« Command line windows » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
Ligne 74 : Ligne 74 :
| D || Deny
| D || Deny
|-
|-
| CC || SERVICE_QUERY_CONFIG (request service settings)
| CC || SERVICE_QUERY_CONFIG : Query the SCM for the service configuration
|-
|-
| LC || SERVICE_QUERY_STATUS (service status polling)
| LC || SERVICE_QUERY_STATUS : Query the SCM the current status of the service
|-
|-
| SW || SERVICE_ENUMERATE_DEPENDENTS
| SW || SERVICE_ENUMERATE_DEPENDENTS : List dependent services
|-
|-
| LO || SERVICE_INTERROGATE
| LO || SERVICE_INTERROGATE : Query the service its current status
|-
|-
| CR || SERVICE_USER_DEFINED_CONTROL
| CR || SERVICE_USER_DEFINED_CONTROL
|-
|-
| RC || READ_CONTROL
| RC || READ_CONTROL : Query the security descriptor of the service
|-
|-
| RP || SERVICE_START
| RP || SERVICE_START : Start the service
|-
|-
| WP || SERVICE_STOP
| WP || SERVICE_STOP
|-
|-
| DT || SERVICE_PAUSE_CONTINUE
| DT || SERVICE_PAUSE_CONTINUE : Pause/Resume the service
|-
|-
| DC || SERVICE_CHANGE_CONFIG (Change service configuration)
| DC || SERVICE_CHANGE_CONFIG (Change service configuration)
|-
| WD || WRITE_DAC : Change the permissions of the service
|-
| WO || WRITE_OWNER : Change the ownership of the service
|-
| SD || DELETE : The right to delete the service
|}
{| class="wikitable wtp"
|+ Security Principal
! Code
! Description
|-
|-
| AU || Authenticated Users
| AU || Authenticated Users
|-
|-
| BA || Built-in administrators
| BA || Built-in administrators
|-
| BU || Built-in users
|-
|-
| IU || Interactively logged-on user
| IU || Interactively logged-on user
|-
|-
| SU || Service logon user
| SU || Service logon user
|-
| SY || Local System
|-
|-
| WD || Everyone
| WD || Everyone
|}
|}

Version du 7 février 2022 à 18:56

Users and groups

Ps.svg 
# list local users
net user

# display account information (groups of which he is a member)
net user [username]

# create an account
net user /add [username]
# it prompts the password

# list local groups
net localgroup

# list the users of a group
net localgroup [groupname]

# add a user to a group
net localgroup administrators [username] /add

Access Control Lists

Ps.svg 
# save the DACLs of c:\folder\file.ext to c:\folder\acl.txt
icacls c:\folder\file.ext /save c:\folder\acl.txt

# restore the DACLs of c:\folder\file.ext from c:\folder\acl.txt
icacls c:\folder\file.ext /restore c:\folder\acl.txt

# grant to User1 the Delete and Write DAC permissions to c:\folder\file.ext
icacls c:\folder\file.ext /grant User1:(d,wdac)
Basic permissions
Code Description
F Full access
M Modify access
RX Read and execute access
R Read-only access
W Write-only access

Service Controller

Ps.svg 
# display the current permissions for MyService as an SDDL string
sc sdshow MyService

# set the permissions for MyService
sc sdset MyService "D:(A;;...)(A;;RPWPCR;;;S-1-5-21-2133228432-2794320136-1823075350-1000)S:(...)"

# get the SID of the current user
whoami /user
Code Description
S: System Access Control List (SACL)
D: Discretionary ACL (DACL)
A Allow
D Deny
CC SERVICE_QUERY_CONFIG : Query the SCM for the service configuration
LC SERVICE_QUERY_STATUS : Query the SCM the current status of the service
SW SERVICE_ENUMERATE_DEPENDENTS : List dependent services
LO SERVICE_INTERROGATE : Query the service its current status
CR SERVICE_USER_DEFINED_CONTROL
RC READ_CONTROL : Query the security descriptor of the service
RP SERVICE_START : Start the service
WP SERVICE_STOP
DT SERVICE_PAUSE_CONTINUE : Pause/Resume the service
DC SERVICE_CHANGE_CONFIG (Change service configuration)
WD WRITE_DAC : Change the permissions of the service
WO WRITE_OWNER : Change the ownership of the service
SD DELETE : The right to delete the service
Security Principal
Code Description
AU Authenticated Users
BA Built-in administrators
BU Built-in users
IU Interactively logged-on user
SU Service logon user
SY Local System
WD Everyone
Récupérée de « http://wiki.bananeatomic.fr/index.php?title=Command_line_windows&oldid=26774 »