SDDL, what is it, does it matter?

Get-Acl (Get-ADDomain).DistinguishedName | Select-Object SDDL | Format-List
(Get-Acl (Get-ADDomain).DistinguishedName).sddl
(Get-Acl (Get-ADDomain).DistinguishedName).sddl
(Get-Acl (Get-ADDomain).DistinguishedName).Access | Where {$_.IdentityReference -like “*Everyone*”}
  • ACE type (allow/deny/audit)
  • ACE flags (inheritance and audit settings)
  • Permissions (list of incremental permissions)
  • ObjectType (GUID)
  • Inherited Object Type (GUID)
  • Trustee (SID)
(Get-Acl ‘dc=corp,dc=local’).Access | Where {($_.ActiveDirectoryRights -like “*WriteDACL*”) -and ($_.AccessControlType -eq “Allow”)}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rich

Rich

15 Followers

I work various IT jobs & like Windows domain security as a hobby. Most of what’s here is my notes from work or the lab.