API Reference
AdminSdHolderAclDriftOptions
Policy options for evaluating AdminSDHolder ACL drift in a way that stays usable in real environments.
Inheritance
- Object
- AdminSdHolderAclDriftOptions
Constructors
public AdminSdHolderAclDriftOptions() #Methods
public AdminSdHolderAclDriftOptions Normalize() #AdminSdHolderAclDriftOptionsCreates a normalized options instance.
public static IReadOnlyList<String> ParsePatterns(String value) #IReadOnlyList<String>Parses a comma/semicolon/newline-delimited trustee pattern string.
Parameters
- value System.String
Inherited Methods
Properties
public String BaselineSddlOverride { get; set; } #Optional SDDL override used instead of the built-in default baseline.
public Boolean TreatAdministrativeTrusteesAsExpected { get; set; } #When true, additional ACEs granted only to core administrative trustees such as Domain Admins, Enterprise Admins, BUILTIN\Administrators, or SYSTEM are treated as expected by default.
public Boolean RecognizeExpectedApplicationDelegations { get; set; } #When true, known application/platform AdminSDHolder extensions are recognized and separated from generic review candidates.
public Boolean RequireApprovalForOptionalDelegations { get; set; } #When true, role- or product-specific optional delegation profiles remain review candidates instead of being shown only in their dedicated informational section.
public AclRiskLevel MinimumReviewRiskLevel { get; set; } #Minimum risk level that causes an additional ACE to appear in the review candidate output unless it is covered by an explicit allow pattern or the administrative-trustee allowance.
public IReadOnlyList<String> AllowedTrusteePatterns { get; set; } #Optional trustee patterns treated as approved additions. Patterns match SID, resolved display name, and raw identity strings using */? wildcard semantics.