Web Listing 1: DecipherSDFunction.vbs Option Explicit Function DecipherSecurityDescriptor (objSD) Dim objACL Dim objACE Dim intACECount Dim strIndent On Error Resume Next WScript.Echo strIndent & "+- ADSI Security Descriptor " & _ String (66 - Len (strIndent), "-") ' Open SD data. DisplayFormattedProperty strIndent & "| Owner", objSD.Owner, Null DisplayFormattedProperty strIndent & "| Group", objSD.Group, Null DisplayFormattedProperty strIndent & "| Revision", objSD.Revision, Null DisplayFormattedProperty strIndent & "| Control", "&h" & Hex(objSD.Control), Null intACECount = 0 Set objACL = objSD.DiscretionaryAcl intACECount = objACL.AceCount If intACECount And Err.Number = 0 Then ' Open discretionary ACL (DACL) data. strIndent = strIndent & "|" WScript.Echo strIndent & "+- ADSI DiscretionaryAcl " & _ String (69 - Len (strIndent), "-") strIndent = strIndent & "|" For Each objACE In objACL ' Open ACE data. WScript.Echo strIndent & "+- ADSI ACE " & _ String (82 - Len (strIndent), "-") DisplayFormattedProperty strIndent & "| AccessMask", _ "&h" & Hex(objACE.AccessMask), Null DisplayFormattedProperty strIndent & "| AceFlags", _ "&h" & Hex(objACE.AceFlags), Null DisplayFormattedProperty strIndent & "| AceType", _ "&h" & Hex(objACE.AceType), Null DisplayFormattedProperty strIndent & "| AceFlagType", _ "&h" & Hex(objACE.Flags), Null DisplayFormattedProperty strIndent & "| ObjectType", _ objACE.ObjectType, Null DisplayFormattedProperty strIndent & "| InheritedObjectType", _ objACE.InheritedObjectType, Null DisplayFormattedProperty strIndent & "| Trustee", _ objACE.Trustee, Null ' Close ACE data. WScript.Echo strIndent & "+-" & _ String (90 - Len (strIndent) + 2, "-") Next strIndent = Mid (strIndent, 1, Len (strIndent) - 1) ' Close DACL data. WScript.Echo strIndent & "+-" & _ String (90 - Len (strIndent) + 2, "-") strIndent = Mid (strIndent, 1, Len (strIndent) - 1) Else Err.Clear End If intACECount = 0 Set objACL = objSD.SystemACL intACECount = objACL.AceCount If intACECount And Err.Number = 0 Then ' Open System ACL data strIndent = strIndent & "|" WScript.Echo strIndent & "+- ADSI SystemAcl " & _ String (76 - Len (strIndent), "-") strIndent = strIndent & "|" For Each objACE In objACL ' Open ACE Data WScript.Echo strIndent & "+- ADSI ACE " & _ String (82 - Len (strIndent), "-") DisplayFormattedProperty strIndent & "| AccessMask", _ "&h" & Hex(objACE.AccessMask), Null DisplayFormattedProperty strIndent & "| AceFlags", _ "&h" & Hex(objACE.AceFlags), Null DisplayFormattedProperty strIndent & "| AceType", _ "&h" & Hex(objACE.AceType), Null DisplayFormattedProperty strIndent & "| AceFlagType", _ "&h" & Hex(objACE.Flags), Null DisplayFormattedProperty strIndent & "| ObjectType", _ objACE.ObjectType, Null DisplayFormattedProperty strIndent & "| InheritedObjectType", _ objACE.InheritedObjectType, Null DisplayFormattedProperty strIndent & "| Trustee", _ objACE.Trustee, Null ' Close ACE data. WScript.Echo strIndent & "+-" & _ String (90 - Len (strIndent) + 2, "-") Next strIndent = Mid (strIndent, 1, Len (strIndent) - 1) ' Close system ACL (SACL) data. WScript.Echo strIndent & "+-" & _ String (90 - Len (strIndent) + 2, "-") strIndent = Mid (strIndent, 1, Len (strIndent) - 1) Else Err.Clear End If ' Close SD data. WScript.Echo strIndent & "+-" & _ String (90 - Len (strIndent) + 2, "-") End Function