
5 - CIM_ERR_INVALID_CLASS. The specified Class does not exist.
6 - CIM_ERR_NOT_FOUND. The requested object could not be found.
7 - CIM_ERR_NOT_SUPPORTED. The requested operation is not supported.
8 - CIM_ERR_CLASS_HAS_CHILDREN. Operation cannot be carried out on this class since it has instances.
9 - CIM_ERR_CLASS_HAS_INSTANCES. Operation cannot be carried out on this class since it has instances.
10 - CIM_ERR_INVALID_SUPERCLASS. Operation cannot be carried out since the specified superclass does not exist.
11 - CIM_ERR_ALREADY_EXISTS. Operation cannot be carried out because an object already exists.
12 - CIM_ERR_NO_SUCH_PROPERTY. The specified Property does not exist.
13 - CIM_ERR_TYPE_MISMATCH. The value supplied is incompatible with the type.
14 - CIM_ERR_QUERY_LANGUAGE_NOT_SUPPORTED. The query language is not recognized or supported.
15 - CIM_ERR_INVALID_QUERY. The query is not valid for the specified query language.
16 - CIM_ERR_METHOD_NOT_AVAILABLE. The extrinsic Method could not be executed.
17 - CIM_ERR_METHOD_NOT_FOUND. The specified extrinsic Method does not exist.
18 - CIM_ERR_UNEXPECTED_RESPONSE. The returned response to the asynchronous operation was not expected.
19 - CIM_ERR_INVALID_RESPONSE_DESTINATION. The specified destination for the asynchronous response is not valid.
20 - CIM_ERR_NAMESPACE_NOT_EMPTY. The specified Namespace is not empty.
21 - CIM_ERR_INVALID_ENUMERATION_CONTEXT. The enumeration context supplied is not valid.
22 - CIM_ERR_INVALID_OPERATION_TIMEOUT. The specified Namespace is not empty.
23 - CIM_ERR_PULL_HAS_BEEN_ABANDONED. The specified Namespace is not empty.
24 - CIM_ERR_PULL_CANNOT_BE_ABANDONED. The attempt to abandon a pull operation has failed.
25 - CIM_ERR_FILTERED_ENUMERATION_NOT_SUPPORTED. Filtered Enumeratrions are not supported.
26 - CIM_ERR_CONTINUATION_ON_ERROR_NOT_SUPPORTED. Continue on error is not supported.
27 - CIM_ERR_SERVER_LIMITS_EXCEEDED. The WBEM Server limits have been exceeded (e.g. memory, connections, ...).
28 - CIM_ERR_SERVER_IS_SHUTTING_DOWN. The WBEM Server is shutting down.
29 - CIM_ERR_QUERY_FEATURE_NOT_SUPPORTED. The specified Query Feature is not supported.
The CIM status code that characterizes this instance.
This property defines the status codes that MAY be return by a conforming CIM Server or Listener. Note that not all status codes are valid for each operation. The specification for each operation SHOULD define the status codes that may be returned by that operation.
The following values for CIM status code are defined:
1 - CIM_ERR_FAILED. A general error occurred that is not covered by a more specific error code.
2 - CIM_ERR_ACCESS_DENIED. Access to a CIM resource was not available to the client.
3 - CIM_ERR_INVALID_NAMESPACE. The target namespace does not exist.
4 - CIM_ERR_INVALID_PARAMETER. One or more parameter values passed to the method were invalid.
5 - CIM_ERR_INVALID_CLASS. The specified Class does not exist.
6 - CIM_ERR_NOT_FOUND. The requested object could not be found.
7 - CIM_ERR_NOT_SUPPORTED. The requested operation is not supported.
8 - CIM_ERR_CLASS_HAS_CHILDREN. Operation cannot be carried out on this class since it has instances.
9 - CIM_ERR_CLASS_HAS_INSTANCES. Operation cannot be carried out on this class since it has instances.
10 - CIM_ERR_INVALID_SUPERCLASS. Operation cannot be carried out since the specified superclass does not exist.
11 - CIM_ERR_ALREADY_EXISTS. Operation cannot be carried out because an object already exists.
12 - CIM_ERR_NO_SUCH_PROPERTY. The specified Property does not exist.
13 - CIM_ERR_TYPE_MISMATCH. The value supplied is incompatible with the type.
14 - CIM_ERR_QUERY_LANGUAGE_NOT_SUPPORTED. The query language is not recognized or supported.
15 - CIM_ERR_INVALID_QUERY. The query is not valid for the specified query language.
16 - CIM_ERR_METHOD_NOT_AVAILABLE. The extrinsic Method could not be executed.
17 - CIM_ERR_METHOD_NOT_FOUND. The specified extrinsic Method does not exist.
18 - CIM_ERR_UNEXPECTED_RESPONSE. The returned response to the asynchronous operation was not expected.
19 - CIM_ERR_INVALID_RESPONSE_DESTINATION. The specified destination for the asynchronous response is not valid.
20 - CIM_ERR_NAMESPACE_NOT_EMPTY. The specified Namespace is not empty.
21 - CIM_ERR_INVALID_ENUMERATION_CONTEXT. The enumeration context supplied is not valid.
22 - CIM_ERR_INVALID_OPERATION_TIMEOUT. The specified Namespace is not empty.
23 - CIM_ERR_PULL_HAS_BEEN_ABANDONED. The specified Namespace is not empty.
24 - CIM_ERR_PULL_CANNOT_BE_ABANDONED. The attempt to abandon a pull operation has failed.
25 - CIM_ERR_FILTERED_ENUMERATION_NOT_SUPPORTED. Filtered Enumeratrions are not supported.
26 - CIM_ERR_CONTINUATION_ON_ERROR_NOT_SUPPORTED. Continue on error is not supported.
27 - CIM_ERR_SERVER_LIMITS_EXCEEDED. The WBEM Server limits have been exceeded (e.g. memory, connections, ...).
28 - CIM_ERR_SERVER_IS_SHUTTING_DOWN. The WBEM Server is shutting down.
29 - CIM_ERR_QUERY_FEATURE_NOT_SUPPORTED. The specified Query Feature is not supported.
811CIM_ERR_FAILED CIM_ERR_FAILED
812CIM_ERR_ACCESS_DENIED CIM_ERR_ACCESS_DENIED
813CIM_ERR_INVALID_NAMESPACE CIM_ERR_INVALID_NAMESPACE
814CIM_ERR_INVALID_PARAMETER CIM_ERR_INVALID_PARAMETER
815CIM_ERR_INVALID_CLASS CIM_ERR_INVALID_CLASS
816CIM_ERR_NOT_FOUND CIM_ERR_NOT_FOUND
817CIM_ERR_NOT_SUPPORTED CIM_ERR_NOT_SUPPORTED
818CIM_ERR_CLASS_HAS_CHILDREN CIM_ERR_CLASS_HAS_CHILDREN
819CIM_ERR_CLASS_HAS_INSTANCES CIM_ERR_CLASS_HAS_INSTANCES
820CIM_ERR_INVALID_SUPERCLASS CIM_ERR_INVALID_SUPERCLASS
821CIM_ERR_ALREADY_EXISTS CIM_ERR_ALREADY_EXISTS
822CIM_ERR_NO_SUCH_PROPERTY CIM_ERR_NO_SUCH_PROPERTY
823CIM_ERR_TYPE_MISMATCH CIM_ERR_TYPE_MISMATCH
824CIM_ERR_QUERY_LANGUAGE_NOT_SUPPORTED CIM_ERR_QUERY_LANGUAGE_NOT_SUPPORTED
825CIM_ERR_INVALID_QUERY CIM_ERR_INVALID_QUERY
826CIM_ERR_METHOD_NOT_AVAILABLE CIM_ERR_METHOD_NOT_AVAILABLE
827CIM_ERR_METHOD_NOT_FOUND CIM_ERR_METHOD_NOT_FOUND
828CIM_ERR_UNEXPECTED_RESPONSE CIM_ERR_UNEXPECTED_RESPONSE
829CIM_ERR_INVALID_RESPONSE_DESTINATION CIM_ERR_INVALID_RESPONSE_DESTINATION
830CIM_ERR_NAMESPACE_NOT_EMPTY CIM_ERR_NAMESPACE_NOT_EMPTY
831CIM_ERR_INVALID_ENUMERATION_CONTEXT CIM_ERR_INVALID_ENUMERATION_CONTEXT
832CIM_ERR_INVALID_OPERATION_TIMEOUT CIM_ERR_INVALID_OPERATION_TIMEOUT
833CIM_ERR_PULL_HAS_BEEN_ABANDONED CIM_ERR_PULL_HAS_BEEN_ABANDONED
834CIM_ERR_PULL_CANNOT_BE_ABANDONED CIM_ERR_PULL_CANNOT_BE_ABANDONED
835CIM_ERR_FILTERED_ENUMERATION_NOT_SUPPORTED CIM_ERR_FILTERED_ENUMERATION_NOT_SUPPORTED
836CIM_ERR_CONTINUATION_ON_ERROR_NOT_SUPPORTED CIM_ERR_CONTINUATION_ON_ERROR_NOT_SUPPORTED
837CIM_ERR_SERVER_LIMITS_EXCEEDED CIM_ERR_SERVER_LIMITS_EXCEEDED
838CIM_ERR_SERVER_IS_SHUTTING_DOWN CIM_ERR_SERVER_IS_SHUTTING_DOWN
839CIM_ERR_QUERY_FEATURE_NOT_SUPPORTED CIM_ERR_QUERY_FEATURE_NOT_SUPPORTED
840A free-form string containing a human-readable description of CIMStatusCode. This description MAY extend, but MUST be consistent with, the definition of CIMStatusCode. A free-form string containing a human-readable description of CIMStatusCode. This description MAY extend, but MUST be consistent with, the definition of CIMStatusCode.
