RSS Feed

Decode SC SDSHOW result

By

– 2011-09-21Posted in: IT

Running “sc sdshow msdtc” to get the access rights for MS DTC will result in the following somewhat cryptical result:

D:(A;;CCLCSWRPRC;;;WD)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWRPLOCRRC;;;S-1-2-0)(A;;CCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

This is not very useful, so the result has to be converted to more human readable code. By using sddlparse.exe this is done in a second:

C:\>sddlparse.exe D:(A;;CCLCSWRPRC;;;WD)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWRPLOCRRC;;;S-1-2-0)(A;;CCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

SDDL: D:(A;;CCLCSWRPRC;;;WD)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCSWRPLOCRRC;;;S-1-2-0)(A;;CCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
Ace count: 7
**** ACE 1 of 7 ****
ACE Type: ACCESS_ALLOWED_ACE_TYPE
Trustee: Everyone
AccessMask:
  ADS_RIGHT_READ_CONTROL
  ADS_RIGHT_DS_CREATE_CHILD
  ADS_RIGHT_ACTRL_DS_LIST
  ADS_RIGHT_DS_SELF
  ADS_RIGHT_DS_READ_PROP
Inheritance flags: 0
**** ACE 2 of 7 ****
ACE Type: ACCESS_ALLOWED_ACE_TYPE
Trustee: BUILTIN\Power Users
AccessMask:
  ADS_RIGHT_READ_CONTROL
  ADS_RIGHT_DS_CREATE_CHILD
  ADS_RIGHT_ACTRL_DS_LIST
  ADS_RIGHT_DS_SELF
  ADS_RIGHT_DS_READ_PROP
  ADS_RIGHT_DS_WRITE_PROP
  ADS_RIGHT_DS_DELETE_TREE
  ADS_RIGHT_DS_LIST_OBJECT
  ADS_RIGHT_DS_CONTROL_ACCESS
Inheritance flags: 0
**** ACE 3 of 7 ****
ACE Type: ACCESS_ALLOWED_ACE_TYPE
Trustee: NT AUTHORITY\Authenticated Users
AccessMask:
  ADS_RIGHT_READ_CONTROL
  ADS_RIGHT_DS_CREATE_CHILD
  ADS_RIGHT_ACTRL_DS_LIST
  ADS_RIGHT_DS_SELF
  ADS_RIGHT_DS_LIST_OBJECT
  ADS_RIGHT_DS_CONTROL_ACCESS
Inheritance flags: 0
**** ACE 4 of 7 ****
ACE Type: ACCESS_ALLOWED_ACE_TYPE
Trustee: BUILTIN\Administrators
AccessMask:
  ADS_RIGHT_DELETE
  ADS_RIGHT_READ_CONTROL
  ADS_RIGHT_WRITE_DAC
  ADS_RIGHT_WRITE_OWNER
  ADS_RIGHT_DS_CREATE_CHILD
  ADS_RIGHT_DS_DELETE_CHILD
  ADS_RIGHT_ACTRL_DS_LIST
  ADS_RIGHT_DS_SELF
  ADS_RIGHT_DS_READ_PROP
  ADS_RIGHT_DS_WRITE_PROP
  ADS_RIGHT_DS_DELETE_TREE
  ADS_RIGHT_DS_LIST_OBJECT
  ADS_RIGHT_DS_CONTROL_ACCESS
Inheritance flags: 0
**** ACE 5 of 7 ****
ACE Type: ACCESS_ALLOWED_ACE_TYPE
Trustee: NT AUTHORITY\SYSTEM
AccessMask:
  ADS_RIGHT_READ_CONTROL
  ADS_RIGHT_DS_CREATE_CHILD
  ADS_RIGHT_ACTRL_DS_LIST
  ADS_RIGHT_DS_SELF
  ADS_RIGHT_DS_READ_PROP
  ADS_RIGHT_DS_WRITE_PROP
  ADS_RIGHT_DS_DELETE_TREE
  ADS_RIGHT_DS_LIST_OBJECT
  ADS_RIGHT_DS_CONTROL_ACCESS
Inheritance flags: 0
**** ACE 6 of 7 ****
ACE Type: ACCESS_ALLOWED_ACE_TYPE
Trustee: LOCAL
AccessMask:
  ADS_RIGHT_READ_CONTROL
  ADS_RIGHT_DS_CREATE_CHILD
  ADS_RIGHT_ACTRL_DS_LIST
  ADS_RIGHT_DS_SELF
  ADS_RIGHT_DS_READ_PROP
  ADS_RIGHT_DS_LIST_OBJECT
  ADS_RIGHT_DS_CONTROL_ACCESS
Inheritance flags: 0
**** ACE 7 of 7 ****
ACE Type: ACCESS_ALLOWED_ACE_TYPE
Trustee: NT AUTHORITY\NETWORK SERVICE
AccessMask:
  ADS_RIGHT_READ_CONTROL
  ADS_RIGHT_DS_CREATE_CHILD
  ADS_RIGHT_ACTRL_DS_LIST
  ADS_RIGHT_DS_SELF
  ADS_RIGHT_DS_READ_PROP
  ADS_RIGHT_DS_LIST_OBJECT
Inheritance flags: 0

Some more in depth explanation about the encoded Security Descriptors can be found here.

Tags: sc, windows server 2003

About Jenz

No Comments

Start the ball rolling by posting a comment on this article!

Leave a Reply Cancel reply

Välkommen – Welcome

Denna blogg är en kombination av två av mina intressen - IT & Räddningstjänst.

This blog is a combination of two of my interests - IT and Fire Rescue Services.
My Free Applications

Text Tools
Tag Cloud
apple asp.net attacker c# case-mate cm cobian backup COM+ ddos dropbox editors pick hosting IIS 6 ipeer iphone MSADC Office 365 plastic powershell RDS reaction sc vps windows server 2003 windows server 2008
Recent Posts

Ad Plugin made by Free Wordpress Themes