Aufbau des SDDL Formates
Gültig für: Alle Windows Versionen
Hier wird der Aufbau des SDDL (Service Descriptor Definition Language) Formates beschrieben. Hiermit können entsprechende Sicherheitsinformationen gesetzt werden, wie sie z.B. vom Befehl SC benutzt werden.
Beispiel:
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)
O:owner_sid
G:group_sid
D:(dacl_flags)(dacl_flags)...
S:(sacl_flags)(sacl_flags)...
Aufbau eines dacl_flags
[ACE Type];[ACE Flags];[Rechte];[SID];;[Trustee]
ACE Type:
|
Parameter |
Beschreibung |
|
A |
ACCESS ALLOWED |
|
D |
ACCESS DENIED |
|
OA |
OBJECT ACCESS ALLOWED: ONLY APPLIES TO A SUBSET OF THE OBJECT(S). |
|
OD |
OBJECT ACCESS DENIED: ONLY APPLIES TO A SUBSET OF THE OBJECT(S). |
|
AU |
SYSTEM AUDIT |
|
AL |
SYSTEM ALARM |
|
OU |
OBJECT SYSTEM AUDIT |
|
OL |
OBJECT SYSTEM ALARM |
ACE Flags:
|
Parameter |
Beschreibung |
|
CI |
CONTAINER INHERIT: Child objects that are containers, such as directories, inherit the ACE as an explicit ACE. |
|
OI |
OBJECT INHERIT: Child objects that are not containers inherit the ACE as an explicit ACE. |
|
NP |
NO PROPAGATE: ONLY IMMEDIATE CHILDREN INHERIT THIS ACE. |
|
IO |
INHERITANCE ONLY: ACE DOESN'T APPLY TO THIS OBJECT, BUT MAY AFFECT CHILDREN VIA INHERITANCE. |
|
ID |
ACE IS INHERITED |
|
SA |
SUCCESSFUL ACCESS AUDIT |
|
FA |
FAILED ACCESS |
Rechte:
|
Parameter |
Beschreibung |
|
Allgemeine Rechte:: |
|
|
GA |
GENERIC ALL |
|
GR |
GENERIC READ |
|
GW |
GENERIC WRITE |
|
GX |
GENERIC EXECUTE |
|
Verzeichnisservice Rechte: |
|
|
RC |
Read Permissions |
|
SD |
Delete |
|
WD |
Modify Permissions |
|
WO |
Modify Owner |
|
RP |
Read All Properties |
|
WP |
Write All Properties |
|
CC |
Create All Child Objects |
|
DC |
Delete All Child Objects |
|
LC |
List Contents |
|
SW |
All Validated Writes |
|
LO |
List Object |
|
DT |
Delete Subtree |
|
CR |
All Extended Rights |
|
Dateirechte: |
|
|
FA |
FILE ALL ACCESS |
|
FR |
FILE GENERIC READ |
|
FW |
FILE GENERIC WRITE |
|
FX |
FILE GENERIC EXECUTE |
|
Registryrechte: |
|
|
KA |
KEY ALL ACCESS |
|
KR |
KEY READ |
|
KW |
KEY WRITE |
|
KX |
KEY EXECUTE |
Trustee
|
Parameter |
Beschreibung |
|
AO |
Account operators |
|
RU |
Alias to allow previous Windows 2000 |
|
AN |
Anonymous logon |
|
AU |
Authenticated users |
|
BA |
Built-in administrators |
|
BG |
Built-in guests |
|
BO |
Backup operators |
|
BU |
Built-in users |
|
CA |
Certificate server administrators |
|
CG |
Creator group |
|
CO |
Creator owner |
|
DA |
Domain administrators |
|
DC |
Domain computers |
|
DD |
Domain controllers |
|
DG |
Domain guests |
|
DU |
Domain users |
|
EA |
Enterprise administrators |
|
ED |
Enterprise domain controllers |
|
WD |
Everyone |
|
PA |
Group Policy administrators |
|
IU |
Interactively logged-on user |
|
LA |
Local administrator |
|
LG |
Local guest |
|
LS |
Local service account |
|
SY |
Local system |
|
NU |
Network logon user |
|
NO |
Network configuration operators |
|
NS |
Network service account |
|
PO |
Printer operators |
|
PS |
Personal self |
|
PU |
Power users |
|
RS |
RAS servers group |
|
RD |
Terminal server users |
|
RE |
Replicator |
|
RC |
Restricted code |
|
SA |
Schema administrators |
|
SO |
Server operators |
|
SU |
Service logon user |
WinFAQ: Startseite | WinFAQ: HTMLMenü | WinFAQ: Java Version
Der Tipp enthält einen Fehler oder Sie haben noch eine Ergänzung dafür? Schreiben Sie uns über die Feedback-Seite an: Feedback-Formular
URL: http://www.winfaq.de/faq_html/Content/tip2000/tip2031.htm
WinFAQ ® Version 9.01 Copyright © 1996/2016 by Frank Ullrich