(imported topic written by SystemAdmin)
Hi BF group and experts,
I encounter problem to check the access mode for the users to determine whether the users are granted full control. Do wish that you can provide me some advises on this :
Q:effective access mode for “users” of dacls of security descriptors of key “HKEY_LOCAL_MACHINE\Software” of registry
E: Singular expression refers to nonexistent object.
Q:effective access mode for “administrators” of dacls of security descriptors of key “HKEY_LOCAL_MACHINE\Software” of registry
A: 983103
Q:(effective generic all permission for “Administrator” of it, effective write permissions for “Administrator” of it) of dacl of security descriptor of windows folder
A: False, True
even the Administrator is granted full control but why it return false?
Do wish that you can kindly help me to solve this issue and thanks in advanced.
(imported comment written by BenKus)
I have never seen the “generic all” permissions inspectors work well… I haven’t figured out if it is one of the many quirks in the Windows permissions scheme or if it is a bug with our inspector… I usually use “write permission” as a proxy for “all”…
Note that “effective” permission inspectors might cause some AD domain server queries due to Microsoft’s APIs so be careful when using them…
Ben
(imported comment written by SystemAdmin)
Hi Ben,
Thanks for your reply. So, can you provide me some advises or suggest me any alternative ways that i can check whether the users are granted with the full control permissions. Thanks in advanced.
(imported comment written by BenKus)
I don’t know of a great way to do it without the effective permissions… and most of the time, you won’t have an issue… but just wanted to warn you so that if you do use them, you can keep an eye out for any issues.
Ben