O R G A N I C / F E R T I L I Z E R: 12.05

Dec 30, 2005

how to decipher sddl for useful stuff

i was counting my lucky stars that i never had to give any thought to deciphering SDDLs (security descriptor definition language). some people have written entire diatribes on the subject. for me, i just need a reference. hence, my posting... sddl is broken down into four parts:
sddl string is easier to look at like this since there are no spaces or visible terminators other than the colon:
it's important to note the format of the ace string is broken down like this:
  • [ace_type];[ace_flags];[rights];[object_guid];[inherit_object_guid];[account_sid]
i created a file called text.txt in my c:\temp directory. in the GUI, it's expressed as this:
  • Administrators - Full Control
  • SYSTEM - Full Control
  • Users - Read & Execute
in sddl, it's expressed as:
O:BAG:DUD:ARAI(A;;FA;;;BA)(A;;FA;;;SY)(A;;0x1200a9;;;BU)(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1200a9;;;BU)

from this, we know that the first segment is for owner:
  • O:BA - builtin administrators
the second segment is for primary group:
  • G:DU - domain users
the third segment is the dacl, including the dacl flag that precedes the value in parenthesis:
  • D:ARAI - basically inheritance
the value in parenthesis is the ace string. it's broken down like this:
  • A; - allow type
  • ; - ace flag
  • FA; - file access all
  • ; - object guid
  • ; - inherit object guid
  • BA - builtin administrators

Dec 29, 2005

how to reset machine account passwords

member servers (utilize one of the methods below):
  • nltest /sc_change_pwd:
  • change the following registry value to 0: hklm\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage - restart netlogon
domain controllers:
  • netdom resetpwd
thanks joe & steve.

Dec 2, 2005

monad dependencies

if you're upgrading to the newest version of monad that runs on the .net framework 2.0 production release, make sure that you remove monad prior to uninstalling .net framework 2.0 beta 2. otherwise, you won't be able to uninstall monad to install the new version. so here's the steps:
  1. uninstall monad
  2. uninstall .net framework 2.0 beta 2
  3. install .net framework 2.0 (production release)
  4. install monad