RegistryRights listing as numbers

This topic contains 1 reply, has 2 voices, and was last updated by  Dave Wyatt 2 years, 2 months ago.

  • Author
    Posts
  • #29739

    ertuu85
    Participant

    Running this command (get-acl -Path "HKLM:\SYSTEM\test").access | ? {$_.registryrights} I get the below permissions.

    On set of permissions being like 'readkey', but it's below inherited permission being a number like -2147483648.

    Is there a way to convert those numbers to their actual permission? Or a table somewhere that might state which means which?

    RegistryRights : ReadKey
    AccessControlType : Allow
    IdentityReference : BUILTIN\Users
    IsInherited : True
    InheritanceFlags : None
    PropagationFlags : None

    RegistryRights : -2147483648
    AccessControlType : Allow
    IdentityReference : BUILTIN\Users
    IsInherited : True
    InheritanceFlags : ContainerInherit
    PropagationFlags : InheritOnly

    RegistryRights : FullControl
    AccessControlType : Allow
    IdentityReference : BUILTIN\Administrators
    IsInherited : True
    InheritanceFlags : None
    PropagationFlags : None

    RegistryRights : 268435456
    AccessControlType : Allow
    IdentityReference : BUILTIN\Administrators
    IsInherited : True
    InheritanceFlags : ContainerInherit
    PropagationFlags : InheritOnly

    RegistryRights : FullControl
    AccessControlType : Allow
    IdentityReference : NT AUTHORITY\SYSTEM
    IsInherited : True
    InheritanceFlags : None
    PropagationFlags : None

    RegistryRights : 268435456
    AccessControlType : Allow
    IdentityReference : NT AUTHORITY\SYSTEM
    IsInherited : True
    InheritanceFlags : ContainerInherit
    PropagationFlags : InheritOnly

    RegistryRights : 268435456
    AccessControlType : Allow
    IdentityReference : CREATOR OWNER
    IsInherited : True
    InheritanceFlags : ContainerInherit
    PropagationFlags : InheritOnly

  • #29742

    Dave Wyatt
    Moderator

    There are some values in the Win32 API which don't get exposed in the .NET Framework enumerated types for some reason. Depending on what type of object you're looking at, these are generally named something like GENERIC_READ or GENERIC_WRITE, etc, and they're mostly found in default ACLs rather than on something that's been modified later in the GUI (or whatever).

    When you come across those generic permissions in .NET, you see numbers.

You must be logged in to reply to this topic.