In the Windows operating system, all objects secured by the OS have four key properties:
- The owner
- The primary group
- Discretionary Access Control List (DACL)
- System Access Control List (SACL)
The DACL
contains a set of individual permissions, known as Access Control Entries (ACEs), that define a particular permission. Each ACE contains properties that describe the permission, including a trustee (the security principal to whom you are giving this permission), a permission mask (what permission is being allowed or disallowed), and an ACE type (what type is allowed, disallowed). You can find details of the permission masks on the MSDN.
This recipe displays the DACL
for the Sales Group
printer, SGCP1
, created by the Installing and sharing printers recipe and later updated by the Changing printer drivers recipe. You could easily convert this recipe into an advanced function (for example, Get-PrinterSecurity
) with a parameter to tell the function which printer...