GENERIC_MAPPING for EnrollmentTemplateProperty.TemplatePropSecurityDescriptor RRS feed

  • Question

  • Hi.

    I would like to check wether the current user has a right to enroll a IX509CertificateTemplate according to the SDDL stored in template propery TemplatePropSecutiryDescriptor. I use IX509EnrollmentPolicyServer::GetTemplates to fetch the templates.

    I'm not yet too familiar with this process, but I would like to use AccessCheck. Therefore I need the GENERIC_MAPPING. Or more specifically I need the meaning of the specific rights bits in the access mask. Where can I get what bits are for the "Enroll" permission?

    I might also be completely off track and there exists a simple "CanIEnroll()" method, but I just can't find it :)


    Friday, February 10, 2012 6:44 AM