| File name: | dsacls.exe.mui |
| Size: | 15872 byte |
| MD5: | 813be4d8faf6777b0f709aead076171f |
| SHA1: | 1b383652c5851e300c992d7c9cf94c3edc53bf4f |
| SHA256: | 51a29fabf5080fe94898255802eb621f50be25a41bf39be58f6de5c484dc44f7 |
| Operating systems: | Windows 10 |
| Extension: | MUI |
| In x64: | dsacls.exe DS 控制 ACL 程序 (32 位) |
If an error occurred or the following message in Chinese (Simplified) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.
| id | Chinese (Simplified) | English |
|---|---|---|
| 1 | I | I |
| 2 | N | N |
| 4 | P | P |
| 8 | G | G |
| 16 | D | D |
| 32 | R | R |
| 64 | S | S |
| 128 | T | T |
| 256 | A | A |
| 512 | resetDefaultDACL | resetDefaultDACL |
| 1024 | resetDefaultSACL | resetDefaultSACL |
| 2048 | takeOwnership | takeOwnership |
| 4096 | domain | domain |
| 8002 | 此命令成功完成 | The command completed successfully |
| 8003 | 未能成功完成命令。 | The command failed to complete successfully. |
| 8004 | 参数 %1 之后不是用户/访问列表 | The parameter %1 was not followed by a user/access list |
| 8005 | 参数 %1 意外出现。 | Parameter %1 was unexpected. |
| 8006 | 访问列表: | Access list: |
| 8007 | 审核列表: | Audit list: |
| 8008 | 所有者: %1 | Owner: %1 |
| 8009 | 组: %1 | Group: %1 |
| 8010 | {该对象受保护,无法从父对象继承权限} | {This object is protected from inheriting permissions from the parent} |
| 8011 | 继承到: %1 | Inherit to: %1 |
| 8012 | 属性: %1 | Property: %1 |
| 8013 | 基对象: | Base object: |
| 8014 | (%1)%0 | (%1)%0 |
| 8015 | %1:%0 | %1:%0 |
| 8016 | %1%0 | %1%0 |
| 8017 | 已处理条目 %1 | Processed entry %1 |
| 8019 | 继承到子对象的权限为: | Permissions inherited to subobjects are: |
| 8020 | 已继承到所有子对象 | Inherited to all subobjects |
| 8021 | 已继承到 %1 | Inherited to %1 |
| 8022 | 允许 | Allow |
| 8023 | 拒绝 | Deny |
| 8024 | ||
| 8025 | %2 的 %1 | %1 for %2 |
| 8026 | 特殊访问 | SPECIAL ACCESS |
| 8027 | 没有任何访问控制项 | THERE ARE NO ACCESS CONTROL ENTRIES |
| 8028 | 找不到 %1 的 Sid | No Sid Found for %1 |
| 8029 | 找不到 %1 的 GUID | No GUID Found for %1 |
| 8030 | %1 是属性或属性集。有效权限为 WP (写入属性)、RP (读取属性) 和 CA (控制访问权限) | %1 is Property or Property Set. Valid Permissions are WP(Write Property), RP(Read Property) and CA(Control Access Right) |
| 8031 | %1 是扩展权限。唯一有效权限为 CA (控制访问权限) | %1 is Extended Right. Only Valid Permission is CA(Control Access Right) |
| 8032 | %1 是已验证的写入。唯一有效权限为 WS (写入自身对象) | %1 is Validated Write. Only Valid Permission is WS(Write To Self Object) |
| 8033 | %1 是对象类型。有效的权限为 CC (创建子对象)和 DC (删除子对象)。 | %1 is Object Type. Valid Permissons are CC(Create Child and DC(Delete Child). |
| 8034 | %1 被指定为继承的对象类型。/I:S 必须存在。 | %1 is specified as Inherited Object Type. /I:S must be present. |
| 8035 | 成功 | Success |
| 8036 | 失败 | Failure |
| 8037 | 全部 | All |
| 8038 | 对象路径无效,请纠正该路径。 | Object path is not valid, please correct it. |
| 8039 | 指定的操作失败,返回 ldap 错误: %1 %2 。 |
Specified operation failed with ldap error: %1 %2 . |
| 8040 | 密码: | Passwd: |
| 8041 | 你输入了无效密码。 |
You have entered an invalid password. |
| 8042 | 选项 /domain 应该与 /user 一起使用。 |
option /domain should be used with /user. |
| 8043 | 已指定选项 /domain。无法执行简单绑定。 |
option /domain is specified. Cannot do simple bind. |
| 8044 | 选项 /passwd 应该与 /user 一起使用。 |
option /passwd should be used with /user. |
| 8045 | UserDN 未能执行简单绑定。 |
UserDN missing to do simple bind. |
| 8046 | 未知 | Unknown |
| 8192 | user | user |
| 16384 | passwd | passwd |
| 32768 | simple | simple |
| 32769 | SD | SD |
