ConvertFrom-SddlString
Converts a SDDL string to a custom object.
구문
Default (기본값)
ConvertFrom-SddlString
[-Sddl] <String>
[-Type <Object>]
[<CommonParameters>]
Description
The ConvertFrom-SddlString cmdlet converts a Security Descriptor Definition Language string to a
custom PSCustomObject object with the following properties: Owner, Group, DiscretionaryAcl,
SystemAcl and RawDescriptor.
Owner, Group, DiscretionaryAcl and SystemAcl properties contain a readable text representation of the access rights specified in a SDDL string.
This cmdlet was introduced in PowerShell 5.0.
예제
Example 1: Convert file system access rights SDDL to a PSCustomObject
$acl = Get-Acl -Path C:\Windows
ConvertFrom-SddlString -Sddl $acl.Sddl
The first command uses the Get-Acl cmdlet to get the security descriptor for the C:\Windows folder
and saves it in the variable.
The second command uses the ConvertFrom-SddlString cmdlet to get the text representation of the
SDDL string, contained in the Sddl property of the object representing the security descriptor.
Example 2: Convert registry access rights SDDL to a PSCustomObject
$acl = Get-Acl HKLM:\SOFTWARE\Microsoft\
ConvertFrom-SddlString -Sddl $acl.Sddl -Type RegistryRights
The first command uses the Get-Acl cmdlet to get the security descriptor for the
HKLM:\SOFTWARE\Microsoft\ key and saves it in the variable.
The second command uses the ConvertFrom-SddlString cmdlet to get the text representation of the
SDDL string, contained in the Sddl property of the object representing the security descriptor.
It uses the -Type parameter to specify that SDDL string represents a registry security descriptor.
Example 3: Convert registry access rights SDDL to a PSCustomObject by using ConvertFrom-SddlString with and without the `-Type` parameter
$acl = Get-Acl -Path HKLM:\SOFTWARE\Microsoft\
ConvertFrom-SddlString -Sddl $acl.Sddl | ForEach-Object {$_.DiscretionaryAcl[0]}
BUILTIN\Administrators: AccessAllowed (ChangePermissions, CreateDirectories, Delete, ExecuteKey, FullControl, GenericExecute, GenericWrite, ListDirectory, ReadExtendedAttributes, ReadPermissions, TakeOwnership, Traverse, WriteData, WriteExtendedAttributes, WriteKey)
ConvertFrom-SddlString -Sddl $acl.Sddl -Type RegistryRights | ForEach-Object {$_.DiscretionaryAcl[0]}
BUILTIN\Administrators: AccessAllowed (ChangePermissions, CreateLink, CreateSubKey, Delete, EnumerateSubKeys, ExecuteKey, FullControl, GenericExecute, GenericWrite, Notify, QueryValues, ReadPermissions, SetValue, TakeOwnership, WriteKey)
The first command uses the Get-Acl cmdlet to get the security descriptor for the
HKLM:\SOFTWARE\Microsoft\ key and saves it in the variable.
The second command uses the ConvertFrom-SddlString cmdlet to get the text representation of the
SDDL string, contained in the Sddl property of the object representing the security descriptor.
It doesn't use the -Type parameter, so the access rights shown are for file system.
The third command uses the ConvertFrom-SddlString cmdlet with the -Type parameter, so the access
rights returned are for registry.
Example 4: Convert Active Directory access rights SDDL to a PSCustomObject
$user = [adsi]"LDAP://CN=username,CN=Users,DC=___domain,DC=com"
ConvertFrom-SddlString $user.psbase.ObjectSecurity.Sddl -Type ActiveDirectoryRights
The first command uses Active Directory Service Interfaces (ADSI) to get the user object and saves it in the variable.
The second command uses the ConvertFrom-SddlString cmdlet to get text representation of the SDDL string, contained in the Sddl property of the object representing the security descriptor.
It uses the -Type parameter to specify that SDDL string represents an Active Directory security descriptor.
매개 변수
-Sddl
Specifies the string representing the security descriptor in SDDL syntax.
매개 변수 속성
| 형식: | String |
| Default value: | None |
| 와일드카드 지원: | False |
| DontShow: | False |
매개 변수 집합
(All)
| Position: | 0 |
| 필수: | True |
| 파이프라인의 값: | True |
| 속성 이름별 파이프라인의 값: | False |
| 나머지 인수의 값: | False |
-Type
Specifies the type of rights that SDDL string represents.
The acceptable values for this parameter are:
- FileSystemRights
- RegistryRights
- ActiveDirectoryRights
- MutexRights
- SemaphoreRights
- CryptoKeyRights
- EventWaitHandleRights
By default cmdlet uses file system rights.
CryptoKeyRights and ActiveDirectoryRights are not supported in PowerShell v6 and higher.
매개 변수 속성
| 형식: | Object |
| Default value: | None |
| 허용되는 값: | FileSystemRights, RegistryRights, ActiveDirectoryRights, MutexRights, SemaphoreRights, CryptoKeyRights, EventWaitHandleRights |
| 와일드카드 지원: | False |
| DontShow: | False |
매개 변수 집합
(All)
| Position: | Named |
| 필수: | False |
| 파이프라인의 값: | False |
| 속성 이름별 파이프라인의 값: | False |
| 나머지 인수의 값: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
입력
String
You can pipe a SDDL string to this cmdlet.
