New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revisit the algorithm used in 'ConvertFrom-SddlString' #8365
Comments
There were comments that Generic access right bitsSDDL defines The lack of support is because the The generic access rights actually occur in the DACLs of Registry keys. For example, the security descriptor of For files though, it seems that the Win32 Guessing the type of the object from the SDDL stringThere was a comment that Because ConvertSidToStringSidW does not take a SE_OBJECT_TYPE parameter, it can use type-specific access right strings even for objects of other types, if the access masks happen to match. For example, if you use |
This issue has been marked as "No Activity" as there has been no activity for 6 months. It has been closed for housekeeping purposes. |
The function
ConvertFrom-SddlString
was converted to C# in PR #8341 to improve the startup speed.The C# code is just a translation of what the script was doing, but there are concerns about the fundamental algorithm used in the original script function (see #8341 (comment)). We need to revisit this cmdlet to make sure it does the right thing.
The review comments in #3936 will be valuable when we revisit this cmdlet.
The text was updated successfully, but these errors were encountered: