Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

FormattedSDDLText

A database field of the FormattedSDDLText data type holds a text string that describes a security descriptor using valid security descriptor definition language (SDDL.) This data type is used by the SDDLText field of the MsiLockPermissionsEx Table to secure a selected object.

Windows Installer 4.5 or earlier:  Not supported. This data type is available beginning with Windows Installer 5.0.

The FormattedSDDLText data type can hold a SDDL string written in valid Security Descriptor String Format. For more information about SDDL, see the Access Control section of the Microsoft Windows Software Development Kit (SDK). In addition, a FormattedSDDLText text string can use angle brackets (<>) to contain the domain and user name of the user whose account SID is to be determined.

If the user having user name SampleUser belongs to a domain named SampleDomain, then the FormattedSDDLText value can identify the owner using the SID string, the user name and domain name, or the Windows environment variables. For example, the following strings would be possible.

O:owner_sid_stringG:BAD:(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;owner_sid_string)(A;OICI;GA;;;BA)S:ARAI(AU;SAFA;FA;;;WD)
O:<SampleDomain\SampleUser>G:BAD:(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;<SampleDomain\SampleUser>)(A;OICI;GA;;;BA)S:ARAI(AU;SAFA;FA;;;WD)
O:<[%USERDOMAIN]\[%USERNAME]>G:BAD:(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;<[%USERDOMAIN]\[%USERNAME]>)(A;OICI;GA;;;BA)S:ARAI(AU;SAFA;FA;;;WD)

 

 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.