SDDLParser

Status

Publishing: PowerShell Gallery

Version: 0.5.0

Date: 2021-05-25

What is it?

A small PowerShell module for parsing Windows security descriptors written in SDDL. The module has no dependencies on other PowerShell modules but the parts that talk to ActiveDirectory will only work on Windows because the DirectoryServices namespace is not available in .NET Core on other platforms.

Why SDDL?

Using SDDL, it is possible to conserve security descriptors read from Active Directory, NTFS or Windows Registry without spending valuable resources on resolving SIDs to principal names.

Besides, the most interesting access rights are Extended Rights which do not always get reported in full by the usual methods.

What can I get out of it?

The module can translate SDDL completely offline, without any interaction with ActiveDirectory the SDDL strings originated from. Of course, this only goes as fart as the SIDs but the well-known principals denoted by their SIDs or RIDs can be resolved to their display names.

Functions

The module exports the following functions:

Expand-SDDLString

Resolve-SDDLPrincipal

Resolve-WellKnownPrincipal