Program to Convert SDDL Security Descriptors Into Human Readable Form?

  • Thread starter Thread starter Will
  • Start date Start date
W

Will

Is there a utility that takes converts the very hard to read security
descriptor format SDDL and converts it to a human readable format? For
example, you can look at the DACL on the Windows Firewall service with the
command:

sc sdshow SharedAccess

This gives the human unfriendly output (for example):

D:(DCCDCLCSWRPWPDTLOCRSDRCWDWONU)(ACCDCLCSWRPWPDTLOCRSDRCWDWOBA)(ACCLCSWRPWPDTLOCRRCAU)(ACCLCSWLOCRRCIU)(ACCDCLCSWRPWPDTLOCRSDRCWDWOSY)

I would like to find a utility that I could feed the above string to as
input and have it output a parsed and easier to understand version to the
DACL.

--
Will
 
Re: Program to Convert SDDL Security Descriptors Into Human ReadableForm?

On Mar 25, 9:01 pm, "Will" <westes-...@noemail.nospam> wrote:
> Is there a utility that takes converts the very hard to read security
> descriptor format SDDL and converts it to a human readable format?   For
> example, you can look at the DACL on the Windows Firewall service with the
> command:
>
>     sc sdshow SharedAccess
>
> This gives the human unfriendly output (for example):
>
> D:(DCCDCLCSWRPWPDTLOCRSDRCWDWONU)(ACCDCLCSWRPWPDTLOCRSDRCWDWOBA)(­ACCLCSWRPWPDTLOCRRCAU)(ACCLCSWLOCRRCIU)(ACCDCLCSWRPWPDTLOCRSDRC­WDWOSY)
>
> I would like to find a utility that I could feed the above string to as
> input and have it output a parsed and easier to understand version to the
> DACL.
>
> --
> Will

Take a look at SDDLTranslate.exe - you can download it from
http://tojo2000.com/blog/2006_08_01_tojo2000_archive.html
 
That is a good one, thank you.

--
Will

"Andrew Tucker [MSFT]" <AndrewSTucker@gmail.com> wrote in message
news:192ead40-4021-43d5-b7cb-8f1fb564eb5f@i12g2000prf.googlegroups.com...
On Mar 25, 9:01 pm, "Will" <westes-...@noemail.nospam> wrote:
> Is there a utility that takes converts the very hard to read security
> descriptor format SDDL and converts it to a human readable format? For
> example, you can look at the DACL on the Windows Firewall service with the
> command:
>
> sc sdshow SharedAccess
>
> This gives the human unfriendly output (for example):
>
> D:(DCCDCLCSWRPWPDTLOCRSDRCWDWONU)(ACCDCLCSWRPWPDTLOCRSDRCWDWOBA)(­ACCLCSWRPWPDTLOCRRCAU)(ACCLCSWLOCRRCIU)(ACCDCLCSWRPWPDTLOCRSDRC­WDWOSY)
>
> I would like to find a utility that I could feed the above string to as
> input and have it output a parsed and easier to understand version to the
> DACL.
>
> --
> Will

Take a look at SDDLTranslate.exe - you can download it from
http://tojo2000.com/blog/2006_08_01_tojo2000_archive.html
 
see:
http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/parsing-sddl-strings.aspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Will" <westes-usc@noemail.nospam> wrote in message
news:X8ednXYce_5fV3TanZ2dnUVZ_q2hnZ2d@giganews.com...
> Is there a utility that takes converts the very hard to read security
> descriptor format SDDL and converts it to a human readable format? For
> example, you can look at the DACL on the Windows Firewall service with the
> command:
>
> sc sdshow SharedAccess
>
> This gives the human unfriendly output (for example):
>
> D:(DCCDCLCSWRPWPDTLOCRSDRCWDWONU)(ACCDCLCSWRPWPDTLOCRSDRCWDWOBA)(ACCLCSWRPWPDTLOCRRCAU)(ACCLCSWLOCRRCIU)(ACCDCLCSWRPWPDTLOCRSDRCWDWOSY)
>
> I would like to find a utility that I could feed the above string to as
> input and have it output a parsed and easier to understand version to the
> DACL.
>
> --
> Will
>
 
Back
Top