4.1 Retrieving the Security Descriptor Property
The security descriptor property can be retrieved using a standard WebDAV PROPFIND method request, as specified in [RFC2518], by asking for the descriptor element.
For example, the descriptor element might look as follows.
-
<d:descriptor xmlns:d="http://schemas.microsoft.com/exchange/security/"> <S:security_descriptor xmlns:S="http://schemas.microsoft.com/security/" xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" D:dt="microsoft.security_descriptor" S:from_mapi_tlh="1"> <S:revision>1</S:revision> <S:owner S:defaulted="0"> <S:sid> <S:string_sid>S-1-5-21-2082262111-2968666075-236047801-1111</S:string_sid> <S:type>user</S:type> <S:nt4_compatible_name>ELZCHU-DOM\bob</S:nt4_compatible_name> <S:ad_object_guid>{138bfc4d-48e0-4d29-9de6-643ecb7314f1}</S:ad_object_guid> <S:display_name>bob</S:display_name> </S:sid> </S:owner> <S:primary_group S:defaulted="0"> <S:sid> <S:string_sid>S-1-5-21-2082262111-2968666075-236047801-513</S:string_sid> <S:type>group</S:type> <S:nt4_compatible_name>ELZCHU-DOM\Domain Users</S:nt4_compatible_name> <S:ad_object_guid>{f2a02601-c596-4fd2-9543-d770ba31d9e5}</S:ad_object_guid> </S:sid> </S:primary_group> <S:dacl S:defaulted="1" S:protected="0" S:autoinherited="1"> <S:revision>2</S:revision> <S:effective_aces> <S:access_allowed_ace S:inherited="1"> <S:access_mask>1f0fbf</S:access_mask> <S:sid> <S:string_sid>S-1-5-21-2082262111-2968666075-236047801-500</S:string_sid> <S:type>user</S:type> <S:nt4_compatible_name>ELZCHU-DOM\Administrator</S:nt4_compatible_name> <S:ad_object_guid>{41a1a32a-4d0f-41ab-ad0c-fb344ef368fd}</S:ad_object_guid> <S:display_name>Administrator</S:display_name> </S:sid> </S:access_allowed_ace> <S:access_allowed_ace S:inherited="1"> <S:access_mask>1f0fbf</S:access_mask> <S:sid> <S:string_sid>S-1-5-7</S:string_sid> <S:type>well_known_group</S:type> <S:nt4_compatible_name>NT AUTHORITY\ANONYMOUS LOGON</S:nt4_compatible_name> <S:ad_object_guid>{ff158509-ee41-4c44-98c1-affd7edf6a83}</S:ad_object_guid> </S:sid> </S:access_allowed_ace> <S:access_allowed_ace S:inherited="1"> <S:access_mask>1f0fbf</S:access_mask> <S:sid> <S:string_sid>S-1-1-0</S:string_sid> <S:type>well_known_group</S:type> <S:nt4_compatible_name>\Everyone</S:nt4_compatible_name> <S:ad_object_guid>{aa5d6b3e-3546-4f9e-8530-59ad567c6dd8}</S:ad_object_guid> </S:sid> </S:access_allowed_ace> </S:effective_aces> </S:dacl> </S:security_descriptor> </d:descriptor>