8412.22.1 2.22.1
842CIM_Error is a specialized class that contains information about the severity, cause, recommended actions and other data related to the failure of a CIM Operation. Instances of this type MAY be included as part of the response to a CIM Operation. CIM_Error is a specialized class that contains information about the severity, cause, recommended actions and other data related to the failure of a CIM Operation. Instances of this type MAY be included as part of the response to a CIM Operation.
843Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. In order to ensure uniqueness within the NameSpace, the value of InstanceID SHOULD be constructed using the following \'preferred\' algorithm:
:
Where and are separated by a colon \':\', and where must include a copyrighted, trademarked or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID, or that is a registered ID that is assigned to the business entity by a recognized global authority. (This requirement is similar to the _ structure of Schema class names.) In addition, to ensure uniqueness must not contain a colon (\':\'). When using this algorithm, the first colon to appear in InstanceID must appear between and .
is chosen by the business entity and should not be re-used to identify different underlying (real-world) elements. If the above \'preferred\' algorithm is not used, the defining entity must assure that the resulting InstanceID is not re-used across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
For DMTF defined instances, the \'preferred\' algorithm must be used with the set to \'CIM\'.
Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. In order to ensure uniqueness within the NameSpace, the value of InstanceID SHOULD be constructed using the following \'preferred\' algorithm:
:
Where and are separated by a colon \':\', and where must include a copyrighted, trademarked or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID, or that is a registered ID that is assigned to the business entity by a recognized global authority. (This requirement is similar to the _ structure of Schema class names.) In addition, to ensure uniqueness must not contain a colon (\':\'). When using this algorithm, the first colon to appear in InstanceID must appear between and .
is chosen by the business entity and should not be re-used to identify different underlying (real-world) elements. If the above \'preferred\' algorithm is not used, the defining entity must assure that the resulting InstanceID is not re-used across any InstanceIDs produced by this or other providers for the NameSpace of this instance.
For DMTF defined instances, the \'preferred\' algorithm must be used with the set to \'CIM\'.
844The user-friendly name for this instance of a Job. In addition, the user-friendly name can be used as a property for a search or query. (Note: Name does not have to be unique within a namespace.) The user-friendly name for this instance of a Job. In addition, the user-friendly name can be used as a property for a search or query. (Note: Name does not have to be unique within a namespace.)
845JobState is an integer enumeration that indicates the operational state of a Job. It can also indicate transitions between these states, for example, \'Shutting Down\' and \'Starting\'. Following is a brief description of the states:
New (2) indicates that the job has never been started.
Starting (3) indicates that the job is moving from the \'New\', \'Suspended\', or \'Service\' states into the \'Running\' state.
Running (4) indicates that the Job is running.
Suspended (5) indicates that the Job is stopped, but can be restarted in a seamless manner.
Shutting Down (6) indicates that the job is moving to a \'Completed\', \'Terminated\', or \'Killed\' state.
Completed (7) indicates that the job has completed normally.
Terminated (8) indicates that the job has been stopped by a \'Terminate\' state change request. The job and all its underlying processes are ended and can be restarted (this is job-specific) only as a new job.
Killed (9) indicates that the job has been stopped by a \'Kill\' state change request. Underlying processes might have been left running, and cleanup might be required to free up resources.
Exception (10) indicates that the Job is in an abnormal state that might be indicative of an error condition. Actual status might be displayed though job-specific objects.
Service (11) indicates that the Job is in a vendor-specific state that supports problem discovery, or resolution, or both.
Query pending (12) waiting for a client to resolve a query
JobState is an integer enumeration that indicates the operational state of a Job. It can also indicate transitions between these states, for example, \'Shutting Down\' and \'Starting\'. Following is a brief description of the states:
New (2) indicates that the job has never been started.
Starting (3) indicates that the job is moving from the \'New\', \'Suspended\', or \'Service\' states into the \'Running\' state.
Running (4) indicates that the Job is running.
Suspended (5) indicates that the Job is stopped, but can be restarted in a seamless manner.
Shutting Down (6) indicates that the job is moving to a \'Completed\', \'Terminated\', or \'Killed\' state.
Completed (7) indicates that the job has completed normally.
Terminated (8) indicates that the job has been stopped by a \'Terminate\' state change request. The job and all its underlying processes are ended and can be restarted (this is job-specific) only as a new job.
Killed (9) indicates that the job has been stopped by a \'Kill\' state change request. Underlying processes might have been left running, and cleanup might be required to free up resources.
Exception (10) indicates that the Job is in an abnormal state that might be indicative of an error condition. Actual status might be displayed though job-specific objects.
Service (11) indicates that the Job is in a vendor-specific state that supports problem discovery, or resolution, or both.
Query pending (12) waiting for a client to resolve a query
846New New
847Running Running
848Suspended Suspended
849Terminated Terminated
850Killed Killed
851Exception Exception
852Service Service
853Query Pending Query Pending
854The date or time when the state of the Job last changed. If the state of the Job has not changed and this property is populated, then it must be set to a 0 interval value. If a state change was requested, but rejected or not yet processed, the property must not be updated. The date or time when the state of the Job last changed. If the state of the Job has not changed and this property is populated, then it must be set to a 0 interval value. If a state change was requested, but rejected or not yet processed, the property must not be updated.
855The amount of time that the Job is retained after it has finished executing, either succeeding or failing in that execution. The job must remain in existence for some period of time regardless of the value of the DeleteOnCompletion property.
The default is five minutes.
The amount of time that the Job is retained after it has finished executing, either succeeding or failing in that execution. The job must remain in existence for some period of time regardless of the value of the DeleteOnCompletion property.
The default is five minutes.
856Requests that the state of the job be changed to the value specified in the RequestedState parameter. Invoking the RequestStateChange method multiple times could result in earlier requests being overwritten or lost.
If 0 is returned, then the task completed successfully. Any other return code indicates an error condition.
Requests that the state of the job be changed to the value specified in the RequestedState parameter. Invoking the RequestStateChange method multiple times could result in earlier requests being overwritten or lost.
If 0 is returned, then the task completed successfully. Any other return code indicates an error condition.
857Completed with No Error Completed with No Error
858Unknown/Unspecified Error Unknown/Unspecified Error
859Can NOT complete within Timeout Period Can NOT complete within Timeout Period
860Invalid Parameter Invalid Parameter
861In Use In Use
862Method Parameters Checked - Transition Started Method Parameters Checked - Transition Started
863Invalid State Transition Invalid State Transition
864Use of Timeout Parameter Not Supported Use of Timeout Parameter Not Supported
865Busy Busy
866Method Reserved Method Reserved
867RequestStateChange changes the state of a job. The possible values are as follows:
Start (2) changes the state to \'Running\'.
Suspend (3) stops the job temporarily. The intention is to subsequently restart the job with \'Start\'. It might be possible to enter the \'Service\' state while suspended. (This is job-specific.)
Terminate (4) stops the job cleanly, saving data, preserving the state, and shutting down all underlying processes in an orderly manner.
Kill (5) terminates the job immediately with no requirement to save data or preserve the state.
Service (6) puts the job into a vendor-specific service state. It might be possible to restart the job.
RequestStateChange changes the state of a job. The possible values are as follows:
Start (2) changes the state to \'Running\'.
