joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

Finding protected ACLs just got that much easier…

by @ 12:02 am on 5/17/2007. Filed under tech

I am working on AdFind again, well, let me say that it is pulled up in the IDE again. I am almost always tweaking it and usually have a special version I run that has more fun stuff in it than the version you all get to run. For example I have been running V01.37.00 now for several months and adding to it right along. This evening I added a new shortcut switch that takes advantage of some other new switches. The new shortcut switch is an attempt to make finding protected ACLs (ACLs that are set not to inherit – you know like what happens to objects that have been dinged by AdminSDHolder…) much easier.

Previously I discussed how to find objects with protected ACLs, I was never satisfied with that solution because, while it was easier, it was a long command to type and it required a second binary. I generally hate that unless I have absolutely no choice. So you will recall previously from http://blog.joeware.net/2007/01/06/756/ that you could use the command

adfind -h 2k3dc02 -gc -null -f * ntsecuritydescriptor -sddl -onlydaclflag -csv |grep “] P”

could be used… well once V01.37.00 goes live, you can run the following command instead (well the search bases are different but you knew that):

F:\Dev\CPP\AdFind>adfind -sc aclnoinherit -default

AdFind V01.37.00cpp Joe Richards (joe@joeware.net) May 2007

Using server: r2dc1.test.loc:389
Directory: Windows Server 2003
Base DN: DC=test,DC=loc

dn:CN=VolumeTable,CN=FileLinks,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN=AdminSDHolder,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN=WMIPolicy,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

[SNIP]

dn:CN=user\, test,OU=Users,OU=TestOU,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN=HideMe,OU=HideTest,OU=TestOU,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN={FDC4F256-F4C3-4251-A439-49C43C5C4D02},CN=Policies,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

dn:CN={BC824D7B-4297-4B87-A07D-A4C8EC39E375},CN=Policies,CN=System,DC=test,DC=loc
>nTSecurityDescriptor: [DACL] (FLAGS:PROTECTED INHERIT)

26 Objects returned

oh, you need that in CSV format… Add -csv

F:\Dev\CPP\AdFind>adfind -sc aclnoinherit -default -csv
“dn”,”ntsecuritydescriptor”
“CN=VolumeTable,CN=FileLinks,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=AdminSDHolder,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=WMIPolicy,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=SOM,CN=WMIPolicy,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Administrator,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Administrators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Print Operators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Backup Operators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Replicator,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=krbtgt,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Domain Controllers,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Schema Admins,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Enterprise Admins,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Domain Admins,CN=Users,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Server Operators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=Account Operators,CN=Builtin,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=$joe,OU=Users,OU=My,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=testadmin,OU=Users,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=TestAdminClone,OU=Users,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=ADMINONLY,OU=Users,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=user\, test,OU=Users,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN=HideMe,OU=HideTest,OU=TestOU,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN={FDC4F256-F4C3-4251-A439-49C43C5C4D02},CN=Policies,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”
“CN={BC824D7B-4297-4B87-A07D-A4C8EC39E375},CN=Policies,CN=System,DC=test,DC=loc”,”[DACL] (FLAGS:PROTECTED INHERIT)”

Cool eh?

I am not sure when V01.37.00 will be available, I am adding Longhorn stuff to it as I figure out what needs to be added. I am thinking though that I am within a week or three of putting a fork in it unless something else comes up.

     joe

Rating 3.00 out of 5

Comments are closed.

«
»

[joeware – never stop exploring… :) is proudly powered by WordPress.]