« Command line windows » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
Ligne 56 : Ligne 56 :


# set the permissions for MyService
# set the permissions for MyService
sc sdset MyService "D:(A...)(A;;RPWPCR;;;S-1-5-21-2133228432-2794320136-1823075350-1000)S:(...)"
sc sdset MyService "D:(A;;...)(A;;RPWPCR;;;S-1-5-21-2133228432-2794320136-1823075350-1000)S:(...)"


# get the SID of the current user
# get the SID of the current user
Ligne 93 : Ligne 93 :
|-
|-
| AU || Authenticated Users
| AU || Authenticated Users
|-
| AO || Account operators
|-
| RU || Alias to allow previous Windows 2000
|-
| AN || Anonymous logon
|-
| AU || Authenticated users
|-
|-
| BA || Built-in administrators
| BA || Built-in administrators
|-
|-
| BG || Built-in guests
| IU || Interactively logged-on user
|-
|-
| BO || Backup operators
| SU || Service logon user
|-
| BU || Built-in users
|-
| CA || Certificate server administrators
|-
| CG || Creator group
|-
| CO || Creator owner
|-
| DA || Domain administrators
|-
| DC || Domain computers
|-
| DD || Domain controllers
|-
| DG || Domain guests
|-
| DU || Domain users
|-
| EA || Enterprise administrators
|-
| ED || Enterprise domain controllers
|-
|-
| WD || Everyone
| WD || Everyone
|-
| PA || Group Policy administrators
|-
| IU || Interactively logged-on user
|-
| LA || Local administrator
|-
| LG || Local guest
|-
| LS || Local service account
|-
| SY || Local system
|-
| NU || Network logon user
|-
| NO || Network configuration operators
|-
| NS || Network service account
|-
| PO || Printer operators
|-
| PS || Personal self
|-
| PU || Power users
|-
| RS || RAS servers group
|-
| RD || Terminal server users
|-
| RE || Replicator
|-
| RC || Restricted code
|-
| SA || Schema administrators
|-
| SO || Server operators
|-
| SU || Service logon user
|}
|}

Version du 7 février 2022 à 18:38

Users and groups

Ps.svg 
# list local users
net user

# display account information (groups of which he is a member)
net user [username]

# create an account
net user /add [username]
# it prompts the password

# list local groups
net localgroup

# list the users of a group
net localgroup [groupname]

# add a user to a group
net localgroup administrators [username] /add

Access Control Lists

Ps.svg 
# save the DACLs of c:\folder\file.ext to c:\folder\acl.txt
icacls c:\folder\file.ext /save c:\folder\acl.txt

# restore the DACLs of c:\folder\file.ext from c:\folder\acl.txt
icacls c:\folder\file.ext /restore c:\folder\acl.txt

# grant to User1 the Delete and Write DAC permissions to c:\folder\file.ext
icacls c:\folder\file.ext /grant User1:(d,wdac)
Basic permissions
Code Description
F Full access
M Modify access
RX Read and execute access
R Read-only access
W Write-only access

Service Controller

Ps.svg 
# display the current permissions for MyService as an SDDL string
sc sdshow MyService

# set the permissions for MyService
sc sdset MyService "D:(A;;...)(A;;RPWPCR;;;S-1-5-21-2133228432-2794320136-1823075350-1000)S:(...)"

# get the SID of the current user
whoami /user
Code Description
S: System Access Control List (SACL)
D: Discretionary ACL (DACL)
A Allow
D Deny
CC SERVICE_QUERY_CONFIG (request service settings)
LC SERVICE_QUERY_STATUS (service status polling)
SW SERVICE_ENUMERATE_DEPENDENTS
LO SERVICE_INTERROGATE
CR SERVICE_USER_DEFINED_CONTROL
RC READ_CONTROL
RP SERVICE_START
WP SERVICE_STOP
DT SERVICE_PAUSE_CONTINUE
AU Authenticated Users
BA Built-in administrators
IU Interactively logged-on user
SU Service logon user
WD Everyone
Récupérée de « http://wiki.bananeatomic.fr/index.php?title=Command_line_windows&oldid=26772 »