Suspend (3) stops the job temporarily. The intention is to subsequently restart the job with \'Start\'. It might be possible to enter the \'Service\' state while suspended. (This is job-specific.)
Terminate (4) stops the job cleanly, saving data, preserving the state, and shutting down all underlying processes in an orderly manner.
Kill (5) terminates the job immediately with no requirement to save data or preserve the state.
Service (6) puts the job into a vendor-specific service state. It might be possible to restart the job.
868Start Start
869Suspend Suspend
870Terminate Terminate
871Kill Kill
872A timeout period that specifies the maximum amount of time that the client expects the transition to the new state to take. The interval format must be used to specify the TimeoutPeriod. A value of 0 or a null parameter indicates that the client has no time requirements for the transition.
If this property does not contain 0 or null and the implementation does not support this parameter, a return code of \'Use Of Timeout Parameter Not Supported\' must be returned.
A timeout period that specifies the maximum amount of time that the client expects the transition to the new state to take. The interval format must be used to specify the TimeoutPeriod. A value of 0 or a null parameter indicates that the client has no time requirements for the transition.
If this property does not contain 0 or null and the implementation does not support this parameter, a return code of \'Use Of Timeout Parameter Not Supported\' must be returned.
873When the job is executing or has terminated without error, then this method returns no CIM_Error instance. However, if the job has failed because of some internal problem or because the job has been terminated by a client, then a CIM_Error instance is returned. When the job is executing or has terminated without error, then this method returns no CIM_Error instance. However, if the job has failed because of some internal problem or because the job has been terminated by a client, then a CIM_Error instance is returned.
874Unspecified Error Unspecified Error
875If the OperationalStatus on the Job is not "OK", then this method will return a CIM Error instance. Otherwise, when the Job is "OK", null is returned. If the OperationalStatus on the Job is not "OK", then this method will return a CIM Error instance. Otherwise, when the Job is "OK", null is returned.
876A concrete version of Job. This class represents a generic and instantiable unit of work, such as a batch or a print job. A concrete version of Job. This class represents a generic and instantiable unit of work, such as a batch or a print job.
877EnabledState is an integer enumeration that indicates the enabled and disabled states of an element. It can also indicate the transitions between these requested states. For example, shutting down (value=4) and starting (value=10) are transient states between enabled and disabled. The following text briefly summarizes the various enabled and disabled states:
Enabled (2) indicates that the element is or could be executing commands, will process any queued commands, and queues new requests.
Disabled (3) indicates that the element will not execute commands and will drop any new requests.
Shutting Down (4) indicates that the element is in the process of going to a Disabled state.
Not Applicable (5) indicates the element does not support being enabled or disabled.
Enabled but Offline (6) indicates that the element might be completing commands, and will drop any new requests.
Test (7) indicates that the element is in a test state.
Deferred (8) indicates that the element might be completing commands, but will queue any new requests.
Quiesce (9) indicates that the element is enabled but in a restricted mode.
Starting (10) indicates that the element is in the process of going to an Enabled state. New requests are queued.
EnabledState is an integer enumeration that indicates the enabled and disabled states of an element. It can also indicate the transitions between these requested states. For example, shutting down (value=4) and starting (value=10) are transient states between enabled and disabled. The following text briefly summarizes the various enabled and disabled states:
Enabled (2) indicates that the element is or could be executing commands, will process any queued commands, and queues new requests.
Disabled (3) indicates that the element will not execute commands and will drop any new requests.
Shutting Down (4) indicates that the element is in the process of going to a Disabled state.
Not Applicable (5) indicates the element does not support being enabled or disabled.
Enabled but Offline (6) indicates that the element might be completing commands, and will drop any new requests.
Test (7) indicates that the element is in a test state.
Deferred (8) indicates that the element might be completing commands, but will queue any new requests.
Quiesce (9) indicates that the element is enabled but in a restricted mode.
Starting (10) indicates that the element is in the process of going to an Enabled state. New requests are queued.
878Enabled but Offline Enabled but Offline
879Deferred Deferred
880Quiesce Quiesce
881A string that describes the enabled or disabled state of the element when the EnabledState property is set to 1 ("Other"). This property must be set to null when EnabledState is any value other than 1. A string that describes the enabled or disabled state of the element when the EnabledState property is set to 1 ("Other"). This property must be set to null when EnabledState is any value other than 1.
882RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested. The actual state of the element is represented by EnabledState. This property is provided to compare the last requested and current enabled or disabled states. Note that when EnabledState is set to 5 ("Not Applicable"), then this property has no meaning. Refer to the EnabledState property description for explanations of the values in the RequestedState enumeration.
"Unknown" (0) indicates the last requested state for the element is unknown.
Note that the value "No Change" (5) has been deprecated in lieu of indicating the last requested state is "Unknown" (0). If the last requested or desired state is unknown, RequestedState should have the value "Unknown" (0), but may have the value "No Change" (5).Offline (6) indicates that the element has been requested to transition to the Enabled but Offline EnabledState.
It should be noted that there are two new values in RequestedState that build on the statuses of EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the element is first "Disabled" and then "Enabled". The distinction between requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests an orderly transition to the Disabled state, and might involve removing power, to completely erase any existing state. The Disabled state requests an immediate disabling of the element, such that it will not execute or accept any commands or processing requests.

This property is set as the result of a method invocation (such as Start or StopService on CIM_Service), or can be overridden and defined as WRITEable in a subclass. The method approach is considered superior to a WRITEable property, because it allows an explicit invocation of the operation and the return of a result code.

If knowledge of the last RequestedState is not supported for the EnabledLogicalElement, the property shall be NULL or have the value 12 "Not Applicable".
RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested. The actual state of the element is represented by EnabledState. This property is provided to compare the last requested and current enabled or disabled states. Note that when EnabledState is set to 5 ("Not Applicable"), then this property has no meaning. Refer to the EnabledState property description for explanations of the values in the RequestedState enumeration.
"Unknown" (0) indicates the last requested state for the element is unknown.
Note that the value "No Change" (5) has been deprecated in lieu of indicating the last requested state is "Unknown" (0). If the last requested or desired state is unknown, RequestedState should have the value "Unknown" (0), but may have the value "No Change" (5).Offline (6) indicates that the element has been requested to transition to the Enabled but Offline EnabledState.
It should be noted that there are two new values in RequestedState that build on the statuses of EnabledState. These are "Reboot" (10) and "Reset" (11). Reboot refers to doing a "Shut Down" and then moving to an "Enabled" state. Reset indicates that the element is first "Disabled" and then "Enabled". The distinction between requesting "Shut Down" and "Disabled" should also be noted. Shut Down requests an orderly transition to the Disabled state, and might involve removing power, to completely erase any existing state. The Disabled state requests an immediate disabling of the element, such that it will not execute or accept any commands or processing requests.

This property is set as the result of a method invocation (such as Start or StopService on CIM_Service), or can be overridden and defined as WRITEable in a subclass. The method approach is considered superior to a WRITEable property, because it allows an explicit invocation of the operation and the return of a result code.

If knowledge of the last RequestedState is not supported for the EnabledLogicalElement, the property shall be NULL or have the value 12 "Not Applicable".
883Shut Down Shut Down
884No Change No Change
885Offline Offline
886Test Test
887Reboot Reboot
888Reset Reset
889An enumerated value indicating an administrator\'s default or startup configuration for the Enabled State of an element. By default, the element is "Enabled" (value=2). An enumerated value indicating an administrator\'s default or startup configuration for the Enabled State of an element. By default, the element is "Enabled" (value=2).
890No Default No Default
891The date or time when the EnabledState of the element last changed. If the state of the element has not changed and this property is populated, then it must be set to a 0 interval value. If a state change was requested, but rejected or not yet processed, the property must not be updated. The date or time when the EnabledState of the element last changed. If the state of the element has not changed and this property is populated, then it must be set to a 0 interval value. If a state change was requested, but rejected or not yet processed, the property must not be updated.
892AvailableRequestedStates indicates the possible values for the RequestedState parameter of the method RequestStateChange, used to initiate a state change. The values listed shall be a subset of the values contained in the RequestedStatesSupported property of the associated instance of CIM_EnabledLogicalElementCapabilities where the values selected are a function of the current state of the CIM_EnabledLogicalElement. This property may be non-null if an implementation is able to advertise the set of possible values as a function of the current state. This property shall be null if an implementation is unable to determine the set of possible values as a function of the current state. AvailableRequestedStates indicates the possible values for the RequestedState parameter of the method RequestStateChange, used to initiate a state change. The values listed shall be a subset of the values contained in the RequestedStatesSupported property of the associated instance of CIM_EnabledLogicalElementCapabilities where the values selected are a function of the current state of the CIM_EnabledLogicalElement. This property may be non-null if an implementation is able to advertise the set of possible values as a function of the current state. This property shall be null if an implementation is unable to determine the set of possible values as a function of the current state.
