Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Windows Filtering Platform (WFP) uses the standard Win32 access rights plus a set of WFP-specific access rights built into the filtering platform. These access rights are used to secure objects in user mode only. Kernel-mode callers bypass all access checks.
WFP specific access right identifiers are as follows.
-
FWPM_ACTRL_ADD
-
-
Add an object to the Base Filtering Engine (BFE). This access right is needed in order to call Fwpm*Add0 functions.
-
-
FWPM_ACTRL_ADD_LINK
-
-
Add an object referenced through a link. For example, this access right is needed for callouts referenced through GUIDs.
-
-
FWPM_ACTRL_BEGIN_READ_TXN
-
-
Begin a read-only transaction. This access right is needed in order to call FwpmTransactionBegin0.
-
-
FWPM_ACTRL_BEGIN_WRITE_TXN
-
-
Begin a read/write transaction. This access right is needed in order to call FwpmTransactionBegin0 for a read/write transaction.
-
-
FWPM_ACTRL_CLASSIFY
-
-
Classify Remote Procedure Call (RPC). This access right is needed by the RPC run-time in order to enforce RPC filters.
-
-
FWPM_ACTRL_ENUM
-
-
Enumerate. This access right is needed in order to call Fwpm*CreateEnumHandle0 functions. To enumerate an object, the caller also needs FWPM_ACTRL_READ access to the object.
-
-
FWPM_ACTRL_OPEN
-
-
Open a session to the filter engine. This access right is needed in order to call FwpmEngineOpen0.
-
-
FWPM_ACTRL_READ
-
-
Read. This access right is needed in order to call Fwpm*GetById0 and Fwpm*GetByKey0 functions.
-
-
FWPM_ACTRL_READ_STATS
-
-
Read statistics. This access right is needed in order to call IPsecGetStatistics0 and IkeextGetStatistics0.
-
-
FWPM_ACTRL_SUBSCRIBE
-
-
Subscribe. This access right is needed in order to call Fwpm*SubscribeChanges0 functions. To receive a notification for an object, a subscriber also needs FWPM_ACTRL_READ access to the object.
-
-
FWPM_ACTRL_WRITE
-
-
Write engine options. This access right is needed in order to call FwpmEngineSetOption0.
-
-
FWPM_GENERIC_READ
-
-
STANDARD_RIGHTS_READ | FWPM_ACTRL_BEGIN_READ_TXN | FWPM_ACTRL_CLASSIFY | FWPM_ACTRL_OPEN | FWPM_ACTRL_READ | FWPM_ACTRL_READ_STATS
-
-
FWPM_GENERIC_EXECUTE
-
-
STANDARD_RIGHTS_EXECUTE | FWPM_ACTRL_ENUM | FWPM_ACTRL_SUBSCRIBE
-
-
FWPM_GENERIC_WRITE
-
-
STANDARD_RIGHTS_WRITE | DELETE | FWPM_ACTRL_ADD | FWPM_ACTRL_ADD_LINK | FWPM_ACTRL_BEGIN_WRITE_TXN | FWPM_ACTRL_WRITE
-
-
FWPM_GENERIC_ALL
-
-
STANDARD_RIGHTS_REQUIRED | FWPM_ACTRL_ADD | FWPM_ACTRL_ADD_LINK | FWPM_ACTRL_BEGIN_READ_TXN | FWPM_ACTRL_BEGIN_WRITE_TXN | FWPM_ACTRL_CLASSIFY | FWPM_ACTRL_ENUM | FWPM_ACTRL_OPEN | FWPM_ACTRL_READ | FWPM_ACTRL_READ_STATS | FWPM_ACTRL_SUBSCRIBE | FWPM_ACTRL_WRITE
-
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
| Header |
|