| 32770 | RC | RC |
| 32771 | WD | WD |
| 32772 | WO | WO |
| 32773 | CC | CC |
| 32774 | DC | DC |
| 32775 | LC | LC |
| 32776 | WS | WS |
| 32777 | WP | WP |
| 32778 | RP | RP |
| 32779 | DT | DT |
| 32780 | LO | LO |
| 32786 | CA | CA |
| 32787 | GR | GR |
| 32788 | GE | GE |
| 32789 | GW | GW |
| 32790 | GA | GA |
| 32792 | DELETE | DELETE |
| 32793 | READ PERMISSONS | READ PERMISSONS |
| 32794 | WRITE PERMISSIONS | WRITE PERMISSIONS |
| 32795 | CHANGE OWNERSHIP | CHANGE OWNERSHIP |
| 32796 | CREATE CHILD | CREATE CHILD |
| 32797 | DELETE CHILD | DELETE CHILD |
| 32798 | LIST CONTENTS | LIST CONTENTS |
| 32799 | WRITE SELF | WRITE SELF |
| 32800 | WRITE PROPERTY | WRITE PROPERTY |
| 32801 | READ PROPERTY | READ PROPERTY |
| 32802 | DELETE TREE | DELETE TREE |
| 32803 | LIST OBJECT | LIST OBJECT |
| 32804 | READ | READ |
| 32805 | EXECUTE | EXECUTE |
| 32806 | WRITE | WRITE |
| 32807 | FULL CONTROL | FULL CONTROL |
| 32808 | CONTROL ACCESS | CONTROL ACCESS |
| 32809 | Y | Y |
| 0x2329 | 显示或修改 Active Directory 域服务(AD DS)对象的权限(ACLS)DSACLS object [/I:TSP] [/N] [/P:YN] [/G : [...]] [/R [...]] [/D : [...]] [/S] [/T] [/A] [/resetDefaultDACL] [/resetDefaultSACL] [/takeOwnership] [/user:] [/passwd: | *] [/simple] object 要为其显示或操纵 ACL 的 AD DS 对象的路径 路径的名称格式为 RFC 1779,如下所示 CN=John Doe,OU=Software,OU=Engineering,DC=Widget,DC=com 通过在对象前面加 \\\\server[:port]\\ 来表示特定的 AD DS,如下所示 \\\\ADSERVER\\CN=John Doe,OU=Software,OU=Engineering,DC=Widget,DC=US | Displays or modifies permissions (ACLS) of an Active Directory Domain Services (AD DS)ObjectDSACLS object [/I:TSP] [/N] [/P:YN] [/G : [...]] [/R [...]] [/D : [...]] [/S] [/T] [/A] [/resetDefaultDACL] [/resetDefaultSACL] [/takeOwnership] [/user:] [/passwd: | *] [/simple] object Path to the AD DS object for which to display or manipulate the ACLs Path is the RFC 1779 format of the name, as in CN=John Doe,OU=Software,OU=Engineering,DC=Widget,DC=com A specific AD DS can be denoted by prepending \\\\server[:port]\\ to the object, as in \\\\ADSERVER\\CN=John Doe,OU=Software,OU=Engineering,DC=Widget,DC=US |
| 0x232A | 无选项 显示对象的安全性。 /I 继承标志: T: 该对象和子对象 S: 仅子对象 P: 仅传播一级可继承权限。 /N 替换对象的当前访问权限,而不是编辑该权限。 /P 将对象标记为受保护 Y:是 N:否 如果未提供 /P 选项,则维持当前保护标志。 /G : 向指定的组(或用户) 授予指定的权限。 有关 和 的格式,请参见下面的内容 /D : 拒绝向指定的组(或用户)授予指定的权限。 有关 和 的格式,请参见下面的内容 /R 删除指定组(或用户)的所有权限。 有关 的格式,请参见下面的内容 /S 将对象的安全性还原为AD DS 架构中定义 的该对象类的默认值。当 dsacls 绑定到 NTDS 时 才使用该选项。若要还原 AD LDS 中对象的默认 ACL,请使用 /resetDefaultDACL 和 /resetDefaultSACL 选项。 /T 将对象树的安全性还原为对象类的默认值。 此开关仅与 /S 选项一起使用时才有效。 /A 显示 AD DS 对象的安全性时, 会显示审核信息以及权限和所有权信息。 /resetDefaultDACL 将对象的 DACL 还原为 AD DS 架构中定义 的该对象类的默认值。 /resetDefaultSACL 将对象的 SACL 还原为 AD DS 架构中定义 的该对象类的默认值。 /takeOwnership 获取对象的所有权。 /domain: 使用用户的该域帐户连接到 ldap 服务器。 /user: 使用该用户名连接到 ldap 服务器。 如果未使用该选项,则 dsacls 将使用 SSPI 绑定 为当前登录的用户。 /passwd: | * 用户帐户的密码。 /simple 使用 ldap 简单绑定绑定到服务器。请注意,将通过 连接发送明文密码。 | no options displays the security on the object. /I Inheritance flags: T: This object and sub objects S: Sub objects only P: Propagate inheritable permissions one level only. /N Replaces the current access on the object, instead of editing it. /P Mark the object as protected Y:Yes N:No If /P option is not present, current protection flag is maintained. /G : Grant specified group (or user) specified permissions. See below for format of and /D : Deny specified group (or user) specified permissions. See below for format