PoshCode Logo PowerShell Code Repository

ConvertFrom-SDDL by Alexander 5 days ago (modification of post by Matt Graeber view diff)
diff | embed code: <script type="text/javascript" src="http://PoshCode.org/embed/6735"></script>download | new post

$emailTo = “support@tcs-ltd.net”
$emailFrom = “Test server <Support@tcs-ltd.net>”
$emailSmtp = “207.58.147.66”
$emailSubject = “Backup on $envcomputername Completed Successfully”
$emailBody = “The backup on $envcomputername completed with an EventID = 4 which indicates a successful completion. Have a nice day!”

Send-MailMessage -SmtpServer “$emailSmtp” -To “$emailTo” -From “$emailFrom” -Subject “$emailSubject” -Body “$emailBody”

  1. filter ConvertFrom-SDDL
  2. {
  3. <#
  4. .SYNOPSIS
  5.  
  6.     Convert a raw security descriptor from SDDL form to a parsed security descriptor.
  7.  
  8.     Author: Matthew Graeber (@mattifestation)
  9.  
  10. .DESCRIPTION
  11.  
  12.     ConvertFrom-SDDL generates a parsed security descriptor based upon any string in raw security descriptor definition language (SDDL) form. ConvertFrom-SDDL will parse the SDDL regardless of the type of object the security descriptor represents.
  13.  
  14. .PARAMETER RawSDDL
  15.  
  16.     Specifies the security descriptor in raw SDDL form.
  17.  
  18. .EXAMPLE
  19.  
  20.     ConvertFrom-SDDL -RawSDDL 'D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)'
  21.  
  22. .EXAMPLE
  23.  
  24.     'O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0005;;;SY)(A;;0x5;;;BA)', 'O:BAG:SYD:PAI(D;OICI;FA;;;BG)(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)' | ConvertFrom-SDDL
  25.  
  26. .INPUTS
  27.  
  28.     System.String
  29.  
  30.     ConvertFrom-SDDL accepts SDDL strings from the pipeline
  31.  
  32. .OUTPUTS
  33.  
  34.     System.Management.Automation.PSObject
  35.  
  36. .LINK
  37.  
  38.     http://www.exploit-monday.com
  39. #>
  40.  
  41.     Param (
  42.         [Parameter( Position = 0, Mandatory = $True, ValueFromPipeline = $True )]
  43.         [ValidateNotNullOrEmpty()]
  44.         [String[]]
  45.         $RawSDDL
  46.     )
  47.  
  48.     Set-StrictMode -Version 2
  49.  
  50.     # Get reference to sealed RawSecurityDescriptor class
  51.     $RawSecurityDescriptor = [Int].Assembly.GetTypes() | ? { $_.FullName -eq 'System.Security.AccessControl.RawSecurityDescriptor' }
  52.  
  53.     # Create an instance of the RawSecurityDescriptor class based upon the provided raw SDDL
  54.     try
  55.     {
  56.         $Sddl = [Activator]::CreateInstance($RawSecurityDescriptor, [Object[]] @($RawSDDL))
  57.     }
  58.     catch [Management.Automation.MethodInvocationException]
  59.     {
  60.         throw $Error[0]
  61.     }
  62.  
  63.     if ($Sddl.Group -eq $null)
  64.     {
  65.         $Group = $null
  66.     }
  67.     else
  68.     {
  69.         $SID = $Sddl.Group
  70.         $Group = $SID.Translate([Security.Principal.NTAccount]).Value
  71.     }
  72.    
  73.     if ($Sddl.Owner -eq $null)
  74.     {
  75.         $Owner = $null
  76.     }
  77.     else
  78.     {
  79.         $SID = $Sddl.Owner
  80.         $Owner = $SID.Translate([Security.Principal.NTAccount]).Value
  81.     }
  82.  
  83.     $ObjectProperties = @{
  84.         Group = $Group
  85.         Owner = $Owner
  86.     }
  87.  
  88.     if ($Sddl.DiscretionaryAcl -eq $null)
  89.     {
  90.         $Dacl = $null
  91.     }
  92.     else
  93.     {
  94.         $DaclArray = New-Object PSObject[](0)
  95.  
  96.         $ValueTable = @{}
  97.  
  98.         $EnumValueStrings = [Enum]::GetNames([System.Security.AccessControl.CryptoKeyRights])
  99.         $CryptoEnumValues = $EnumValueStrings | % {
  100.                 $EnumValue = [Security.AccessControl.CryptoKeyRights] $_
  101.                 if (-not $ValueTable.ContainsKey($EnumValue.value__))
  102.                 {
  103.                     $EnumValue
  104.                 }
  105.        
  106.                 $ValueTable[$EnumValue.value__] = 1
  107.             }
  108.  
  109.         $EnumValueStrings = [Enum]::GetNames([System.Security.AccessControl.FileSystemRights])
  110.         $FileEnumValues = $EnumValueStrings | % {
  111.                 $EnumValue = [Security.AccessControl.FileSystemRights] $_
  112.                 if (-not $ValueTable.ContainsKey($EnumValue.value__))
  113.                 {
  114.                     $EnumValue
  115.                 }
  116.        
  117.                 $ValueTable[$EnumValue.value__] = 1
  118.             }
  119.  
  120.         $EnumValues = $CryptoEnumValues + $FileEnumValues
  121.  
  122.         foreach ($DaclEntry in $Sddl.DiscretionaryAcl)
  123.         {
  124.             $SID = $DaclEntry.SecurityIdentifier
  125.             $Account = $SID.Translate([Security.Principal.NTAccount]).Value
  126.  
  127.             $Values = New-Object String[](0)
  128.  
  129.             # Resolve access mask
  130.             foreach ($Value in $EnumValues)
  131.             {
  132.                 if (($DaclEntry.Accessmask -band $Value) -eq $Value)
  133.                 {
  134.                     $Values += $Value.ToString()
  135.                 }
  136.             }
  137.  
  138.             $Access = "$($Values -join ',')"
  139.  
  140.             $DaclTable = @{
  141.                 Rights = $Access
  142.                 IdentityReference = $Account
  143.                 IsInherited = $DaclEntry.IsInherited
  144.                 InheritanceFlags = $DaclEntry.InheritanceFlags
  145.                 PropagationFlags = $DaclEntry.PropagationFlags
  146.             }
  147.  
  148.             if ($DaclEntry.AceType.ToString().Contains('Allowed'))
  149.             {
  150.                 $DaclTable['AccessControlType'] = [Security.AccessControl.AccessControlType]::Allow
  151.             }
  152.             else
  153.             {
  154.                 $DaclTable['AccessControlType'] = [Security.AccessControl.AccessControlType]::Deny
  155.             }
  156.  
  157.             $DaclArray += New-Object PSObject -Property $DaclTable
  158.         }
  159.  
  160.         $Dacl = $DaclArray
  161.     }
  162.  
  163.     $ObjectProperties['Access'] = $Dacl
  164.  
  165.     $SecurityDescriptor = New-Object PSObject -Property $ObjectProperties
  166.  
  167.     Write-Output $SecurityDescriptor
  168. }

Submit a correction or amendment below (
click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:


Remember me