Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Program to Convert SDDL Security Descriptors Into Human Readable Form?

1,346 views
Skip to first unread message

Will

unread,
Mar 26, 2008, 12:01:49 AM3/26/08
to
Is there a utility that takes converts the very hard to read security
descriptor format SDDL and converts it to a human readable format? For
example, you can look at the DACL on the Windows Firewall service with the
command:

sc sdshow SharedAccess

This gives the human unfriendly output (for example):

D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;NU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;AU)(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)

I would like to find a utility that I could feed the above string to as
input and have it output a parsed and easier to understand version to the
DACL.

--
Will


Andrew Tucker [MSFT]

unread,
Mar 27, 2008, 12:14:14 AM3/27/08
to
On Mar 25, 9:01 pm, "Will" <westes-...@noemail.nospam> wrote:
> Is there a utility that takes converts the very hard to read security
> descriptor format SDDL and converts it to a human readable format?   For
> example, you can look at the DACL on the Windows Firewall service with the
> command:
>
>     sc sdshow SharedAccess
>
> This gives the human unfriendly output (for example):
>
> D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;NU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(­A;;CCLCSWRPWPDTLOCRRC;;;AU)(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRC­WDWO;;;SY)

>
> I would like to find a utility that I could feed the above string to as
> input and have it output a parsed and easier to understand version to the
> DACL.
>
> --
> Will

Take a look at SDDLTranslate.exe - you can download it from
http://tojo2000.com/blog/2006_08_01_tojo2000_archive.html

Will

unread,
Mar 27, 2008, 1:08:58 AM3/27/08
to
That is a good one, thank you.

--
Will

"Andrew Tucker [MSFT]" <Andrew...@gmail.com> wrote in message
news:192ead40-4021-43d5...@i12g2000prf.googlegroups.com...


On Mar 25, 9:01 pm, "Will" <westes-...@noemail.nospam> wrote:
> Is there a utility that takes converts the very hard to read security
> descriptor format SDDL and converts it to a human readable format? For
> example, you can look at the DACL on the Windows Firewall service with the
> command:
>
> sc sdshow SharedAccess
>
> This gives the human unfriendly output (for example):
>

> D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;NU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(耍;;CCLCSWRPWPDTLOCRRC;;;AU)(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRC苦DWO;;;SY)

Jorge de Almeida Pinto [MVP - DS]

unread,
Mar 27, 2008, 3:47:29 AM3/27/08
to
see:
http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/parsing-sddl-strings.aspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Will" <weste...@noemail.nospam> wrote in message
news:X8ednXYce_5fV3Ta...@giganews.com...

0 new messages