Retrieving security descriptor and getting number

2020-03-02 16:44发布

站内问答 / 前端开发
1788 2 4

Using Get-Acl I am trying to get the access rights on a folder. The thing is, for some groups I get a number instead of a access type. Example below:

get-acl "C:\TestFolder" | % {$_.access}
FileSystemRights  : -536805376
AccessControlType : Allow
IdentityReference : TestDomain\Support
IsInherited       : False
InheritanceFlags  : ObjectInherit
PropagationFlags  : InheritOnly

Is there any way to translate this number back to its name?

2条回答
爷的心禁止访问
2楼-- · 2020-03-02 16:51

The value of the FileSystemRights property is an unsigned 32-bit integer, where each bit represents a particular access permission. Most of the permissions are listed in the Win32_ACE class documentation, except for the "generic" permissions (bits 28-31) and the right to access SACLs (bit 23). More details can be found here and here.

If you want to break down an ACE access mask into its specific access rights (vulgo "extended permissions") you could do something like this:

$accessMask = [ordered]@{
  [uint32]'0x80000000' = 'GenericRead'
  [uint32]'0x40000000' = 'GenericWrite'
  [uint32]'0x20000000' = 'GenericExecute'
  [uint32]'0x10000000' = 'GenericAll'
  [uint32]'0x02000000' = 'MaximumAllowed'
  [uint32]'0x01000000' = 'AccessSystemSecurity'
  [uint32]'0x00100000' = 'Synchronize'
  [uint32]'0x00080000' = 'WriteOwner'
  [uint32]'0x00040000' = 'WriteDAC'
  [uint32]'0x00020000' = 'ReadControl'
  [uint32]'0x00010000' = 'Delete'
  [uint32]'0x00000100' = 'WriteAttributes'
  [uint32]'0x00000080' = 'ReadAttributes'
  [uint32]'0x00000040' = 'DeleteChild'
  [uint32]'0x00000020' = 'Execute/Traverse'
  [uint32]'0x00000010' = 'WriteExtendedAttributes'
  [uint32]'0x00000008' = 'ReadExtendedAttributes'
  [uint32]'0x00000004' = 'AppendData/AddSubdirectory'
  [uint32]'0x00000002' = 'WriteData/AddFile'
  [uint32]'0x00000001' = 'ReadData/ListDirectory'
}

$fileSystemRights = Get-Acl -LiteralPath 'C:\some\folder_or_file' |
                    Select-Object -Expand Access |
                    Select-Object -Expand FileSystemRights -First 1

$permissions = $accessMask.Keys |
               Where-Object { $fileSystemRights.value__ -band $_ } |
               ForEach-Object { $accessMask[$_] }

The simple permissions FullControl, Modify, ReadAndExecute etc. are just specific combinations of these extended permissions. ReadAndExecute for instance is a combination of the following extended permissions:

  • ReadData/ListDirectory
  • Execute/Traverse
  • ReadAttributes
  • ReadExtendedAttributes
  • ReadControl

so the access mask for ReadAndExecute would have the value 131241.

If you want the result to be a combination of simple permission and the remaining extended permissions, you could do something like this:

$accessMask = [ordered]@{
  ...
}

$simplePermissions = [ordered]@{
  [uint32]'0x1f01ff' = 'FullControl'
  [uint32]'0x0301bf' = 'Modify'
  [uint32]'0x0200a9' = 'ReadAndExecute'
  [uint32]'0x02019f' = 'ReadAndWrite'
  [uint32]'0x020089' = 'Read'
  [uint32]'0x000116' = 'Write'
}

$fileSystemRights = Get-Acl -LiteralPath 'C:\some\folder_or_file' |
                    Select-Object -Expand Access |
                    Select-Object -Expand FileSystemRights -First 1

$fsr = $fileSystemRights.value__

$permissions = @()

# get simple permission
$permissions += $simplePermissions.Keys | ForEach-Object {
                  if (($fsr -band $_) -eq $_) {
                    $simplePermissions[$_]
                    $fsr = $fsr -band (-bnot $_)
                  }
                }

# get remaining extended permissions
$permissions += $accessMask.Keys |
                Where-Object { $fsr -band $_ } |
                ForEach-Object { $accessMask[$_] }
查看更多
0人赞 添加讨论(0) 举报
Viruses.
3楼-- · 2020-03-02 17:01

Quick and dirty tanslation:

268435456 - FullControl

-536805376 - Modify, Synchronize

-1610612736 - ReadAndExecute, Synchronize

If you want to learn about the translation process this was the best i could find at the moment: Link

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)