Program to Convert SDDL Security Descriptors Into Human Readable Form?

TheMSsForum.com: The Microsoft Software Forum

Is there a utility that takes converts the very hard to read security
descriptor format SDDL and converts it to a human readable format? For
example, you can look at the DACL on the Windows Firewall service with the
command:

sc sdshow SharedAccess

This gives the human unfriendly output (for example):

D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;NU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;AU)(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)

I would like to find a utility that I could feed the above string to as
input and have it output a parsed and easier to understand version to the
DACL.

--
Will
Top

Re: Program to Convert SDDL Security Descriptors Into Human Readable by Andrew

Andrew
Wed Mar 26 23:14:14 CDT 2008

On Mar 25, 9:01=A0pm, "Will" <westes-...@noemail.nospam> wrote:
> Is there a utility that takes converts the very hard to read security
> descriptor format SDDL and converts it to a human readable format? =A0 For=

> example, you can look at the DACL on the Windows Firewall service with the=

> command:
>
> =A0 =A0 sc sdshow SharedAccess
>
> This gives the human unfriendly output (for example):
>
> D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;NU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)=
(=ADA;;CCLCSWRPWPDTLOCRRC;;;AU)(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRS=
DRC=ADWDWO;;;SY)
>
> I would like to find a utility that I could feed the above string to as
> input and have it output a parsed and easier to understand version to the
> DACL.
>
> --
> Will

Take a look at SDDLTranslate.exe - you can download it from
http://tojo2000.com/blog/2006_08_01_tojo2000_archive.html

Top

Re: Program to Convert SDDL Security Descriptors Into Human Readable Form? by Will

Will
Thu Mar 27 00:08:59 CDT 2008

That is a good one, thank you.

--
Will

"Andrew Tucker [MSFT]" <AndrewSTucker@gmail.com> wrote in message
news:192ead40-4021-43d5-b7cb-8f1fb564eb5f@i12g2000prf.googlegroups.com...
On Mar 25, 9:01 pm, "Will" <westes-...@noemail.nospam> wrote:
> Is there a utility that takes converts the very hard to read security
> descriptor format SDDL and converts it to a human readable format? For
> example, you can look at the DACL on the Windows Firewall service with the
> command:
>
> sc sdshow SharedAccess
>
> This gives the human unfriendly output (for example):
>
> D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;NU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(­A;;CCLCSWRPWPDTLOCRRC;;;AU)(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRC­WDWO;;;SY)
>
> I would like to find a utility that I could feed the above string to as
> input and have it output a parsed and easier to understand version to the
> DACL.
>
> --
> Will

Take a look at SDDLTranslate.exe - you can download it from
http://tojo2000.com/blog/2006_08_01_tojo2000_archive.html


Top

Re: Program to Convert SDDL Security Descriptors Into Human Readable Form? by Jorge

Jorge
Thu Mar 27 02:47:29 CDT 2008

see:
http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/parsing-sddl-strings.aspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Will" <westes-usc@noemail.nospam> wrote in message
news:X8ednXYce_5fV3TanZ2dnUVZ_q2hnZ2d@giganews.com...
> Is there a utility that takes converts the very hard to read security
> descriptor format SDDL and converts it to a human readable format? For
> example, you can look at the DACL on the Windows Firewall service with the
> command:
>
> sc sdshow SharedAccess
>
> This gives the human unfriendly output (for example):
>
> D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;NU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;AU)(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
>
> I would like to find a utility that I could feed the above string to as
> input and have it output a parsed and easier to understand version to the
> DACL.
>
> --
> Will
>

Top