Is there a tool to generate SDDL (Security Descriptor Definition Language) strings?

About

Asked 28/3, 2012 at 12:29 Answered 29/11, 2016 at 17:49

Solved windows security acl windows-security

Is there a tool to generate SDDL (Security Descriptor Definition Language) strings? I'd like to create them through Windows' Security property sheet or something similar.

Dryad answered 28/3, 2012 at 12:29 Comment(0)

One way is to set the ACL on a file (using the standard property sheet -- i.e. right click and choose Properties, then go to the Security tab), then use CACLS filename /S to display the resulting ACL in the SDDL format.

Dryad answered 28/3, 2012 at 13:26 Comment(3)

This is really good tip to construct SDDL if you don't want to go through the complex SDDL syntax to format it. I like it. :-) – Newscast 26/6, 2012 at 12:22

Will not work for custom (non in-built) user accounts. – Bessiebessy 28/4, 2017 at 9:22

@Bessiebessy - Would it work for AD-accounts and groups as well as built-in groups? For stable environments the identifiers of AD-entities should be known ahead of deployment? Most of the time you would permission based on groups and not user accounts? (users come and go, but groups remain stable). – Integration 30/3, 2018 at 20:18

For those who want to get the SDDL string for registry keys permissions you can use PowerShell:

Get-Acl -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" | Format-List

Euphonic answered 29/11, 2016 at 17:49 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags