ConvertFrom-SddlString
Converts a SDDL string to a custom object.
Syntax
ConvertFrom-SddlString
[-Sddl] <String>
[-Type <AccessRightTypeNames>]
[<CommonParameters>]
Description
This cmdlet is only available on the Windows platform.
The ConvertFrom-SddlString
cmdlet converts a Security Descriptor Definition Language string to a
custom PSCustomObject object with the following properties: Owner, Group, DiscretionaryAcl,
SystemAcl and RawDescriptor.
Owner, Group, DiscretionaryAcl and SystemAcl properties contain a readable text representation of the access rights specified in a SDDL string.
This cmdlet was introduced in PowerShell 5.0.
Examples
Example 1: Convert file system access rights SDDL to a PSCustomObject
$acl = Get-Acl -Path C:\Windows
ConvertFrom-SddlString -Sddl $acl.Sddl
The first command uses the Get-Acl
cmdlet to get the security descriptor for the C:\Windows folder
and saves it in the variable.
The second command uses the ConvertFrom-SddlString
cmdlet to get the text representation of the
SDDL string, contained in the Sddl property of the object representing the security descriptor.
Example 2: Convert registry access rights SDDL to a PSCustomObject
$acl = Get-Acl HKLM:\SOFTWARE\Microsoft\
ConvertFrom-SddlString -Sddl $acl.Sddl -Type RegistryRights
The first command uses the Get-Acl
cmdlet to get the security descriptor for the
HKLM:\SOFTWARE\Microsoft\ key and saves it in the variable.
The second command uses the ConvertFrom-SddlString
cmdlet to get the text representation of the
SDDL string, contained in the Sddl property of the object representing the security descriptor.
It uses the -Type
parameter to specify that SDDL string represents a registry security descriptor.
Example 3: Convert registry access rights SDDL to a PSCustomObject by using ConvertFrom-SddlString with and without the `-Type` parameter
$acl = Get-Acl -Path HKLM:\SOFTWARE\Microsoft\
ConvertFrom-SddlString -Sddl $acl.Sddl | Foreach-Object {$_.DiscretionaryAcl[0]}
BUILTIN\Administrators: AccessAllowed (ChangePermissions, CreateDirectories, Delete, ExecuteKey, FullControl, GenericExecute, GenericWrite, ListDirectory, ReadExtendedAttributes, ReadPermissions, TakeOwnership, Traverse, WriteData, WriteExtendedAttributes, WriteKey)
ConvertFrom-SddlString -Sddl $acl.Sddl -Type RegistryRights | Foreach-Object {$_.DiscretionaryAcl[0]}
BUILTIN\Administrators: AccessAllowed (ChangePermissions, CreateLink, CreateSubKey, Delete, EnumerateSubKeys, ExecuteKey, FullControl, GenericExecute, GenericWrite, Notify, QueryValues, ReadPermissions, SetValue, TakeOwnership, WriteKey)
The first command uses the Get-Acl
cmdlet to get the security descriptor for the
HKLM:\SOFTWARE\Microsoft\ key and saves it in the variable.
The second command uses the ConvertFrom-SddlString
cmdlet to get the text representation of the
SDDL string, contained in the Sddl property of the object representing the security descriptor.
It doesn't use the -Type
parameter, so the access rights shown are for file system.
The third command uses the ConvertFrom-SddlString
cmdlet with the -Type
parameter, so the access
rights returned are for registry.
Parameters
-Sddl
Specifies the string representing the security descriptor in SDDL syntax.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Type
Specifies the type of rights that SDDL string represents.
The acceptable values for this parameter are:
- FileSystemRights
- RegistryRights
- ActiveDirectoryRights
- MutexRights
- SemaphoreRights
- CryptoKeyRights
- EventWaitHandleRights
By default cmdlet uses file system rights.
CryptoKeyRights and ActiveDirectoryRights are not supported in PowerShell v6 and higher.
Type: | Microsoft.PowerShell.Commands.ConvertFromSddlStringCommand+AccessRightTypeNames |
Accepted values: | FileSystemRights, RegistryRights, ActiveDirectoryRights, MutexRights, SemaphoreRights, CryptoKeyRights, EventWaitHandleRights |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
You can pipe a SDDL string to this cmdlet.
Notes
This cmdlet is only available on Windows platforms.
Related Links
Σχόλια
https://aka.ms/ContentUserFeedback.
Σύντομα διαθέσιμα: Καθ' όλη τη διάρκεια του 2024 θα καταργήσουμε σταδιακά τα ζητήματα GitHub ως μηχανισμό ανάδρασης για το περιεχόμενο και θα το αντικαταστήσουμε με ένα νέο σύστημα ανάδρασης. Για περισσότερες πληροφορίες, ανατρέξτε στο θέμα:Υποβολή και προβολή σχολίων για