893Defer Defer
894TransitioningToState indicates the target state to which the instance is transitioning.
A value of 5 "No Change" shall indicate that no transition is in progress.A value of 12 "Not Applicable" shall indicate the implementation does not support representing ongoing transitions.
A value other than 5 or 12 shall identify the state to which the element is in the process of transitioning.
TransitioningToState indicates the target state to which the instance is transitioning.
A value of 5 "No Change" shall indicate that no transition is in progress.A value of 12 "Not Applicable" shall indicate the implementation does not support representing ongoing transitions.
A value other than 5 or 12 shall identify the state to which the element is in the process of transitioning.
895Requests that the state of the element be changed to the value specified in the RequestedState parameter. When the requested state change takes place, the EnabledState and RequestedState of the element will be the same. Invoking the RequestStateChange method multiple times could result in earlier requests being overwritten or lost.
A return code of 0 shall indicate the state change was successfully initiated.
A return code of 3 shall indicate that the state transition cannot complete within the interval specified by the TimeoutPeriod parameter.
A return code of 4096 (0x1000) shall indicate the state change was successfully initiated, a ConcreteJob has been created, and its reference returned in the output parameter Job. Any other return code indicates an error condition.
Requests that the state of the element be changed to the value specified in the RequestedState parameter. When the requested state change takes place, the EnabledState and RequestedState of the element will be the same. Invoking the RequestStateChange method multiple times could result in earlier requests being overwritten or lost.
A return code of 0 shall indicate the state change was successfully initiated.
A return code of 3 shall indicate that the state transition cannot complete within the interval specified by the TimeoutPeriod parameter.
A return code of 4096 (0x1000) shall indicate the state change was successfully initiated, a ConcreteJob has been created, and its reference returned in the output parameter Job. Any other return code indicates an error condition.
896Unknown or Unspecified Error Unknown or Unspecified Error
897Cannot complete within Timeout Period Cannot complete within Timeout Period
898Method Parameters Checked - Job Started Method Parameters Checked - Job Started
899The state requested for the element. This information will be placed into the RequestedState property of the instance if the return code of the RequestStateChange method is 0 (\'Completed with No Error\'), or 4096 (0x1000) (\'Job Started\'). Refer to the description of the EnabledState and RequestedState properties for the detailed explanations of the RequestedState values. The state requested for the element. This information will be placed into the RequestedState property of the instance if the return code of the RequestStateChange method is 0 (\'Completed with No Error\'), or 4096 (0x1000) (\'Job Started\'). Refer to the description of the EnabledState and RequestedState properties for the detailed explanations of the RequestedState values.
900May contain a reference to the ConcreteJob created to track the state transition initiated by the method invocation. May contain a reference to the ConcreteJob created to track the state transition initiated by the method invocation.
901A timeout period that specifies the maximum amount of time that the client expects the transition to the new state to take. The interval format must be used to specify the TimeoutPeriod. A value of 0 or a null parameter indicates that the client has no time requirements for the transition.
If this property does not contain 0 or null and the implementation does not support this parameter, a return code of \'Use Of Timeout Parameter Not Supported\' shall be returned.
A timeout period that specifies the maximum amount of time that the client expects the transition to the new state to take. The interval format must be used to specify the TimeoutPeriod. A value of 0 or a null parameter indicates that the client has no time requirements for the transition.
If this property does not contain 0 or null and the implementation does not support this parameter, a return code of \'Use Of Timeout Parameter Not Supported\' shall be returned.
902This class extends LogicalElement to abstract the concept of an element that is enabled and disabled, such as a LogicalDevice or a ServiceAccessPoint. This class extends LogicalElement to abstract the concept of an element that is enabled and disabled, such as a LogicalDevice or a ServiceAccessPoint.
903The Name property uniquely identifies the ServiceAccessPoint and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object. The Name property uniquely identifies the ServiceAccessPoint and provides an indication of the functionality that is managed. This functionality is described in more detail in the Description property of the object.
904The CreationClassName of the scoping System. The CreationClassName of the scoping System.
905The Name of the scoping System. The Name of the scoping System.
906CIM_ServiceAccessPoint represents the ability to utilize or invoke a Service. Access points represent that a Service is made available for other entities to use. CIM_ServiceAccessPoint represents the ability to utilize or invoke a Service. Access points represent that a Service is made available for other entities to use.
907A string that identifies this ProtocolEndpoint with either a port or an interface on a device. To ensure uniqueness, the Name property should be prepended or appended with information from the Type or OtherTypeDescription properties. The method selected is described in the NameFormat property of this class. A string that identifies this ProtocolEndpoint with either a port or an interface on a device. To ensure uniqueness, the Name property should be prepended or appended with information from the Type or OtherTypeDescription properties. The method selected is described in the NameFormat property of this class.
908NameFormat contains the naming heuristic that is selected to ensure that the value of the Name property is unique. For example, you might choose to prepend the name of the port or interface with the Type of ProtocolEndpoint (for example, IPv4) of this instance followed by an underscore. NameFormat contains the naming heuristic that is selected to ensure that the value of the Name property is unique. For example, you might choose to prepend the name of the port or interface with the Type of ProtocolEndpoint (for example, IPv4) of this instance followed by an underscore.
909Note: This property is deprecated in lieu of the ProtocolIFType enumeration. This deprecation was done to have better alignment between the IF-MIB of the IETF and this CIM class.
Deprecated description: ProtocolType is an enumeration that provides information to categorize and classify different instances of this class. For most instances, information in this enumeration and the definition of the subclass overlap. However, there are several cases where a specific subclass of ProtocolEndpoint is not required (for example, there is no Fibre Channel subclass of ProtocolEndpoint). Therefore, this property is needed to define the type of Endpoint.
Note: This property is deprecated in lieu of the ProtocolIFType enumeration. This deprecation was done to have better alignment between the IF-MIB of the IETF and this CIM class.
Deprecated description: ProtocolType is an enumeration that provides information to categorize and classify different instances of this class. For most instances, information in this enumeration and the definition of the subclass overlap. However, there are several cases where a specific subclass of ProtocolEndpoint is not required (for example, there is no Fibre Channel subclass of ProtocolEndpoint). Therefore, this property is needed to define the type of Endpoint.
910IPX IPX
911AppleTalk AppleTalk
912DECnet DECnet
913SNA SNA
914CONP CONP
915CLNP CLNP
916VINES VINES
917XNS XNS
918ATM ATM
919Frame Relay Frame Relay
920Ethernet Ethernet
921TokenRing TokenRing
922FDDI FDDI
923Infiniband Infiniband
924Fibre Channel Fibre Channel
925ISDN BRI Endpoint ISDN BRI Endpoint
926ISDN B Channel Endpoint ISDN B Channel Endpoint
927ISDN D Channel Endpoint ISDN D Channel Endpoint
928IPv4/v6 IPv4/v6
929BGP BGP
930OSPF OSPF
931MPLS MPLS
932UDP UDP
933TCP TCP
934ProtocolIFType is an enumeration that is synchronized with the IANA ifType MIB. The ifType MIB is maintained at the URL, http://www.iana.org/assignments/ianaiftype-mib. Also, additional values defined by the DMTF are included. The property is used to categorize and classify instances of the ProtocolEndpoint class. Note that if the ProtocolIFType is set to 1 (Other), then the type information should be provided in the OtherTypeDescription string property. ProtocolIFType is an enumeration that is synchronized with the IANA ifType MIB. The ifType MIB is maintained at the URL, http://www.iana.org/assignments/ianaiftype-mib. Also, additional values defined by the DMTF are included. The property is used to categorize and classify instances of the ProtocolEndpoint class. Note that if the ProtocolIFType is set to 1 (Other), then the type information should be provided in the OtherTypeDescription string property.
