Created
January 12, 2020 16:45
-
-
Save olamotte/61f85246ec945087e715f849d7750546 to your computer and use it in GitHub Desktop.
Windows Registry conversion from binary Security Descriptor to SDDL DACL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Example: Which users can access the SMB Session information on a Windows 10 computer (NetCease status) | |
| #Retrieve the binary value | |
| $acl=Get-ItemProperty -Path Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\DefaultSecurity -Name SrvsvcSessionInfo | |
| #Use WMI helper to obtain a converter | |
| $converter = new-object system.management.ManagementClass Win32_SecurityDescriptorHelper | |
| #Do the conversion to SDDL | |
| $outsddl = $converter.BinarySDToSDDL($acl.SrvsvcSessionInfo) | |
| #Interpret the SDDL string and print it | |
| ConvertFrom-SddlString -Sddl $outsddl.SDDL | select -Property DiscretionaryAcl | out-string -Width 200000 | |
| DiscretionaryAcl | |
| ---------------- | |
| {NT AUTHORITY\BATCH: AccessAllowed (ListDirectory), NT AUTHORITY\INTERACTIVE: AccessAllowed (ListDirectory), NT AUTHORITY\SERVICE: AccessAllowed (ListDirectory), BUILTIN\Administrators: AccessAllowed (ChangePermissions, Delete, ListDirectory, ReadPermissions, TakeOwnership, WriteData, WriteExtendedAttributes), BUILTIN\Power Users: AccessAllowed (ChangePermissions, Delete, ListDirectory, ReadPermissions, TakeOwnership, WriteData, WriteExtendedAttributes), : AccessAllowed (ChangePermissions, Delete, ListDirectory, ReadPermissions, TakeOwnership, WriteData, WriteExtendedAttributes)} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment