Active Directory Access Codes and Rights


Insertion Strings

Access Mask

Security Events

Event ID 4662


0x1

Create Child
The right to create child objects of the object.

0x2

Delete Child
The right to delete child objects of the object.

0x4

List Contents
The right to list child objects of this object.

0x8

SELF
The right to perform an operation controlled by a validated write access right.

0x10

Read Property
The right to read properties of the object.

0x20

Write Property
The right to write properties of the object.

0x40

Delete Tree
Delete all children of this object, regardless of the permissions of the children. It is indicates that “Use Delete Subtree server control” check box was checked during deletion. This operation means that all objects within the subtree, including all delete-protected objects, will be deleted.

0x80

List Object
The right to list a particular object.

0x100

Control Access
Access allowed only after extended rights checks supported by the object are performed. The right to perform an operation controlled by an extended access right.

0x10000

DELETE
The right to delete the object. DELETE also generated when object was moved.

0x20000

READ_CONTROL
The right to read data from the security descriptor of the object, not including the data in the SACL.

0x40000

WRITE_DAC
The right to modify the discretionary access-control list (DACL) in the object security descriptor.

0x80000

WRITE_OWNER
The right to assume ownership of the object. The user must be an object trustee. The user cannot transfer the ownership to other users.

0x100000

SYNCHRONIZE
The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state.

0x1000000

ADS_RIGHT_ACCESS_SYSTEM_SECURITY
The right to get or set the SACL in the object security descriptor.

0x80000000

ADS_RIGHT_GENERIC_READ
The right to read permissions on this object, read all the properties on this object, list this object name when the parent container is listed, and list the contents of this object if it is a container.

0x40000000

ADS_RIGHT_GENERIC_WRITE
The right to read permissions on this object, write all the properties on this object, and perform all validated writes to this object.

0x20000000

ADS_RIGHT_GENERIC_EXECUTE
The right to read permissions on, and list the contents of, a container object.

0x10000000

ADS_RIGHT_GENERIC_ALL
The right to create or delete child objects, delete a subtree, read and write properties, examine child objects and the object itself, add and remove the object from the directory, and read or write with an extended right.