935Regular 1822 Regular 1822
936HDH 1822 HDH 1822
937DDN X.25 DDN X.25
938RFC877 X.25 RFC877 X.25
939Ethernet CSMA/CD Ethernet CSMA/CD
940ISO 802.3 CSMA/CD ISO 802.3 CSMA/CD
941ISO 802.4 Token Bus ISO 802.4 Token Bus
942ISO 802.5 Token Ring ISO 802.5 Token Ring
943ISO 802.6 MAN ISO 802.6 MAN
944StarLAN StarLAN
945Proteon 10Mbit Proteon 10Mbit
946Proteon 80Mbit Proteon 80Mbit
947HyperChannel HyperChannel
948LAP-B LAP-B
949SDLC SDLC
950DS1 DS1
951E1 E1
952Basic ISDN Basic ISDN
953Primary ISDN Primary ISDN
954Proprietary Point-to-Point Serial Proprietary Point-to-Point Serial
955PPP PPP
956Software Loopback Software Loopback
957EON EON
958Ethernet 3Mbit Ethernet 3Mbit
959NSIP NSIP
960SLIP SLIP
961Ultra Ultra
962DS3 DS3
963SIP SIP
964RS-232 RS-232
965Parallel Parallel
966ARCNet ARCNet
967ARCNet Plus ARCNet Plus
968MIO X.25 MIO X.25
969SONET SONET
970X.25 PLE X.25 PLE
971ISO 802.211c ISO 802.211c
972LocalTalk LocalTalk
973SMDS DXI SMDS DXI
974Frame Relay Service Frame Relay Service
975V.35 V.35
976HSSI HSSI
977HIPPI HIPPI
978Modem Modem
979AAL5 AAL5
980SONET Path SONET Path
981SONET VT SONET VT
982SMDS ICIP SMDS ICIP
983Proprietary Virtual/Internal Proprietary Virtual/Internal
984Proprietary Multiplexor Proprietary Multiplexor
985IEEE 802.12 IEEE 802.12
986HIPPI Interface HIPPI Interface
987Frame Relay Interconnect Frame Relay Interconnect
988ATM Emulated LAN for 802.3 ATM Emulated LAN for 802.3
989ATM Emulated LAN for 802.5 ATM Emulated LAN for 802.5
990ATM Emulated Circuit ATM Emulated Circuit
991Fast Ethernet (100BaseT) Fast Ethernet (100BaseT)
992ISDN ISDN
993V.11 V.11
994V.36 V.36
995G703 at 64K G703 at 64K
996G703 at 2Mb G703 at 2Mb
997QLLC QLLC
998Fast Ethernet 100BaseFX Fast Ethernet 100BaseFX
999Channel Channel
1000IEEE 802.11 IEEE 802.11
1001IBM 260/370 OEMI Channel IBM 260/370 OEMI Channel
1002ESCON ESCON
1003Data Link Switching Data Link Switching
1004ISDN S/T Interface ISDN S/T Interface
1005ISDN U Interface ISDN U Interface
1006LAP-D LAP-D
1007IP Switch IP Switch
1008Remote Source Route Bridging Remote Source Route Bridging
1009ATM Logical ATM Logical
1010DS0 DS0
1011DS0 Bundle DS0 Bundle
1012BSC BSC
1013Async Async
1014Combat Net Radio Combat Net Radio
1015ISO 802.5r DTR ISO 802.5r DTR
1016Ext Pos Loc Report System Ext Pos Loc Report System
1017AppleTalk Remote Access Protocol AppleTalk Remote Access Protocol
1018Proprietary Connectionless Proprietary Connectionless
1019ITU X.29 Host PAD ITU X.29 Host PAD
1020ITU X.3 Terminal PAD ITU X.3 Terminal PAD
1021Frame Relay MPI Frame Relay MPI
1022ITU X.213 ITU X.213
1023ADSL ADSL
1024RADSL RADSL
1025SDSL SDSL
1026VDSL VDSL
1027ISO 802.5 CRFP ISO 802.5 CRFP
1028Myrinet Myrinet
1029Voice Receive and Transmit Voice Receive and Transmit
1030Voice Foreign Exchange Office Voice Foreign Exchange Office
1031Voice Foreign Exchange Service Voice Foreign Exchange Service
1032Voice Encapsulation Voice Encapsulation
1033Voice over IP Voice over IP
1034ATM DXI ATM DXI
1035ATM FUNI ATM FUNI
1036ATM IMA ATM IMA
1037PPP Multilink Bundle PPP Multilink Bundle
1038IP over CDLC IP over CDLC
1039IP over CLAW IP over CLAW
1040Stack to Stack Stack to Stack
1041Virtual IP Address Virtual IP Address
1042MPC MPC
1043IP over ATM IP over ATM
1044ISO 802.5j Fibre Token Ring ISO 802.5j Fibre Token Ring
1045TDLC TDLC
1046Gigabit Ethernet Gigabit Ethernet
1047HDLC HDLC
1048LAP-F LAP-F
1049V.37 V.37
1050X.25 MLP X.25 MLP
1051X.25 Hunt Group X.25 Hunt Group
1052Transp HDLC Transp HDLC
1053Interleave Channel Interleave Channel
1054FAST Channel FAST Channel
1055IP (for APPN HPR in IP Networks) IP (for APPN HPR in IP Networks)
1056CATV MAC Layer CATV MAC Layer
1057CATV Downstream CATV Downstream
1058CATV Upstream CATV Upstream
1059Avalon 12MPP Switch Avalon 12MPP Switch
1060Tunnel Tunnel
1061Coffee Coffee
1062Circuit Emulation Service Circuit Emulation Service
1063ATM SubInterface ATM SubInterface
1064Layer 2 VLAN using 802.1Q Layer 2 VLAN using 802.1Q
1065Layer 3 VLAN using IP Layer 3 VLAN using IP
1066Layer 3 VLAN using IPX Layer 3 VLAN using IPX
1067Digital Power Line Digital Power Line
1068Multimedia Mail over IP Multimedia Mail over IP
1069DTM DTM
1070DCN DCN
1071IP Forwarding IP Forwarding
1072MSDSL MSDSL
1073IEEE 1394 IEEE 1394
1074IF-GSN/HIPPI-6400 IF-GSN/HIPPI-6400
1075DVB-RCC MAC Layer DVB-RCC MAC Layer
1076DVB-RCC Downstream DVB-RCC Downstream
1077DVB-RCC Upstream DVB-RCC Upstream
1078ATM Virtual ATM Virtual
1079MPLS Tunnel MPLS Tunnel
1080SRP SRP
1081Voice over ATM Voice over ATM
1082Voice over Frame Relay Voice over Frame Relay
1083ISDL ISDL
1084Composite Link Composite Link
1085SS7 Signaling Link SS7 Signaling Link
1086Proprietary P2P Wireless Proprietary P2P Wireless
1087Frame Forward Frame Forward
1088RFC1483 Multiprotocol over ATM RFC1483 Multiprotocol over ATM
1089USB USB
1090IEEE 802.3ad Link Aggregate IEEE 802.3ad Link Aggregate
1091BGP Policy Accounting BGP Policy Accounting
1092FRF .16 Multilink FR FRF .16 Multilink FR
1093H.323 Gatekeeper H.323 Gatekeeper
1094H.323 Proxy H.323 Proxy
1095Multi-Frequency Signaling Link Multi-Frequency Signaling Link
1096HDSL-2 HDSL-2
1097S-HDSL S-HDSL
1098DS1 Facility Data Link DS1 Facility Data Link
1099Packet over SONET/SDH Packet over SONET/SDH
1100DVB-ASI Input DVB-ASI Input
1101DVB-ASI Output DVB-ASI Output
1102Power Line Power Line
1103Non Facility Associated Signaling Non Facility Associated Signaling
1104TR008 TR008
1105GR303 RDT GR303 RDT
1106GR303 IDT GR303 IDT
1107ISUP ISUP
1108Proprietary Wireless MAC Layer Proprietary Wireless MAC Layer
1109Proprietary Wireless Downstream Proprietary Wireless Downstream
1110Proprietary Wireless Upstream Proprietary Wireless Upstream
1111HIPERLAN Type 2 HIPERLAN Type 2
1112Proprietary Broadband Wireless Access Point to Mulipoint Proprietary Broadband Wireless Access Point to Mulipoint
1113SONET Overhead Channel SONET Overhead Channel
1114Digital Wrapper Overhead Channel Digital Wrapper Overhead Channel
1115ATM Adaptation Layer 2 ATM Adaptation Layer 2
1116Radio MAC Radio MAC
1117ATM Radio ATM Radio
1118Inter Machine Trunk Inter Machine Trunk
1119MVL DSL MVL DSL
1120Long Read DSL Long Read DSL
1121Frame Relay DLCI Endpoint Frame Relay DLCI Endpoint
1122ATM VCI Endpoint ATM VCI Endpoint
1123Optical Channel Optical Channel
1124Optical Transport Optical Transport
1125Proprietary ATM Proprietary ATM
1126Voice over Cable Voice over Cable
1127TE Link TE Link
1128Q.2931 Q.2931
1129Virtual Trunk Group Virtual Trunk Group
1130SIP Trunk Group SIP Trunk Group
1131SIP Signaling SIP Signaling
1132CATV Upstream Channel CATV Upstream Channel
1133Econet Econet
1134FSAN 155Mb PON FSAN 155Mb PON
1135FSAN 622Mb PON FSAN 622Mb PON
1136Transparent Bridge Transparent Bridge
1137Line Group Line Group
1138Voice E&M Feature Group Voice E&M Feature Group
1139Voice FGD EANA Voice FGD EANA
1140Voice DID Voice DID
1141MPEG Transport MPEG Transport
11426To4 6To4
1143GTP GTP
1144Paradyne EtherLoop 1 Paradyne EtherLoop 1
1145Paradyne EtherLoop 2 Paradyne EtherLoop 2
1146Optical Channel Group Optical Channel Group
1147HomePNA HomePNA
1148GFP GFP
1149ciscoISLvlan ciscoISLvlan
1150actelisMetaLOOP actelisMetaLOOP
1151Fcip Fcip
1152IANA Reserved IANA Reserved
1153802.11a 802.11a
1154802.11b 802.11b
1155802.11g 802.11g
1156802.11h 802.11h
1157NFS NFS
1158CIFS CIFS
1159DAFS DAFS
1160WebDAV WebDAV
1161HTTP HTTP
1162FTP FTP
1163NDMP NDMP
1164Telnet Telnet
1165SSH SSH
1166SM CLP SM CLP
1167SMTP SMTP
1168LDAP LDAP
1169RDP RDP
1170HTTPS HTTPS
1171A string that describes the type of ProtocolEndpoint when the Type property of this class (or any of its subclasses) is set to 1 (Other). This property should be set to null when the Type property is any value other than 1. A string that describes the type of ProtocolEndpoint when the Type property of this class (or any of its subclasses) is set to 1 (Other). This property should be set to null when the Type property is any value other than 1.
