Active Directory Security dot com

Complete Coverage of Delegation, Security Audit & Compliance Reporting in Active Directory

Brought to you by former Microsoft Program Manager for Active Directory Security
REFERENCE GUIDANCE REPORTING
Reference | Top-20 D | Risks | FAQ Delegate | Verify | Assess | Audit | Report | Comply Reports Tools
Security Model
Security Descriptors
Security Groups
Security Permissions
Property Sets
Extended Rights
Validated Writes
Visibility Modes
SDDL
LDAP Filters
Deleted Objects
True Last Logon
Nested Group Memberships
Resultant Access




Gold Finger Mini

Security Descriptor Definition Language (SDDL)

The Security Descriptor Definition Language (SDDL) defines a set of string elements for describing well-known security principals, permissions and flags in Windows security descriptors, which serve to protect securable objects in Windows operating systems.

SDDL covers the following components of Windows Security Descriptors

  1. Security Descriptor Flags

  2. Access Control Entry (ACE) Flags

  3. Security Principals

  4. Security Permissions



1 . Security Descriptor Flags

SDDLSecurity Descriptor Flag Denoted
PProtected
ARAuto Inherit
AIAuto Inherited


2 . ACE Flags

SDDLACE Flag Denoted
AAllow
DDeny
OAObject Allow
ODObject Deny
CIContainer Inherit
OIObject Inherit
IOInherit Only
IDInherited
NPNo Propogate
AUAudit
SAAudit Success
FAAudit Failure
ALAlarm
OUObject Audit
OLObject Alarm






Are you trying to find out who has what permissions in AD?
You can, with Gold Finger from Paramount Defenses !
 		       Free Trial  



3 . Security Principal

SDDLSecurity Principal Denoted
ANAnonymous Logon
AUAuthenticated Users
BABuiltin Administrators
BOBackup Operators
BUBuiltin Users
CACertificate Service Administrators
CDCertificate Services DCOM Access
CGCreator Group
COCreator Owner
DADomain Administrators
DCDomain Computers
DDDomain Domain Controllers
DGDomain Guests
DUDomain Users
EAEnterprise Administrators
EDEnterprise Domain Controllers
ROEnterprise Read-Only Domain Controllers
WDEveryone
PAGroup Policy Administrators
BGGuests
HIHigh Integrity Level
IUInteractively Logged-On User
LALocal Administrators
LGLocal Guest
LSLocal Service
SYLocal System
LWLow Integrity Level
MEMedium Integrity Level
NONetwork Configuration Operators
NUNetwork Logon User
NSNetwork Service
PSPersonal Self
PUPower Users
RUPre-Windows 2000 Compatible Access
POPrint Operators
RSRAS Servers
RDRemote Desktop
REReplicator
RCRestricted Code
SASchema Administrators
SUService Logon User
SOServer Operators
SISystem Integrity Level






Are you trying to find out where all a user has permissions in AD?
You can, with Gold Finger from Paramount Defenses !
 		       Free Trial  



4 . Security Permissions

SDDLSecurity Principal Denoted
GAGeneric All
GRGeneric Read
GWGeneric Write
GXGeneric Execute
RCRead Control
SDDelete
WDWrite DACL
WOWrite Owner
RPRead Property
WPWrite Property
CCCreate Child
DCDelete Child
LCList Child
SWSelf
LOList Object
DTDelete Tree
CRControl Access
FAAll Access
FRGeneric Read
FWGeneric Write
FXGeneric Execute
KAKey All Access
KRKey Read
KWKey Write
KXKey Write
Gold Finger - Microsoft-endorsed, Active Directory Resultant Access/Security Auditing/Reporting Tool
About Copyright ActiveDirSec.Com 2008 – 2011. All Rights Reserved Disclaimer
Active Directory Security Active Directory Reports Active Directory Reporting Tools Cyber Security and Global Security
Active Directory Audit Tool Active Directory Reporting Tool Active Directory Reporting Tools Active Directory Effective Permissions