Hi Rick,
The abbreviations are security descriptor definition
language (aka "SDDL") strings. Microsoft has info on
SDDL at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_definition_language.asp
If you're trying to figure out what the string
represents, Microsoft's info should be enough.
If you want to write your own SDDL strings from
scratch, you may find this helpful:
1. Create a sample file
2. Set the permissions you want on the file
3. Run Microsoft's subinacl.exe resource kit utility
against it like so:
subinacl /file thefile.txt /display=sddl
4. Copy the SDDL string that subinacl outputs
Some versions of the subinacl utility have an annoying
bug in it, so I recommend you download the updated
version from Microsoft at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&DisplayLang=en
Good luck.
Scott
--- Rick Zhong <sagiko@gmail.com> wrote:
Hi,
Is there any listing or table to explain all the
abbreviations which
are used in defining file/directory permissions in
windows security
template? I googled quite a bit and cannot find any
useful info except
openning the template in mmc to view it from GUI.
For example:(Taken from win2003 security guide
template - SSLF-Domain
Controller.inf )
[File Security]
"%systemRoot%\system32\tlntsvr.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)"
"%systemRoot%\system32\tftp.exe",1,"D:PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)"
Any docs, tutorial or links to explain these
permission setting will
be very helpful. Thanks.
regards,
Rick
---------------------------------------------------------------------------
---------------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
