Get SDDL in VBScript

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 16 years and 9 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Get SDDL in VBScript

Post by jvierra »

Has anyone ever found a way to return a security descriptor in SDDL format from either a file object or a registry object?
This has been a constant issue for a couple of ye4ars. I have researched it in the SDK and numerous other places. All indications are that this is not possible. I decided to ask on a couple of forums to see if anyone has found a sneaky way around this limitation.

I know that it can be done with WMI on Wndows Vista and later. It cannot be done with WMI on WS2003 or earlier systems.

The Win32 API has had a conversion routine that can convert an SD to SDDL since Windows 2000. This API is not available to VBScript. It is exposed in "Authorization Manager" but AzMan is not installed on any system by default.

So...

The question is, using buitlin components, how to get a file security descriptor in SDDL format?

Everything I know tells me this is not possible.

jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Get SDDL in VBScript

Post by jvierra »

Has anyone ever found a way to return a security descriptor in SDDL format from either a file object or a registry object?
This has been a constant issue for a couple of ye4ars. I have researched it in the SDK and numerous other places. All indications are that this is not possible. I decided to ask on a couple of forums to see if anyone has found a sneaky way around this limitation.

I know that it can be done with WMI on Wndows Vista and later. It cannot be done with WMI on WS2003 or earlier systems.

The Win32 API has had a conversion routine that can convert an SD to SDDL since Windows 2000. This API is not available to VBScript. It is exposed in "Authorization Manager" but AzMan is not installed on any system by default.

So...

The question is, using buitlin components, how to get a file security descriptor in SDDL format?

Everything I know tells me this is not possible.

User avatar
abqbill
Posts: 138
Last visit: Mon Sep 28, 2020 1:20 pm

Get SDDL in VBScript

Post by abqbill »

Hi jvierra,I don't know of a way using built-in objects. However, I believe SetACL (setacl.sourceforge.net) provides the ability to dump permissions in SDDL format. I think he provides an ActiveX object version as well.HTH,Bill
User avatar
abqbill
Posts: 138
Last visit: Mon Sep 28, 2020 1:20 pm

Get SDDL in VBScript

Post by abqbill »

Hi jvierra,If you do figure it out, don't forget to let us know.Thanks!Bill
This topic is 16 years and 9 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked