[freenet-dev] Priorities for 0.8

Fri, 02 Jan 2009 18:37:18 +0100 

Daniel Cheng skrev:
>>> sc.exe , which is included scince windows 2000 can set the permission.
>>> use `sc sdset`
>>> http://technet.microsoft.com/en-us/library/bb490995.aspx
>>> http://msdn.microsoft.com/en-au/library/aa379570(VS.85).asp
>>>
>>>       
>> Nicey. Any command line example? Those docs seems all gibberish to me.
>>     
>
> Let's see the windows automatic update serivce:
>
> ---------
> C:\>sc sdshow wuauserv
> D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)
>    (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
>    (A;;CCLCSWLOCRRC;;;AU)
>    (A;;CCLCSWRPWPDTLOCRRC;;;PU)
> ---------
> each (..) is a permission, fields seprated by ";"
>
> "A"  - Access Allowed
> ;
> (inhertance, not for service)
> ;
> "GA"  SDDL_GENERIC_ALL        GENERIC_ALL
> "GR"  SDDL_GENERIC_READ       GENERIC_READ
> "GW"  SDDL_GENERIC_WRITE      GENERIC_WRITE
> "GX"  SDDL_GENERIC_EXECUTE    GENERIC_EXECUTE
> "RC"  SDDL_READ_CONTROL       READ_CONTROL
> "SD"  SDDL_STANDARD_DELETE    DELETE
> "WD"  SDDL_WRITE_DAC  WRITE_DAC
> "WO"  SDDL_WRITE_OWNER        WRITE_OWNER
> "RP"  SDDL_READ_PROPERTY      ADS_RIGHT_DS_READ_PROP
> "WP"  SDDL_WRITE_PROPERTY     ADS_RIGHT_DS_WRITE_PROP
> "CC"  SDDL_CREATE_CHILD       ADS_RIGHT_DS_CREATE_CHILD
> "DC"  SDDL_DELETE_CHILD       ADS_RIGHT_DS_DELETE_CHILD
> "LC"  SDDL_LIST_CHILDREN      ADS_RIGHT_ACTRL_DS_LIST
> "SW"  SDDL_SELF_WRITE         ADS_RIGHT_DS_SELF
> "LO"  SDDL_LIST_OBJECT        ADS_RIGHT_DS_LIST_OBJECT
> "DT"  SDDL_DELETE_TREE        ADS_RIGHT_DS_DELETE_TREE
> "CR"  SDDL_CONTROL_ACCESS     ADS_RIGHT_DS_CONTROL_ACCESS
> "FA"  SDDL_FILE_ALL   FILE_ALL_ACCESS
> "FR"  SDDL_FILE_READ  FILE_GENERIC_READ
> "FW"  SDDL_FILE_WRITE         FILE_GENERIC_WRITE
> "FX"  SDDL_FILE_EXECUTE       FILE_GENERIC_EXECUTE
> "KA"  SDDL_KEY_ALL    KEY_ALL_ACCESS
> "KR"  SDDL_KEY_READ   KEY_READ
> "KW"  SDDL_KEY_WRITE  KEY_WRITE
> "KX"  SDDL_KEY_EXECUTE        KEY_EXECUTE
> ;
> SY = System
> BA = Administrator
> AU = Authenicated User
> PU = Power User
>
> e.g. (A;;CCLCSWRPWPDTLOCRRC;;;PU)
> means Power User allow create/list child, self write, read/write
> property, delete,, list object, control access and read control..
>
>
> if you don't understand this string... just copy the string from what
> ever service you have set up already.
>   

Looks pretty straight-forward. But what access do we want to give out?  
This one?:

"CR"    SDDL_CONTROL_ACCESS     ADS_RIGHT_DS_CONTROL_ACCESS

- Zero3

Reply via email to