Skip to Content
Windows Security Monitoring
book

Windows Security Monitoring

by Andrei Miroshnikov
April 2018
Intermediate to advanced content levelIntermediate to advanced
648 pages
14h 51m
English
Wiley
Content preview from Windows Security Monitoring

APPENDIX C SDDL Access Rights

A Security Descriptor Definition Language (SDDL) access control entry (ACE) has a section where you should define the access rights of the ACE.

Predefined constants for generic access rights (Table C-1) can be mapped to any other access rights for a securable object. For example, the GENERIC_READ access right for a filesystem object maps for the following access rights:

Table C-1: Generic Access Rights

HEX STRING NAME
0x10000000 GA GENERIC_ALL
0x80000000 GR GENERIC_READ
0x40000000 GW GENERIC_WRITE
0x20000000 GX GENERIC_EXECUTE

READ_CONTROL + SYNCHRONIZE + FILE_READ_DATA + FILE_READ_EA + FILE_READ_ATTRIBUTES.

There is also a set of standard access rights that are applicable to most securable objects (Table C-2).

Table C-2: Standard Access Rights

HEX STRING NAME
0x00010000 SD DELETE
0x00020000 RC READ_CONTROL
0x00040000 WD WRITE_DAC
0x00080000 WO WRITE_OWNER
0x00100000 - SYNCHRONIZE
0x000F0000 - STANDARD_RIGHTS_REQUIRED
0x01000000 - ACCESS_SYSTEM_SECURITY
0x00250000 - STANDARD_RIGHTS_ALL

Object-Specific Access Rights

Each securable object type may have a dedicated set of object-specific access rights associated to it.

Table C-3 contains information about Directory Service object access rights.

Table C-3: Directory Service Object Access Rights

HEX STRING NAME
0x1 CC ADS_RIGHT_DS_CREATE_CHILD
0x2 DC ADS_RIGHT_DS_DELETE_CHILD
0x4 LC ADS_RIGHT_ACTRL_DS_LIST
0x8 SW ADS_RIGHT_DS_SELF
0x10
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Mastering Windows Security and Hardening

Mastering Windows Security and Hardening

Mark Dunkerley, Matt Tumbarello
Cyber Security and Network Security

Cyber Security and Network Security

Sabyasachi Pramanik, Debabrata Samanta, M. Vinay, Abhijit Guha

Publisher Resources

ISBN: 9781119390640Purchase book