RSS All Posts

RSS PowerShell Posts

Tags

2142 Active Directory Administrativia Announcements Battlefield Blogging Cricket Deployment Deployment4 Get-PSUGUK Group Policy HowTo Linux MDT MDT 2010 Microsoft Deployment Toolkit MSDN Music Permissions Personal PowerGui Power Lines PowerShell PowerShell Groups PowerShell Support PowerShell Tools PowerShell V2 Presentations PSUGAU Quick Tips Scripting SDDL Security Tech Talk Ubuntu User Groups Virtualisation VMware Infrastructure Client WAIK Weekly Poll Windows 7 Windows Automation Installation Kit Windows Server 2003 Windows Server 2008 XML

Archives

Meta

Security Identifiers (SIDs) and NT Account name

Monday, March 26th, 2007

I have a couple of functions that are quite useful when dealing with Active Directory permissions.
Translate SID to NT Account:
:get-NTaccount.ps1

#----------------------------------------------------------------------------------------------------------
function get-NTaccount
#----------------------------------------------------------------------------------------------------------
{
Param (
  $SID
  )
  $id = New-Object System.Security.Principal.SecurityIdentifier($sid)
  $account = $id.Translate( [System.Security.Principal.NTAccount] )
  return $account
}
 
#----------------------------------------------------------------------------------------------------------
get-NTaccount "S-1-5-21-812403740-544655063-2921696178-1958"

In this function we take a SID in string format, and cast it as a SecurityIdentifier and then use the .Net method to translate [...]

Setting Filesystem permissions using SDDL format

Tuesday, January 23rd, 2007

When it comes to setting the permission on the filesystem there has already been some interesting conversation between Tony (MSHforFun blog) and Marc (MOW):
http://mshforfun.blogspot.com/2005/12/play-with-acl-in-msh.html
This is fine if you want to add your ACE into an existing DACL. But what if you want to completely overwrite the DACL and “roll-your-own”? I posed this question on the [...]