Wednesday, February 13, 2008

test3

# Format SDDL strings in a more readable format
# If -TranslateSid is present, Sids will be translated to their account equivalent
param([switch]$translateSid)
process {
    $sddl=$_
    if ($sddl -is [string]) {
        # Simply use the value
    }
    else {
        # If input is any thing else, pick up SDDL property
        # This makes it possible to pipe in the output from Get-Acl or Select
        $sddl=$_.sddl
    }
    # Insert linefeed before G: D: or S: blocks
    # Insert linefeed and indent values in ()
    $sddl=$sddl -replace "([GDS]):","`n`$1:" -replace "(\([^\)]+\))","`n   `$1"
    if ($translateSid.isPresent) {
        # Match all SIDs and translate them to NTAccount format
        [regex]::Matches($sddl,"(S(-\d+){2,8})") | sort index -desc | % {
            # Save value in case translatation fails
            $name=$_.value
            $sid=[system.security.principal.securityidentifier] $name
            # Remove matched value
            $sddl=$sddl.remove($_.index,$_.length)
            # Translate, suppress non-translatable exception
            trap [System.Management.Automation.MethodInvocationException] {continue} `
                $name=$sid.Translate([system.security.principal.ntaccount])
            # Insert translated name
            $sddl=$sddl.insert($_.index,$name)
        }
    }
    $sddl
}

 


 

# Format SDDL strings in a more readable format
# If -TranslateSid is present, Sids will be translated to their account equivalent
param([switch]$translateSid)
process {
    $sddl=$_
    if ($sddl -is [string]) {
        # Simply use the value
    }
    else {
        # If input is any thing else, pick up SDDL property
        # This makes it possible to pipe in the output from Get-Acl or Select
        $sddl=$_.sddl
    }
    # Insert linefeed before G: D: or S: blocks
    # Insert linefeed and indent values in ()
    $sddl=$sddl -replace "([GDS]):","`n`$1:" -replace "(\([^\)]+\))","`n   `$1"
    if ($translateSid.isPresent) {
        # Match all SIDs and translate them to NTAccount format
        [regex]::Matches($sddl,"(S(-\d+){2,8})") | sort index -desc | % {
            # Save value in case translatation fails
            $name=$_.value
            $sid=[system.security.principal.securityidentifier] $name
            # Remove matched value
            $sddl=$sddl.remove($_.index,$_.length)
            # Translate, suppress non-translatable exception
            trap [System.Management.Automation.MethodInvocationException] {continue} `
                $name=$sid.Translate([system.security.principal.ntaccount])
            # Insert translated name
            $sddl=$sddl.insert($_.index,$name)
        }
    }
    $sddl
}


// posted by Per Østergaard @ 7:10 AM
Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?