RegistryRights listing as numbers

Welcome Forums General PowerShell Q&A RegistryRights listing as numbers

This topic contains 1 reply, has 2 voices, and was last updated by

 
Member
3 years, 4 months ago.

  • Author
    Posts
  • #29739

    Participant
    Points: 0
    Rank: Member

    Running this command (get-acl -Path "HKLM:\SYSTEM\test").access | ? {$_.registryrights} I get the below permissions.

    On set of permissions being like 'readkey', but it's below inherited permission being a number like -2147483648.

    Is there a way to convert those numbers to their actual permission? Or a table somewhere that might state which means which?

    RegistryRights : ReadKey
    AccessControlType : Allow
    IdentityReference : BUILTIN\Users
    IsInherited : True
    InheritanceFlags : None
    PropagationFlags : None

    RegistryRights : -2147483648
    AccessControlType : Allow
    IdentityReference : BUILTIN\Users
    IsInherited : True
    InheritanceFlags : ContainerInherit
    PropagationFlags : InheritOnly

    RegistryRights : FullControl
    AccessControlType : Allow
    IdentityReference : BUILTIN\Administrators
    IsInherited : True
    InheritanceFlags : None
    PropagationFlags : None

    RegistryRights : 268435456
    AccessControlType : Allow
    IdentityReference : BUILTIN\Administrators
    IsInherited : True
    InheritanceFlags : ContainerInherit
    PropagationFlags : InheritOnly

    RegistryRights : FullControl
    AccessControlType : Allow
    IdentityReference : NT AUTHORITY\SYSTEM
    IsInherited : True
    InheritanceFlags : None
    PropagationFlags : None

    RegistryRights : 268435456
    AccessControlType : Allow
    IdentityReference : NT AUTHORITY\SYSTEM
    IsInherited : True
    InheritanceFlags : ContainerInherit
    PropagationFlags : InheritOnly

    RegistryRights : 268435456
    AccessControlType : Allow
    IdentityReference : CREATOR OWNER
    IsInherited : True
    InheritanceFlags : ContainerInherit
    PropagationFlags : InheritOnly

  • #29742

    Member
    Points: 0
    Rank: Member

    There are some values in the Win32 API which don't get exposed in the .NET Framework enumerated types for some reason. Depending on what type of object you're looking at, these are generally named something like GENERIC_READ or GENERIC_WRITE, etc, and they're mostly found in default ACLs rather than on something that's been modified later in the GUI (or whatever).

    When you come across those generic permissions in .NET, you see numbers.

The topic ‘RegistryRights listing as numbers’ is closed to new replies.