Menu
Is there a tool to generate SDDL (Security Descriptor Definition Language) strings? I'd like to create them through Windows' Security property sheet or something similar.
388
The security descriptor definition language (SDDL) defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe a security descriptor as a text string.
An ACL is a list of ordered Access Control Entries (ACE) that specify DACL and SACLs. A DACL identifies users and groups who are allowed or denied access to an object and in what way the object is accessed. The SACL defines how access is audited on an object.
Administrators can control access to AD objects by assigning them security descriptors. The security descriptor consists of information regarding the object's ownership, access control lists (ACLs), and auditing.
One way is to set the ACL on a file (using the standard property sheet -- i.e. right click and choose Properties, then go to the Security tab), then use CACLS filename /S to display the resulting ACL in the SDDL format.
63
For those who want to get the SDDL string for registry keys permissions you can use PowerShell:
Get-Acl -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" | Format-List
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
