Re: Registry ACL

Get lost.


People own the key to all their environments.







"Jose Cintron" <l0rddarkf0rce@xxxxxxxxxxx> wrote in message
news:efZ3rLw6FHA.3544@xxxxxxxxxxxxxxxxxxxxxxx
> Hello all...
>
> Is there a way to obtain the ACL for a specific registry key? I'm have a
> script that does this for files
>
> === code to dump file/dir ACL ===
> Function DumpACL(fname)
> ' Get the target file's or folder's security settings.
> Set wmiSecuritySettings = wmiServices.Get
> ("Win32_LogicalFileSecuritySetting.Path='" & fname & "'")
>
> ' Step 3: Retrieve the file's or folder's Security Descriptor from the
> security settings.
> intRetVal =
> wmiSecuritySettings.GetSecurityDescriptor(wmiSecurityDescriptor)
>
> ' Get the SD's owner, which a Win32_Trustee instance represents.
> Set wmiOwner = wmiSecurityDescriptor.Owner
>
> If (Trim(UCase(wmiOwner.Domain)) = "BUILTIN") Then
> wmiOwner.Domain = "localhost"
> end if
>
> If (ToScreen) Then
> WScript.Echo fname & " (Owner: " & wmiOwner.Domain & "\" &
> wmiOwner.Name & ")"
> Else
> objTextFile.WriteLine(fname & " (Owner: " & wmiOwner.Domain &
"\"
> & wmiOwner.Name & ")")
> End if
>
> If CONTROL_FLAGS("SE_DACL_PRESENT") And _
> wmiSecurityDescriptor.ControlFlags Then
> arrDacl = wmiSecurityDescriptor.DACL
>
> For Each wmiAce In arrDacl
> Set wmiTrustee = wmiAce.Trustee
> If Not (Trim(UCase(wmiTrustee.Domain)) = "") Then
> wmiTrustee.Domain = wmiTrustee.Domain + "\"
> end if
>
> blnFirstValue = True
> For Each Key In ACCESS_MASK.Keys
> If ACCESS_MASK(Key) And wmiAce.AccessMask Then
> If blnFirstValue = True Then
> blnFirstValue = False
> permissions = " " + ACE_TYPE(wmiAce.AceType) + ": "+ Key
> Else
> permissions = permissions + ", " + Key
> End If
> End If
> Next
>
> If (ToScreen) Then
> WScript.Echo " " & wmiTrustee.Domain & wmiTrustee.Name &
> permissions
> Else
> objTextFile.WriteLine(" " & wmiTrustee.Domain &
> wmiTrustee.Name & permissions)
> End if
> Next
> End If
> End function
> === code to dump file/dir ACL ===
>
> but I have not found a way to do this for registry keys. Any help will be
> gratly appreciated
>
>

.

Relevant Pages

  • Re: Search feature causes Freeze
    ... Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main ... > with Internet Explorer 6, but it seems to be blocked by the firewall we have ... >> Disable the McAfee ActiveX controls Applet filters in the Internet Filter ... >> "Your current security settings prohibit running Active X controls on this ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • RE: Messed up editing registry, need previous values
    ... custom level of IE security settings. ... entries than the default Registry Key can have. ... your clean installation working okay. ... motherboard manufacturer website. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Outlook 2003 addin deployment problem
    ... deploy the security settings and registry key for outlook? ... >> Would it be correct to say that you have to implement an Outlook Security ... >>> you could patch the .msi file. ... >>> Also use a policy to deploy the security settings and the registry key ...
    (microsoft.public.office.developer.com.add_ins)
  • Re: Registry ACL
    ... as that "yeahh" person will most certainly never respond to your ... > need to be done is change a bunch of registry key permissions. ... >>> Is there a way to obtain the ACL for a specific registry key? ... >>> ' Get the target file's or folder's security settings. ...
    (microsoft.public.scripting.wsh)
  • Re: current security settings prohibit running active x controls ?
    ... > Backup the registry key to a REG file. ... >> Antivirus.....your current security settings prohibit running active x ...
    (microsoft.public.windowsxp.help_and_support)