« Command line windows » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
| Ligne 48 : | Ligne 48 : | ||
|- | |- | ||
| W || Write-only access | | W || Write-only access | ||
|} | |||
= Service Controller = | |||
<kode lang='ps'> | |||
# display the current permissions for MyService as an SDDL string | |||
sc sdshow MyService | |||
# set the permissions for MyService | |||
sc sdset MyService "D:(A...)(A;;RPWPCR;;;S-1-5-21-2133228432-2794320136-1823075350-1000)S:(...)" | |||
# get the SID of the current user | |||
whoami /user | |||
</kode> | |||
{| class="wikitable wtp" | |||
! Code | |||
! Description | |||
|- | |||
| S: || System Access Control List (SACL) | |||
|- | |||
| D: || Discretionary ACL (DACL) | |||
|- | |||
| A || Allow | |||
|- | |||
| D || Deny | |||
|- | |||
| CC || SERVICE_QUERY_CONFIG (request service settings) | |||
|- | |||
| LC || SERVICE_QUERY_STATUS (service status polling) | |||
|- | |||
| SW || SERVICE_ENUMERATE_DEPENDENTS | |||
|- | |||
| LO || SERVICE_INTERROGATE | |||
|- | |||
| CR || SERVICE_USER_DEFINED_CONTROL | |||
|- | |||
| RC || READ_CONTROL | |||
|- | |||
| RP || SERVICE_START | |||
|- | |||
| WP || SERVICE_STOP | |||
|- | |||
| DT || SERVICE_PAUSE_CONTINUE | |||
|- | |||
| AU || Authenticated Users | |||
|- | |||
| AO || Account operators | |||
|- | |||
| RU || Alias to allow previous Windows 2000 | |||
|- | |||
| AN || Anonymous logon | |||
|- | |||
| AU || Authenticated users | |||
|- | |||
| BA || Built-in administrators | |||
|- | |||
| BG || Built-in guests | |||
|- | |||
| BO || Backup operators | |||
|- | |||
| BU || Built-in users | |||
|- | |||
| CA || Certificate server administrators | |||
|- | |||
| CG || Creator group | |||
|- | |||
| CO || Creator owner | |||
|- | |||
| DA || Domain administrators | |||
|- | |||
| DC || Domain computers | |||
|- | |||
| DD || Domain controllers | |||
|- | |||
| DG || Domain guests | |||
|- | |||
| DU || Domain users | |||
|- | |||
| EA || Enterprise administrators | |||
|- | |||
| ED || Enterprise domain controllers | |||
|- | |||
| WD || Everyone | |||
|- | |||
| PA || Group Policy administrators | |||
|- | |||
| IU || Interactively logged-on user | |||
|- | |||
| LA || Local administrator | |||
|- | |||
| LG || Local guest | |||
|- | |||
| LS || Local service account | |||
|- | |||
| SY || Local system | |||
|- | |||
| NU || Network logon user | |||
|- | |||
| NO || Network configuration operators | |||
|- | |||
| NS || Network service account | |||
|- | |||
| PO || Printer operators | |||
|- | |||
| PS || Personal self | |||
|- | |||
| PU || Power users | |||
|- | |||
| RS || RAS servers group | |||
|- | |||
| RD || Terminal server users | |||
|- | |||
| RE || Replicator | |||
|- | |||
| RC || Restricted code | |||
|- | |||
| SA || Schema administrators | |||
|- | |||
| SO || Server operators | |||
|- | |||
| SU || Service logon user | |||
|} | |} | ||
Version du 7 février 2022 à 18:32
Users and groups
|
# list local users net user # display account information (groups of which he is a member) net user [username] # create an account net user /add [username] # it prompts the password # list local groups net localgroup # list the users of a group net localgroup [groupname] # add a user to a group net localgroup administrators [username] /add |
Access Control Lists
|
|
# save the DACLs of c:\folder\file.ext to c:\folder\acl.txt icacls c:\folder\file.ext /save c:\folder\acl.txt # restore the DACLs of c:\folder\file.ext from c:\folder\acl.txt icacls c:\folder\file.ext /restore c:\folder\acl.txt # grant to User1 the Delete and Write DAC permissions to c:\folder\file.ext icacls c:\folder\file.ext /grant User1:(d,wdac) |
| Code | Description |
|---|---|
| F | Full access |
| M | Modify access |
| RX | Read and execute access |
| R | Read-only access |
| W | Write-only access |
Service Controller
|
|
# display the current permissions for MyService as an SDDL string sc sdshow MyService # set the permissions for MyService sc sdset MyService "D:(A...)(A;;RPWPCR;;;S-1-5-21-2133228432-2794320136-1823075350-1000)S:(...)" # get the SID of the current user whoami /user |
| Code | Description |
|---|---|
| S: | System Access Control List (SACL) |
| D: | Discretionary ACL (DACL) |
| A | Allow |
| D | Deny |
| CC | SERVICE_QUERY_CONFIG (request service settings) |
| LC | SERVICE_QUERY_STATUS (service status polling) |
| SW | SERVICE_ENUMERATE_DEPENDENTS |
| LO | SERVICE_INTERROGATE |
| CR | SERVICE_USER_DEFINED_CONTROL |
| RC | READ_CONTROL |
| RP | SERVICE_START |
| WP | SERVICE_STOP |
| DT | SERVICE_PAUSE_CONTINUE |
| AU | Authenticated Users |
| AO | Account operators |
| RU | Alias to allow previous Windows 2000 |
| AN | Anonymous logon |
| AU | Authenticated users |
| BA | Built-in administrators |
| BG | Built-in guests |
| BO | Backup operators |
| BU | Built-in users |
| CA | Certificate server administrators |
| CG | Creator group |
| CO | Creator owner |
| DA | Domain administrators |
| DC | Domain computers |
| DD | Domain controllers |
| DG | Domain guests |
| DU | Domain users |
| EA | Enterprise administrators |
| ED | Enterprise domain controllers |
| WD | Everyone |
| PA | Group Policy administrators |
| IU | Interactively logged-on user |
| LA | Local administrator |
| LG | Local guest |
| LS | Local service account |
| SY | Local system |
| NU | Network logon user |
| NO | Network configuration operators |
| NS | Network service account |
| PO | Printer operators |
| PS | Personal self |
| PU | Power users |
| RS | RAS servers group |
| RD | Terminal server users |
| RE | Replicator |
| RC | Restricted code |
| SA | Schema administrators |
| SO | Server operators |
| SU | Service logon user |
