Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
256 lines (128 sloc) 15.3 KB

type: access control list

An Access Control List, or ACL, is a list of security protections that applies to an object. An object can be a file, process, event, or anything else having a security descriptor. An entry in an access control list (ACL) is an access control entry (ACE). These inspectors work by exposing the GetEffectiveRightsFromAcl method, as explained at the MSDN site. Note: Requires Windows XP, Windows 2000 Professional, or Windows NT Workstation 3.1 and later.

effective access mode for <security account> of <access control list> : integer

Returns an integer corresponding to the access mode for the trustee specified by the security account of the given access control list.

effective access mode for <string> of <access control list> : integer

Returns an integer corresponding to the access mode for the trustee specified by <string> of the given access control list.Example: effective access mode for "Administrators" of dacls of security descriptors of system folder as hexadecimal - Returns a hex value corresponding to the access mode of the system folder for users logged in as Administrators.

effective access system security permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has access system security permissions on the given access control list.

effective access system security permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has access system security permissions on the given access control list.

effective append permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has append permissions on the given access control list.

effective append permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has append permissions on the given access control list.Example: effective append permission for "Power Users" of dacls of security descriptors of windows folder - Returns True if Power Users have append permissions on the system folder.

effective change notification permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has change notification permissions on the given access control list.

effective change notification permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has change notification permissions on the given access control list.

effective create file permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has file creation permissions on the given access control list.

effective create file permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has file creation permissions on the given access control list.

effective create folder permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has folder creation permissions on the given access control list.

effective create folder permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has folder creation permissions on the given access control list.Example: effective create folder permissions for "Administrators" of dacls of security descriptors of folders of folder "c:" - Returns a list of TRUE/FALSE values corresponding to the ability of the Administrator to create new folders in each of the existing folders of the c: drive.

effective create link permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has link creation permissions on the given access control list.

effective create link permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has link creation permissions on the given access control list.

effective create subkey permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has subkey creation permissions on the given access control list.

effective create subkey permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has subkey creation permissions on the given access control list.

effective delete child permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has child deletion permissions on the given access control list.

effective delete child permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has child deletion permissions on the given access control list.

effective delete permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has delete permissions on the given access control list.

effective delete permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has delete permissions on the given access control list.

effective enumerate subkeys permission for <security account> of <access control list> : boolean

Returns True if the specified security account provides the right to list the subkeys of a registry key.

effective enumerate subkeys permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has subkey enumeration permissions on the given access control list.

effective execute permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has execution permissions on the given access control list.

effective execute permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has execution permissions on the given access control list.

effective generic all permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has all generic permissions on the given access control list.

effective generic all permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has all generic permissions on the given access control list.

effective generic execute permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has generic execution permissions on the given access control list.

effective generic execute permission for <string> of <access control list> : boolean

Returns True if the trustee specified by the security account has generic execution permissions on the given access control list.

effective generic read permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has generic read permissions on the given access control list.

effective generic read permission for <string> of <access control list> : boolean

Returns True if the trustee specified by the security account has generic read permissions on the given access control list.

effective generic write permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has generic write permissions on the given access control list.

effective generic write permission for <string> of <access control list> : boolean

Returns True if the trustee specified by the security account has generic write permissions on the given access control list.

effective list permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has list permissions on the given access control list.

effective list permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has list permissions on the given access control list.

effective maximum allowed permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has maximum allowed permissions on the given access control list.

effective maximum allowed permission for <string> of <access control list> : boolean

Returns True if the trustee specified by the security account has maximum allowed permissions on the given access control list.

effective query value permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has query value permissions on the given access control list.

effective query value permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has query value permissions on the given access control list.

effective read attributes permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has read attribute permissions on the given access control list.

effective read attributes permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has read attribute permissions on the given access control list.

effective read control permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has read control permissions on the given access control list.

effective read control permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has read control permissions on the given access control list.

effective read extended attributes permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has extended read attribute permissions on the given access control list.

effective read extended attributes permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has extended read attribute permissions on the given access control list.

effective read permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has read permissions on the given access control list.

effective read permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has read permissions on the given access control list.

effective set value permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has value setting permissions on the given access control list.

effective set value permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has value setting permissions on the given access control list.

effective synchronize permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has synchronization permissions on the given access control list.

effective synchronize permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has synchronization permissions on the given access control list.Example: effective synchronize permission for "Administrators" of dacls of security descriptors of system folder - Returns True if the Administrator has permission to syncrhonize with the system folder.

effective traverse permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has traverse permissions on the given access control list.

effective traverse permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has traverse permissions on the given access control list.

effective write attributes permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has attribute writing permissions on the given access control list.

effective write attributes permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has attribute writing permissions on the given access control list.

effective write dac permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has dac writing permissions on the given access control list.

effective write dac permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has dac writing permissions on the given access control list.

effective write extended attributes permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has extended attribute writing permissions on the given access control list.

effective write extended attributes permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has extended attribute writing permissions on the given access control list.

effective write owner permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has write owner permissions on the given access control list.

effective write owner permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has write owner permissions on the given access control list.

effective write permission for <security account> of <access control list> : boolean

Returns True if the trustee specified by the security account has write permissions on the given access control list.

effective write permission for <string> of <access control list> : boolean

Returns True if the trustee specified by <string> has write permissions on the given access control list.

entry of <access control list> : access control entry

Iterates the ACEs of an ACL.

You can’t perform that action at this time.