1172A communication point from which data can be sent or received. ProtocolEndpoints link system or computer interfaces to LogicalNetworks. A communication point from which data can be sent or received. ProtocolEndpoints link system or computer interfaces to LogicalNetworks.
11732.15.0 2.15.0
1174InstallDate records when the SA (and its endpoint) was created. InstallDate records when the SA (and its endpoint) was created.
1175LifetimeSeconds specifies the maximum time that the SA will be considered valid after it has been created. A value of zero indicates that the default of 8 hours be used. A non-zero value indicates the seconds lifetime. LifetimeSeconds specifies the maximum time that the SA will be considered valid after it has been created. A value of zero indicates that the default of 8 hours be used. A non-zero value indicates the seconds lifetime.
1176RefreshThresholdSecondsPercentage is the lifetime percentage after which a new SA should be acquired, before the existing SA expires. A random period may be added to a calculated threshold to reduce network thrashing. RefreshThresholdSecondsPercentage is the lifetime percentage after which a new SA should be acquired, before the existing SA expires. A random period may be added to a calculated threshold to reduce network thrashing.
1177IdleDurationSeconds specifies how long the SA can be idle before it is deleted. The default value, 0, indicates that there is no idle timeout period. IdleDurationSeconds specifies how long the SA can be idle before it is deleted. The default value, 0, indicates that there is no idle timeout period.
1178LifetimeKilobytes specifies the maximum number of kilobytes of data traffic to be protected by the SA. A value of zero (the default) indicates that there should be no maximum kilobyte lifetime. A non-zero value specifies the desired kilobyte lifetime. The SA is deleted when the LifetimeKilobyte value is exceeded. LifetimeKilobytes specifies the maximum number of kilobytes of data traffic to be protected by the SA. A value of zero (the default) indicates that there should be no maximum kilobyte lifetime. A non-zero value specifies the desired kilobyte lifetime. The SA is deleted when the LifetimeKilobyte value is exceeded.
1179RefreshThresholdKbytesPercentage is the lifetime percentage of kilobytes processed, at which a new SA should be acquired. A random value may be added to the calculated threshold to reduce network thrashing. RefreshThresholdKbytesPercentage is the lifetime percentage of kilobytes processed, at which a new SA should be acquired. A random value may be added to the calculated threshold to reduce network thrashing.
1180PacketLoggingActive causes a log to be kept of traffic processed by the SAEndpoint. PacketLoggingActive causes a log to be kept of traffic processed by the SAEndpoint.
1181SecurityAssociationEndpoint (SAEndpoint) represents the endpoint of a secure connection. This is typically an IP connection, although the model allows more flexibility than just IP. The SecurityAssociationEndpoint is tied to an IPProtocolEndpoint (or possibly other endpoint) using the LogicalIdentity association. Note that an endpoint is defined at both ends of the connection. SecurityAssociationEndpoint (SAEndpoint) represents the endpoint of a secure connection. This is typically an IP connection, although the model allows more flexibility than just IP. The SecurityAssociationEndpoint is tied to an IPProtocolEndpoint (or possibly other endpoint) using the LogicalIdentity association. Note that an endpoint is defined at both ends of the connection.
1182Identifier of the IKE phase 1 negotiation initiator. Combined with the ResponderCookie, this value, in string form, may be used to construct the value of the key field \'Name\', inherited from ServiceAccessPoint. Identifier of the IKE phase 1 negotiation initiator. Combined with the ResponderCookie, this value, in string form, may be used to construct the value of the key field \'Name\', inherited from ServiceAccessPoint.
1183Identifier of the IKE phase 1 negotiation responder. Combined with the InitiatorCookie, this value, in string form, may be used to construct the value of the key field \'Name\', inherited from ServiceAccessPoint. Identifier of the IKE phase 1 negotiation responder. Combined with the InitiatorCookie, this value, in string form, may be used to construct the value of the key field \'Name\', inherited from ServiceAccessPoint.
1184CipherAlgorithm is an enumeration that specifies the encryption algorithm used by the IKESAEndpoint. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list, since the values of Unknown and Other are taken into account. CipherAlgorithm is an enumeration that specifies the encryption algorithm used by the IKESAEndpoint. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list, since the values of Unknown and Other are taken into account.
1185HashAlgorithm is an enumeration that specifies the hash function used by the IKESAEndpoint. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list, since the values of Unknown and Other are taken into account. HashAlgorithm is an enumeration that specifies the hash function used by the IKESAEndpoint. The list of algorithms was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list, since the values of Unknown and Other are taken into account.
1186AuthenticationMethod is an enumeration that specifies the operation of the IKESAEndpoint. The list of methods was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list, since the values of Unknown and Other are taken into account. AuthenticationMethod is an enumeration that specifies the operation of the IKESAEndpoint. The list of methods was generated from Appendix A of RFC2409. Note that the enumeration is different than the RFC list, since the values of Unknown and Other are taken into account.
1187GroupId specifies the key exchange group ID. If the GroupID number is from the vendor-specific range (32768-65535), the VendorID qualifies the group number. Well-known group identifiers from RFC2412, Appendix E, are: Group 1=\'768 bit prime\', Group 2=\'1024 bit prime\', Group 3= \'Elliptic Curve Group with 155 bit field element\', Group 4= \'Large Elliptic Curve Group with 185 bit field element\', and Group 5=\'1536 bit prime\'. GroupId specifies the key exchange group ID. If the GroupID number is from the vendor-specific range (32768-65535), the VendorID qualifies the group number. Well-known group identifiers from RFC2412, Appendix E, are: Group 1=\'768 bit prime\', Group 2=\'1024 bit prime\', Group 3= \'Elliptic Curve Group with 155 bit field element\', Group 4= \'Large Elliptic Curve Group with 185 bit field element\', and Group 5=\'1536 bit prime\'.
1188IKESAEndpoint is created in the first phase of SA negotiation and protects the key negotiation traffic. This endpoint is only created when IKE is the key exchange protocol. Other protocols and their endpoints will be defined in a future release. IKESAEndpoint is created in the first phase of SA negotiation and protects the key negotiation traffic. This endpoint is only created when IKE is the key exchange protocol. Other protocols and their endpoints will be defined in a future release.
1189The actual encryption algorithm used by the SA. The actual encryption algorithm used by the SA.
1190The actual hash algorithm used by the SA. The actual hash algorithm used by the SA.
1191The property GroupId gives the phase 1 security association key exchange group. Well-known group identifiers from RFC2412, Appendix E, are: Group 1='768 bit prime', Group 2='1024 bit prime', Group 3 ='Elliptic Curve Group with 155 bit field element', Group 4= 'Large Elliptic Curve Group with 185 bit field element', and Group 5='1536 bit prime'. Note that only groups 1, 2, 14, 19, 20, and 24 are acceptable in Windows 8. The property GroupId gives the phase 1 security association key exchange group. Well-known group identifiers from RFC2412, Appendix E, are: Group 1='768 bit prime', Group 2='1024 bit prime', Group 3 ='Elliptic Curve Group with 155 bit field element', Group 4= 'Large Elliptic Curve Group with 185 bit field element', and Group 5='1536 bit prime'. Note that only groups 1, 2, 14, 19, 20, and 24 are acceptable in Windows 8.
1192The Key Module used to negotiate the SA and its child SA's. The Key Module used to negotiate the SA and its child SA's.
1193The address of the local endpoint the SA applies to. The address of the local endpoint the SA applies to.
1194The address of the remote endpoint the SA applies to. The address of the remote endpoint the SA applies to.
1195The maximum number of Quick Mode SA's that may be established with this SA before it must be renegotiated. The maximum number of Quick Mode SA's that may be established with this SA before it must be renegotiated.
1196The first authentication local identity The first authentication local identity
1197The second authentication local identity The second authentication local identity
1198The first authentication remote identity The first authentication remote identity
1199The second authentication remote identity The second authentication remote identity
1200Extensions to GroupId Extensions to GroupId
1201Filter ID from the QM policy matching the extended mode filter Filter ID from the QM policy matching the extended mode filter
1202Local UDP encapsulation port for NAT-T Local UDP encapsulation port for NAT-T
1203Remote UDP encapsulation port for NAT-T Remote UDP encapsulation port for NAT-T
1204GUID of the main mode policy provider context corresponding to this SA GUID of the main mode policy provider context corresponding to this SA
1205ID/Handle to virtual interface tunneling state ID/Handle to virtual interface tunneling state
1206A MainMode SA. A MainMode SA.
1207SPI contains the Security Parameter Index of the SA. This value in string form may also be used in the key field \'Name\' inherited from ServiceAccessPoint. SPI contains the Security Parameter Index of the SA. This value in string form may also be used in the key field \'Name\' inherited from ServiceAccessPoint.
1208InboundDirection specifies whether the SA applies to inbound (TRUE) or outbound (FALSE) traffic. InboundDirection specifies whether the SA applies to inbound (TRUE) or outbound (FALSE) traffic.
1209EncapsulationMode indicates whether the IPsecSAEndpoint uses transport or tunnel encapsulation. EncapsulationMode indicates whether the IPsecSAEndpoint uses transport or tunnel encapsulation.
1210Transport Transport
1211DFHandling controls how the \'Don\'t Fragment\' bit is managed by the IPsecSAEndpoint. DFHandling controls how the \'Don\'t Fragment\' bit is managed by the IPsecSAEndpoint.
1212Copy from Internal to External IP Header Copy from Internal to External IP Header
1213Set DF Bit in External Header to 1 Set DF Bit in External Header to 1
1214Set DF Bit in External Header to 0 Set DF Bit in External Header to 0
1215PFSInUse indicates whether perfect forward secrecy is required when refreshing keys. PFSInUse indicates whether perfect forward secrecy is required when refreshing keys.
1216IPsecSAEndpoints are types of SecurityAssociationEndpoints representing both negotiated and static SAs that correspond to AH, ESP, or IPCOMP transforms. IPsecSAEndpoints are types of SecurityAssociationEndpoints representing both negotiated and static SAs that correspond to AH, ESP, or IPCOMP transforms.
1217The local machine port the SA applies to, or 0 for all ports. The local machine port the SA applies to, or 0 for all ports.
1218The remote machine port the SA applies to, or 0 for all ports. The remote machine port the SA applies to, or 0 for all ports.
1219If traffic type is transport mode, this is the LUID of the FWPS transport layer filter corresponding to this traffic. If traffic type is tunnel mode, this is the LUID of the associated QM policy. In tunnel mode, this represents the QM traffic selectors for the tunnel If traffic type is transport mode, this is the LUID of the FWPS transport layer filter corresponding to this traffic. If traffic type is tunnel mode, this is the LUID of the associated QM policy. In tunnel mode, this represents the QM traffic selectors for the tunnel
1220IP protocol for this traffic. Only specified if the traffic is more general than the matching filter IP protocol for this traffic. Only specified if the traffic is more general than the matching filter
1221Local interface alias Local interface alias
1222The profile ID corresponding to the actual interface that the traffic is going out on or coming in from the wire. The profile ID corresponding to the actual interface that the traffic is going out on or coming in from the wire.
1223Local Udp encapsulation port for NAT traversal Local Udp encapsulation port for NAT traversal
1224Remote Udp encapsulation port for NAT traversal Remote Udp encapsulation port for NAT traversal
1225SA Flags SA Flags
1226NdSecure NdSecure
1227NdBoundary NdBoundary
1228NdPeerNatBoundary NdPeerNatBoundary
1229GuaranteeEncryption GuaranteeEncryption
1230NLB NLB
1231NoMachineLuidVerify NoMachineLuidVerify
1232NoImpersonationLuidVerify NoImpersonationLuidVerify
1233NoExplicitCredMatch NoExplicitCredMatch
1234AllowNullTargetNameMatch AllowNullTargetNameMatch
1235ClearDfOnTunnel ClearDfOnTunnel
1236AssumeUdpContextOutbound AssumeUdpContextOutbound
1237NdPeerBoundary NdPeerBoundary
1238SuppressDuplicateDeletion SuppressDuplicateDeletion
1239PeerSupportsGuaranteeEncryption PeerSupportsGuaranteeEncryption
1240ForceInboundConnections ForceInboundConnections
1241ForceOutboundConnections ForceOutboundConnections
1242ForwardPathInitiator ForwardPathInitiator
1243Name of the matching transport filter Name of the matching transport filter
1244Id of the associated Main Mode Id of the associated Main Mode
1245First Transform type First Transform type
1246Ah Ah
1247Esp-auth Esp-auth
1248Esp-cipher Esp-cipher
1249Esp-auth-and-cipher Esp-auth-and-cipher
1250Esp-auth-firewall Esp-auth-firewall
1251The integrity algorithm for the first operation The integrity algorithm for the first operation
1252The cipher algorithm for the first operation The cipher algorithm for the first operation
1253Second Transform type Second Transform type
1254The integrity algorithm for the second operation The integrity algorithm for the second operation
1255The cipher algorithm for the second operation The cipher algorithm for the second operation
1256The spi for the first operation The spi for the first operation
1257Private address of peer behind NAT Private address of peer behind NAT
1258Perfect forward secrecy group id Perfect forward secrecy group id
1259Same as Main Mode Same as Main Mode
1260LUID of the FWPS_LAYER_IPSEC_XX layer FWPS filter corresponding to this SA LUID of the FWPS_LAYER_IPSEC_XX layer FWPS filter corresponding to this SA
1261Liftime by number of packets Liftime by number of packets
1262Timeout after which the IPsec SA should stop accepting packets coming in the clear in negotiation discovery mode Timeout after which the IPsec SA should stop accepting packets coming in the clear in negotiation discovery mode
1263Network Access Protection context Network Access Protection context
1264Identifier for tiebraking simultaneous SAs Identifier for tiebraking simultaneous SAs
1265ID/Handle to Virtual-IF tunnel state ID/Handle to Virtual-IF tunnel state
1266ID/Handle to Virtual-IF traffic selector(s) ID/Handle to Virtual-IF traffic selector(s)
1267Main Mode target SPN Main Mode target SPN
1268Extended Mode target SPN Extended Mode target SPN
1269Optional handle to explicit credentials Optional handle to explicit credentials
1270A Quick Mode SA. A Quick Mode SA.
1271Antecedent represents the independent object in this association. Antecedent represents the independent object in this association.
1272Dependent represents the object that is dependent on the Antecedent. Dependent represents the object that is dependent on the Antecedent.
1273CIM_Dependency is a generic association used to establish dependency relationships between ManagedElements. CIM_Dependency is a generic association used to establish dependency relationships between ManagedElements.
1274Phase 1 SAEndpoint that protected the negotiation of the phase 2 Security Association. An example of a phase 1 endpoint is an IKESAEndpoint. Phase 1 SAEndpoint that protected the negotiation of the phase 2 Security Association. An example of a phase 1 endpoint is an IKESAEndpoint.
1275The phase 2 SAEndpoint. The phase 2 SAEndpoint.
1276Phase1SAUsedForPhase2 associates a phase 1 endpoint (such as an IKESAEndpoint) with an IPsecSAEndpoint that was negotiated using that phase 1 Security Association. Phase1SAUsedForPhase2 associates a phase 1 endpoint (such as an IKESAEndpoint) with an IPsecSAEndpoint that was negotiated using that phase 1 Security Association.
1277Read a GPO, and cache results locally Read a GPO, and cache results locally
1278Output GPO Session identifier Output GPO Session identifier
1279Write the local cached GPO info back to AD Write the local cached GPO info back to AD
1280This class does not have any instances. It is used to manage locally-cached Group Policy Objects. This class does not have any instances. It is used to manage locally-cached Group Policy Objects.
0x1The IPsec DoSP settings are corrupt for the NetIPsecDoSPSetting WMI Object with name: %1Please use %2 to restore them. The IPsec DoSP settings are corrupt for the NetIPsecDoSPSetting WMI Object with name: %1Please use %2 to restore them.
0x2Fragment grouping must be enabled in order for DoSP settings to function correctly. Please run these commands to enable fragment grouping.%1%2 Fragment grouping must be enabled in order for DoSP settings to function correctly. Please run these commands to enable fragment grouping.%1%2
0x3At least one server or domain name must be specified. At least one server or domain name must be specified.
0x4The specified EndpointType is invalid. The specified EndpointType is invalid.
0x5This edition of Windows does not support the requested functionality. This edition of Windows does not support the requested functionality.
0x6%1 %2: %3 %1 %2: %3
0x7%1-%2 %3: %4 %1-%2 %3: %4
0x8Cannot access the remote domain %1. This may be caused by not having credentials configured for multiple hops over the network. Cannot access the remote domain %1. This may be caused by not having credentials configured for multiple hops over the network.
0x9The OutboundSecurity/InboundSecurity combination is invalid. Acceptable values for transport mode are None/None, Request/Request, Request/Require, andRequire/Require. The OutboundSecurity/InboundSecurity combination is invalid. Acceptable values for transport mode are None/None, Request/Request, Request/Require, andRequire/Require.
0xAThe OutboundSecurity/InboundSecurity combination is invalid. Acceptable values for tunnel mode are None/None, Require/Require, and None/Require. The OutboundSecurity/InboundSecurity combination is invalid. Acceptable values for tunnel mode are None/None, Require/Require, and None/Require.
0xBThe Authentication/Encryption combination is invalid. Acceptable values are:NotRequired/NotRequiredRequired/RequiredRequired/NotRequiredRequired/DynamicNoEncap/NotRequired The Authentication/Encryption combination is invalid. Acceptable values are:NotRequired/NotRequiredRequired/RequiredRequired/NotRequiredRequired/DynamicNoEncap/NotRequired
0xCThe Key Module is invalid. The Key Module is invalid.
0xDA local tunnel endpoint can only be an IPv4 address and/or an IPv6 address. Subnets and ranges are not allowed. A local tunnel endpoint can only be an IPv4 address and/or an IPv6 address. Subnets and ranges are not allowed.
0xEA remote tunnel endpoint can only contain addresses. Subnets and ranges are not allowed. A remote tunnel endpoint can only contain addresses. Subnets and ranges are not allowed.
0xFTunnel mode properties cannot be applied to transport-mode rules. Tunnel mode properties cannot be applied to transport-mode rules.
0x10User and machine authentication may only be applied to Allow rules. User and machine authentication may only be applied to Allow rules.
0x11The run-time type of the field does not match the declared type. This indicates that theprovider is incorrectly registered in the WMI store. The run-time type of the field does not match the declared type. This indicates that theprovider is incorrectly registered in the WMI store.
0x12An error occurred while retrieving information about the Group Policy container from the Domain Controller. An error occurred while retrieving information about the Group Policy container from the Domain Controller.
0x13Invalid Parameter: %1 Invalid Parameter: %1
0x14Unable to parse the GUID. Unable to parse the GUID.
0x15Unable to parse Platform string. The format is X[.Y][+], where X is the OS major version, and Y is anoptional minor version. + means \"or greater\". For example, these are valid platform strings: 6, 6.0, 6.0+ Unable to parse Platform string. The format is X[.Y][+], where X is the OS major version, and Y is anoptional minor version. + means \"or greater\". For example, these are valid platform strings: 6, 6.0, 6.0+
0x16The address is invalid. Addresses may be specified as IP addresses, ranges, or subnets. Also, the following address keywords are allowed in certain places: LocalSubnet, DNS, DHCP, WINS, DefaultGateway, Internet, Intranet, IntranetRemoteAccess, PlayToDevice. Keywords can be restricted to IPv4 or IPv6 by appending a 4 or 6. The address is invalid. Addresses may be specified as IP addresses, ranges, or subnets. Also, the following address keywords are allowed in certain places: LocalSubnet, DNS, DHCP, WINS, DefaultGateway, Internet, Intranet, IntranetRemoteAccess, PlayToDevice. Keywords can be restricted to IPv4 or IPv6 by appending a 4 or 6.
0x17The port is invalid. When Protocol is TCP or UDP, individual ports or ranges are allowed. Also, the following port keywords are allowed on Firewall Rules: RPC, RPCEPMap, Teredo, IPHTTPSIn, IPHTTPSOut, PlayToDiscovery. The port is invalid. When Protocol is TCP or UDP, individual ports or ranges are allowed. Also, the following port keywords are allowed on Firewall Rules: RPC, RPCEPMap, Teredo, IPHTTPSIn, IPHTTPSOut, PlayToDiscovery.
0x18The protocol is invalid. The protocol is invalid.
0x19ICMP Type:Code pairs are only supported in Firewall rules. ICMP Type:Code pairs are only supported in Firewall rules.
0x1AThe default object %1 is not present in the current store. To find this object, execute the query against the %2. The default object %1 is not present in the current store. To find this object, execute the query against the %2.
0x1BThe specified interface was not found on the system. The specified interface was not found on the system.
0x1CThe ICMP type/code entry is invalid. When Protocol is ICMPv4 or ICMPv6, type:code pairs are allowed. The ICMP type/code entry is invalid. When Protocol is ICMPv4 or ICMPv6, type:code pairs are allowed.
0x1DWhen specifying Auth or Crypto Sets, you must use the Name of the set. You cannot pass the object directly. When specifying Auth or Crypto Sets, you must use the Name of the set. You cannot pass the object directly.
0x1EDynamicTransport is only valid for firewall rules. DynamicTransport is only valid for firewall rules.
0x1FThe key encoding is invalid. The key encoding is invalid.
0x20The cert validation level is invalid. The cert validation level is invalid.
0x21The IPsec NAT traversal setting is invalid. The IPsec NAT traversal setting is invalid.
0x22The ID is invalid. The ID is invalid.
0x23The packet queuing flags are invalid. The packet queuing flags are invalid.
0x24RemoteAddress must be specified. RemoteAddress must be specified.
0x25Both IP addresses must be from the same address family. Both IP addresses must be from the same address family.

EXIF

File Name:wfascim.dll.mui
Directory:%WINDIR%\WinSxS\amd64_networking-mpssvc-wmi.resources_31bf3856ad364e35_10.0.15063.0_en-gb_1d0abce58f9bb076\
File Size:238 kB
File Permissions:rw-rw-rw-
File Type:Win32 DLL
File Type Extension:dll
MIME Type:application/octet-stream
Machine Type:Intel 386 or later, and compatibles
Time Stamp:0000:00:00 00:00:00
PE Type:PE32
Linker Version:14.10
Code Size:0
Initialized Data Size:242688
Uninitialized Data Size:0
Entry Point:0x0000
OS Version:10.0
Image Version:10.0
Subsystem Version:6.0
Subsystem:Windows GUI
File Version Number:10.0.15063.0
Product Version Number:10.0.15063.0
File Flags Mask:0x003f
File Flags:(none)
File OS:Windows NT 32-bit
Object File Type:Dynamic link library
File Subtype:0
Language Code:English (British)
Character Set:Unicode
Company Name:Microsoft Corporation
File Description:Network Management Value Objects
File Version:10.0.15063.0 (WinBuild.160101.0800)
Internal Name:wfascim.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original File Name:wfascim.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0

What is wfascim.dll.mui?

wfascim.dll.mui is Multilingual User Interface resource file that contain English (British) language for file wfascim.dll (Network Management Value Objects).

File version info

File Description:Network Management Value Objects
File Version:10.0.15063.0 (WinBuild.160101.0800)
Company Name:Microsoft Corporation
Internal Name:wfascim.dll
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original Filename:wfascim.dll.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Translation:0x809, 1200