Displays the security descriptor associated with the specified key.
A security descriptor consists of a SECURITY_DESCRIPTOR structure
and its associated security information. Security information can
include security identifiers (SIDs), a system access-control
list (SACL), and a discretionary access-control list (DACL).
Format:
LIST SECURITYDESCRIPTOR key-name
key-name
Specifies the name of the key whose security descriptor will be
displayed.
1 – Qualifier
1.1 /WAIT
/WAIT=seconds (default = 90)
/NOWAIT
Specifies the maximum amount of time, in seconds, that you are
willing to wait for command completion. If the Registry server
does not complete the request in the specified interval, REG$CP
returns REG-F-NORESPONSE. The default interval is 90 seconds.
/NOWAIT is equivalent to specifying /WAIT=0, but there may still
be a short wait period.
2 – Examples
The following LIST SECURITYDESCRIPTOR command displays the
security descriptor for the root key, HKEY_USERS.
REG> LIST SECURITYDESCRIPTOR HKEY_USERS
Security Descriptor:
Revision: 0x01
Control: 0x8004 (SE_DACL_PRESENT,
SE_SELF_RELATIVE)
Owner Sid: S-1-5-20-220
Group Sid: S-1-5-20-220
Dacl:
Revision: 0x02
Size: 0x0048
Ace Count: 0x0003
Ace #1:
Type: 0x00 (ACCESS_ALLOWED_ACE_TYPE)
Flags: 0x03 (OBJECT_INHERIT_ACE,
CONTAINER_INHERIT_ACE)
Size: 0x0018
Access Mask: 0x000f003f (Full Control)
Sid: S-1-5-20-220
Ace #2:
Type: 0x00 (ACCESS_ALLOWED_ACE_TYPE)
Flags: 0x03 (OBJECT_INHERIT_ACE,
CONTAINER_INHERIT_ACE)
Size: 0x0014
Access Mask: 0x00020019 (Query Value, Enumerate
Subkeys, Notify, Read Control)
Sid: S-1-1-0 (World)
Ace #3:
Type: 0x00 (ACCESS_ALLOWED_ACE_TYPE)
Flags: 0x03 (OBJECT_INHERIT_ACE,
CONTAINER_INHERIT_ACE)
Size: 0x0014
Access Mask: 0x000f003f (Full Control)
Sid: S-1-5-12 (System)
The command in the following example displays the security
descriptor for the HKEY_LOCAL_MACHINE\SOFTWARE key.
REG> LIST SECURITYDESCRIPTOR HKEY_LOCAL_MACHINE\SOFTWARE
Security Descriptor:
Revision: 0x01
Control: 0x8004 (SE_DACL_PRESENT,
SE_SELF_RELATIVE)
Owner Sid: S-1-5-20-220
Group Sid: S-1-5-20-220
Dacl:
Revision: 0x02
Size: 0x005c
Ace Count: 0x0004
Ace #1:
Type: 0x00 (ACCESS_ALLOWED_ACE_TYPE)
Flags: 0x03 (OBJECT_INHERIT_ACE,
CONTAINER_INHERIT_ACE)
Size: 0x0018
Access Mask: 0x000f003f (Full Control)
Sid: S-1-5-20-220
Ace #2:
Type: 0x00 (ACCESS_ALLOWED_ACE_TYPE)
Flags: 0x03 (OBJECT_INHERIT_ACE,
CONTAINER_INHERIT_ACE)
Size: 0x0014
Access Mask: 0x000f003f (Full Control)
Sid: S-1-3-0
Ace #3:
Type: 0x00 (ACCESS_ALLOWED_ACE_TYPE)
Flags: 0x03 (OBJECT_INHERIT_ACE,
CONTAINER_INHERIT_ACE)
Size: 0x0014
Access Mask: 0x0003001f (Query Value, Set Value,
Create Subkey, Enumerate
Subkeys, Notify, Delete,
Read Control)
Sid: S-1-1-0 (World)
Ace #4:
Type: 0x00 (ACCESS_ALLOWED_ACE_TYPE)
Flags: 0x03 (OBJECT_INHERIT_ACE,
CONTAINER_INHERIT_ACE)
Size: 0x0014
Access Mask: 0x000f003f (Full Control)
Sid: S-1-5-12 (System)