Re: Registry ACL
- From: "Al Dunbar" <AlanNOSPAmDrub@xxxxxxxxxxx>
- Date: Fri, 25 Nov 2005 20:00:36 -0800
"Jose Cintron" <l0rddarkf0rce@xxxxxxxxxxx> wrote in message
news:%23B8EQtq7FHA.3876@xxxxxxxxxxxxxxxxxxxxxxx
> I'm not sure why I'm even bothering replying to this message,
Me neither, as that "yeahh" person will most certainly never respond to your
followup post.
> but sometime
> people with bellow normal intelligence need a kick in the pants...
>
> Where did my post ask for who owns the key? I'm looking at this from the
> perspective of an auditor (damn I hate that word)... Probably you haven't
> read it, but in any case there are a number of guides that can be used to
> tighten the security of a Windows based system and some of the things that
> need to be done is change a bunch of registry key permissions. I'm sure
> that anyone with half a brain cell still alive will figure out what I want
> to do, so 'yeahh' go crawl under a rock and stay out of conversations that
> do not concern you, especially since you have nothing to contribute.
Your expectations are way, way, way too high if you think that anything you
can say will have any impact on this jerk. Just ignore this type of post.
/Al
>
>
> "yeahh" <nospam@xxxxxxxx> wrote in message
> news:eqFzOYN7FHA.2888@xxxxxxxxxxxxxxxxxxxxxxx
>> Get lost.
>>
>>
>> People own the key to all their environments.
>>
>>
>>
>>
>>
>>
>>
>> news:efZ3rLw6FHA.3544@xxxxxxxxxxxxxxxxxxxxxxx
>> > Hello all...
>> >
>> > Is there a way to obtain the ACL for a specific registry key? I'm have
> a
>> > script that does this for files
>> >
>> > === code to dump file/dir ACL ===
>> > Function DumpACL(fname)
>> > ' Get the target file's or folder's security settings.
>> > Set wmiSecuritySettings = wmiServices.Get
>> > ("Win32_LogicalFileSecuritySetting.Path='" & fname & "'")
>> >
>> > ' Step 3: Retrieve the file's or folder's Security Descriptor from
> the
>> > security settings.
>> > intRetVal =
>> > wmiSecuritySettings.GetSecurityDescriptor(wmiSecurityDescriptor)
>> >
>> > ' Get the SD's owner, which a Win32_Trustee instance represents.
>> > Set wmiOwner = wmiSecurityDescriptor.Owner
>> >
>> > If (Trim(UCase(wmiOwner.Domain)) = "BUILTIN") Then
>> > wmiOwner.Domain = "localhost"
>> > end if
>> >
>> > If (ToScreen) Then
>> > WScript.Echo fname & " (Owner: " & wmiOwner.Domain & "\" &
>> > wmiOwner.Name & ")"
>> > Else
>> > objTextFile.WriteLine(fname & " (Owner: " & wmiOwner.Domain &
>> "\"
>> > & wmiOwner.Name & ")")
>> > End if
>> >
>> > If CONTROL_FLAGS("SE_DACL_PRESENT") And _
>> > wmiSecurityDescriptor.ControlFlags Then
>> > arrDacl = wmiSecurityDescriptor.DACL
>> >
>> > For Each wmiAce In arrDacl
>> > Set wmiTrustee = wmiAce.Trustee
>> > If Not (Trim(UCase(wmiTrustee.Domain)) = "") Then
>> > wmiTrustee.Domain = wmiTrustee.Domain + "\"
>> > end if
>> >
>> > blnFirstValue = True
>> > For Each Key In ACCESS_MASK.Keys
>> > If ACCESS_MASK(Key) And wmiAce.AccessMask Then
>> > If blnFirstValue = True Then
>> > blnFirstValue = False
>> > permissions = " " + ACE_TYPE(wmiAce.AceType) + ": "+ Key
>> > Else
>> > permissions = permissions + ", " + Key
>> > End If
>> > End If
>> > Next
>> >
>> > If (ToScreen) Then
>> > WScript.Echo " " & wmiTrustee.Domain & wmiTrustee.Name &
>> > permissions
>> > Else
>> > objTextFile.WriteLine(" " & wmiTrustee.Domain &
>> > wmiTrustee.Name & permissions)
>> > End if
>> > Next
>> > End If
>> > End function
>> > === code to dump file/dir ACL ===
>> >
>> > but I have not found a way to do this for registry keys. Any help will
> be
>> > gratly appreciated
>> >
>> >
>>
>
>
.
- References:
- Re: Registry ACL
- From: yeahh
- Re: Registry ACL
- Prev by Date: Re: Detecting window popup
- Next by Date: Re: Displaying the format a floppy disk window/dialog
- Previous by thread: Re: Registry ACL
- Next by thread: Re: ADs search string to get members of the group
- Index(es):
Relevant Pages
|
