Tipps für:

Gruppenrichtlinien

Partnerseiten

Virgis-Dreambabys
WinSupportForum.de
Freeware-base
 Aufbau des SDDL Formates

Aufbau des SDDL Formates

Gültig für: Alle Windows Versionen


Icons/info.png

Hier wird der Aufbau des SDDL (Service Descriptor Definition Language) Formates beschrieben. Hiermit können entsprechende Sicherheitsinformationen gesetzt werden, wie sie z.B. vom Befehl SC benutzt werden.

 

Beispiel:

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)

 

O:owner_sid

G:group_sid

D:(dacl_flags)(dacl_flags)...

S:(sacl_flags)(sacl_flags)...

 

Aufbau eines dacl_flags

[ACE Type];[ACE Flags];[Rechte];[SID];;[Trustee]

 

ACE Type:

Parameter

Beschreibung

A

ACCESS ALLOWED

D

ACCESS DENIED

OA

OBJECT ACCESS ALLOWED: ONLY APPLIES TO A SUBSET OF THE OBJECT(S).

OD

OBJECT ACCESS DENIED: ONLY APPLIES TO A SUBSET OF THE OBJECT(S).

AU

SYSTEM AUDIT

AL

SYSTEM ALARM

OU

OBJECT SYSTEM AUDIT

OL

OBJECT SYSTEM ALARM

 

ACE Flags:

Parameter

Beschreibung

CI

CONTAINER INHERIT: Child objects that are containers, such as directories, inherit the ACE as an explicit ACE.

OI

OBJECT INHERIT: Child objects that are not containers inherit the ACE as an explicit ACE.

NP

NO PROPAGATE: ONLY IMMEDIATE CHILDREN INHERIT THIS ACE.

IO

INHERITANCE ONLY: ACE DOESN'T APPLY TO THIS OBJECT, BUT MAY AFFECT CHILDREN VIA INHERITANCE.

ID

ACE IS INHERITED

SA

SUCCESSFUL ACCESS AUDIT

FA

FAILED ACCESS

 

Rechte:

Parameter

Beschreibung

Allgemeine Rechte::

GA

GENERIC ALL

GR

GENERIC READ

GW

GENERIC WRITE

GX

GENERIC EXECUTE

Verzeichnisservice Rechte:

RC

Read Permissions

SD

Delete

WD

Modify Permissions

WO

Modify Owner

RP

Read All Properties

WP

Write All Properties

CC

Create All Child Objects

DC

Delete All Child Objects

LC

List Contents

SW

All Validated Writes

LO

List Object

DT

Delete Subtree

CR

All Extended Rights

Dateirechte:

FA

FILE ALL ACCESS

FR

FILE GENERIC READ

FW

FILE GENERIC WRITE

FX

FILE GENERIC EXECUTE

Registryrechte:

KA

KEY ALL ACCESS

KR

KEY READ

KW

KEY WRITE

KX

KEY EXECUTE

 

Trustee

Parameter

Beschreibung

AO

Account operators

RU

Alias to allow previous Windows 2000

AN

Anonymous logon

AU

Authenticated users

BA

Built-in administrators

BG

Built-in guests

BO

Backup operators

BU

Built-in users

CA

Certificate server administrators

CG

Creator group

CO

Creator owner

DA

Domain administrators

DC

Domain computers

DD

Domain controllers

DG

Domain guests

DU

Domain users

EA

Enterprise administrators

ED

Enterprise domain controllers

WD

Everyone

PA

Group Policy administrators

IU

Interactively logged-on user

LA

Local administrator

LG

Local guest

LS

Local service account

SY

Local system

NU

Network logon user

NO

Network configuration operators

NS

Network service account

PO

Printer operators

PS

Personal self

PU

Power users

RS

RAS servers group

RD

Terminal server users

RE

Replicator

RC

Restricted code

SA

Schema administrators

SO

Server operators

SU

Service logon user

 


WinFAQ: Startseite | WinFAQ: HTMLMenü | WinFAQ: Java Version


Der Tipp enthält einen Fehler oder Sie haben noch eine Ergänzung dafür? Schreiben Sie uns über die Feedback-Seite an: Feedback-Formular

Impressum | Datenschutz

 

URL: http://www.winfaq.de/faq_html/Content/tip2000/onlinefaq.php?h=tip2031.htm

WinFAQ ® Version 9.01 Copyright © 1996/2016 by Frank Ullrich

Hauptmenü

Registry System Wizard

Über WinFAQ