of and /R Remove all permissions for the specified group (or user). See below for format of /S Restore the security on the object to the default for that object class as defined in AD DS Schema. This option works when dsacls is bound to NTDS. To restore default ACL of an object in AD LDS use /resetDefaultDACL and /resetDefaultSACL options. /T Restore the security on the tree of objects to the default for the object class. This switch is valid only with the /S option. /A When displaying the security on an AD DS object, display the auditing information as well as the permissions and ownership information. /resetDefaultDACL Restore the DACL on the object to the default for that object class as defined in AD DS Schema. /resetDefaultSACL Restore the SACL on the object to the default for that object class as defined in AD DS Schema. /takeOwnership Take ownership of the object. /domain: Connect to ldap server using this domain account of the user. /user: Connect to ldap server using this user name. If this option is not used dsacls will bind as the currently logged on user, using SSPI. /passwd: | * Passwd for the user account. /simple Bind to server using ldap simple bind. Note that the clear text password will be sent over the wire. |
| 0x232B | 应该采用以下形式: group@domain 或 domain\\group user@domain 或 domain\\user 用户或组的 FQDN 字符串 SID 应该采用以下形式: [Permission bits];[Object/Property];[Inherited Object Type] Permission bits 可以将以下值连接在一起: 常规权限 GR 常规读取 GE 常规执行 GW 常规写入 GA 常规全部 特定权限 SD 删除 DT 删除一个对象及其所有子对象 RC 读取安全信息 WD 更改安全信息 WO 更改所有者信息 LC 列出对象的子对象 CC 创建子对象 DC 删除子对象 对于这两个权限,如果未指定 [Object/Property] 便定义特定子对象类型,则它们适用所有类型 的子对象,否则它们适用此特定子对象类型。 WS 写入自身(也称为验证的写入)。有 3 种类型的验证写入: Self-Membership (bf9679c0-0de6-11d0-a285-00aa003049e2) 适用于组对象。它允许根据向其自己的帐户中添加或从 中删除来更新组的成员关系。 示例: (WS; bf9679c0-0de6-11d0-a285-00aa003049e2; AU) 适用于组 X,允许经身份验证的用户向组 X 中添加或从 中删除自己,而不是其他任何人。 Validated-DNS-Host-Name (72e39547-7b18-11d1-adef-00c04fd8d5cd) 适用于计算机对象。它允许更新与计算机名和域名一致的 DNS 主机名属性。 Validated-SPN (f3a64788-5306-11d1-a9c5-0000f80367c1) 适用于计算机对象: 它允许更新与计算机的 DNS 主机名 一致的 SPN 属性。 WP 写入属性 RP 读取属性 对于这两个权限,如果未指定 [Object/Property] 便 定义特定属性,则它们适用于对象的所有属性, 否则它们适用于对象的此特定属性。 CA 控制访问权限 对于该权限,如果未指定 [Object/Property] 便定义 控制访问的特定“扩展权限”, 它适用于对象上所有有意义的控制访问, 否则它适用于该对象的特定扩展权限。 LO 列出对象访问。如果未向父对象授予列出子对象(LC), 则可用于向特定对象授予列表访问,如果用户/组的 父对象上具有 LC,也可以在特定对象上拒绝隐藏这些 对象。 注意: 默认情况下,AD DS 不强制执行该权限,必须经过 配置才能开始检查该权限。 [Object/Property] 必须是对象类型或属性的显示名称。 例如,\"user\" 是用户对象的显示名称, \"telephone number\" 是电话号码属性的显示名称。 [Inherited Object Type] 必须是期望继承权限的对象类型的显示名称。 权限必须为仅继承。 注意: 该选项必须仅在定义对象特定权限时使用,这些权限替代 AD DS 架构中为该对象类型定义的默认权限。请小心使用该选项, 并且只有当你了解对象特定权限时才使用该选项。 有效 的示例为: SDRCWDWO;;user 含义: 类型为 \"user\" 的对象的删除、读取安全信息、更改安全信息以及 更改所有权权限。 CCDC;group; 含义: 创建/删除类型为 group 的对象的创建子对象和删除子对象权限。 RPWP;telephonenumber; 含义: 电话号码属性的读取属性和写入属性权限你可以在一个命令中指定多个用户。 | should be in the following forms: group@domain or domain\\group user@domain or domain\\user FQDN of the user or group A string SID should be in the following form: [Permission bits];[Object/Property];[Inherited Object Type] Permission bits can have the following values concatenated together: Generic Permissions GR Generic Read GE Generic Execute GW Generic Write GA Generic All Specific Permissions SD Delete DT Delete an object and all of it's children RC Read security information WD Change security information WO Change owner information LC List the children of an object CC Create child object DC Delete a child object For these two permissions, if [Object/Property] is not specified to define a specific child object type, they apply all types of child objects otherwise they apply to that specific child object type. WS Write To Self (also known as Validated Write). There are 3 kinds of validated writes: Self-Membership (bf9679c0-0de6-11d0-a285-00aa003049e2) applied to Group object. It allows updating membership of a group in terms of adding/removing to its own account. Example: (WS; bf9679c0-0de6-11d0-a285-00aa003049e2; AU) applied to group X, allows an Authenticated User to add/remove oneself to/from group X, but not anybody else. Validated-DNS-Host-Name (72e39547-7b18-11d1-adef-00c04fd8d5cd) applied to computer object. It allows updating the DNS host name attribute that is compliant with the computer name & domain name. Validated-SPN (f3a64788-5306-11d1-a9c5-0000f80367c1) applied to computer object: It allows updating the SPN attribute that is compliant to the DNS host name of the computer. WP Write property RP Read property For these two permissions, if [Object/Property] is not specified to define a specific property, they apply to all properties of the object otherwise they apply to that specific property of the object. CA Control access right For this permission, if [Object/Property] is not specified to define the specific \"extended right\" for control access, it applies to all control accesses meaningful on the object, otherwise it applies to the specific extended right for that object. LO List the object access. Can be used to grant list access to a specific object if List Children (LC) is not granted to the parent as well can denied on specific objects to hide those objects if the user/group has LC on the parent. NOTE: AD DS does NOT enforce this permission by default, it has to be configured to start checking for this permission. [Object/Property] must be the display name of the object type or the property. for example \"user\" is the display name for user objects and \"telephone number\" is the display name for telephone number property. [Inherited Object Type] must be the display name of the object type that the permissions are expected to be inherited to. The permissions MUST be Inherit Only. NOTE: This must only be used when defining object specific permissions that override the default permissions defined in the AD DS schema for that object type. USE THIS WITH CAUTION and ONLY IF YOU UNDERSTAND object specific permissions. Examples of a valid would be: SDRCWDWO;;user means: Delete, Read security information, Change security information and Change ownership permissions on objects of type \"user\". CCDC;group; means: Create child and Delete child permissions to create/delete objects of type group. RPWP;telephonenumber; means: read property and write property permissions on telephone number propertyYou can specify more than one user in a command. |
| File Description: | DS 控制 ACL 程序 |
| File Version: | 10.0.15063.0 (WinBuild.160101.0800) |
| Company Name: | Microsoft Corporation |
| Internal Name: | DSACLS |
| Legal Copyright: | © Microsoft Corporation. All rights reserved. |
| Original Filename: | DSACLS.EXE.MUI |
| Product Name: | Microsoft® Windows® Operating System |
| Product Version: | 10.0.15063.0 |
| Translation: | 0x804, 1200 |