PS C:\> sc.exe sdshow scmanager
D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;S-1-5-21-948911695-1962824784-4291460660-1124)(A;;KA;;;BA)(A;;CC;;;AC)(A;;CC;;;S-1-15-3-1024-528118966-3876874398-709513571-1907873084-3598227634-3698730060-278077788-3990600205)
PS C:\> ConvertFrom-SddlString -Sddl "D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;S-1-5-21-948911695-1962824784-4291460660-1124)(A;;KA;;;BA)(A;;CC;;;AC)(A;;CC;;;S-1-15-3-1024-528118966-3876874398-709513571-1907873084-3598227634-3698730060-278077788-3990600205)" | select -ExpandProperty DiscretionaryAcl
NT AUTHORITY\INTERACTIVE: AccessAllowed (CreateDirectories, GenericExecute, ListDirectory, ReadPermissions, WriteExtendedAttributes)
NT AUTHORITY\SERVICE: AccessAllowed (CreateDirectories, GenericExecute, ListDirectory, ReadPermissions, WriteExtendedAttributes)
NT AUTHORITY\Authenticated Users: AccessAllowed (ListDirectory)
NT AUTHORITY\SYSTEM: AccessAllowed (CreateDirectories, GenericExecute, ListDirectory, ReadPermissions, Traverse, WriteExtendedAttributes)
BUILTIN\Administrators: AccessAllowed (ChangePermissions, CreateDirectories, Delete, ExecuteKey, FullControl, GenericExecute, GenericWrite, ListDirectory, ReadExtendedAttributes, ReadPermissions, TakeOwnership, Traverse, WriteData, WriteExtendedAttributes, WriteKey)
DOM\REDACTEDGroup: AccessAllowed (ChangePermissions, CreateDirectories, Delete, ExecuteKey, FullControl, GenericExecute, GenericWrite, ListDirectory, ReadExtendedAttributes, ReadPermissions, TakeOwnership, Traverse, WriteData, WriteExtendedAttributes, WriteKey)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES: AccessAllowed (ListDirectory)
: AccessAllowed (ListDirectory)
Do you think it could be a good idea to add this kind of check ? i can help / work on it also but before i would like to confirm it s relevant from your point of view.