If you know what these are, can you recommend a good program to view them in, per directory or file? Registry would be nice too, maybe services, but that may be asking a lot. Freeware please, or 30 day trial versions would also work.

Using the builtin security tool of windows is extremely slow. Some stipulations. It must show all values that you would see in security tool, such as Propogate to children and Inherit etc. It must show owners. It would be nice to also show conatiner_inherit, inherit_ace_only, etc values.

Using on local machine, no network. Viewing compositly or with a handy treeview would do nice. Also exporting as text in an easier to read output than say subinacl does. Of interest if you open security & config analyzer or sec templates snap-in, not all options you see from the security tool are visible, thus the need for something better.

Perhaps someone has a script to parse the dumps from secedit/subinacl or similar?

Sul.

SubInACL (http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en), SDDL parse tool (http://blogs.microsoft.co.il/files/folders/guyt/entry70399.aspx) msdn

Thanks.

The parser might be of some use. Secedit, I will see if the parser can pull out what I need. Right now I am deep into SDDL and effect on different things, as well as implentation via script that does not require subinacl, although that remains to be seen.

What I am really looking for is an ACL browser of sorts, where I can enter a combination and permutation of all available DACL flags as well as PACE's, to see exactly what will happen to existing structures, as well create structures with those SDDL, and how each effects differning inheritance and ownership. SDDL is documented, but the documentation leaves out a lot of things that actually happen. There are many good blogs, but they also use PowerShell or .net, where I am seeking a more built-in approach. lol, as usual I am looking for a backdoor into templates which allow a much more flexible and robust method intrinsic to the default tools.

If you understand that, perhaps you know of an ACL browser that can give me whole directory/file data on the side, so that I can get a GUI picture of it all, especially as I script the new objects/containers to be created in different methods.

Thanks for taking the time to reply.

Sul.

Maybe some of these might help:

Hyena
Security Explorer
AccessEnum
AccessChk
SetACL
FileACL
DumpSec
XCACLS
CACLS
iCACLS