Active Directory Access Codes and Rights

Insertion Strings

Access Mask

Security Events

Event ID 4662


0x1

 Create Child
The right to create child objects of the object.

0x2

 Delete Child
The right to delete child objects of the object.

0x4

 List Contents
The right to list child objects of this object.

0x8

 SELF
The right to perform an operation controlled by a validated write access right.

0x10

 Read Property
The right to read properties of the object.

0x20

 Write Property
The right to write properties of the object.

0x40

 Delete Tree
Delete all children of this object, regardless of the permissions of the children. It is indicates that “Use Delete Subtree server control” check box was checked during deletion. This operation means that all objects within the subtree, including all delete-protected objects, will be deleted.

0x80

 List Object
The right to list a particular object.

0x100

 Control Access
Access allowed only after extended rights checks supported by the object are performed. The right to perform an operation controlled by an extended access right.

0x10000

 DELETE
The right to delete the object. DELETE also generated when object was moved.

0x20000

 READ_CONTROL
The right to read data from the security descriptor of the object, not including the data in the SACL.

0x40000

 WRITE_DAC
The right to modify the discretionary access-control list (DACL) in the object security descriptor.

0x80000

 WRITE_OWNER
The right to assume ownership of the object. The user must be an object trustee. The user cannot transfer the ownership to other users.

0x100000

 SYNCHRONIZE
The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state.

0x1000000

 ADS_RIGHT_ACCESS_SYSTEM_SECURITY
The right to get or set the SACL in the object security descriptor.

0x80000000

 ADS_RIGHT_GENERIC_READ
The right to read permissions on this object, read all the properties on this object, list this object name when the parent container is listed, and list the contents of this object if it is a container.

0x40000000

 ADS_RIGHT_GENERIC_WRITE
The right to read permissions on this object, write all the properties on this object, and perform all validated writes to this object.

0x20000000

 ADS_RIGHT_GENERIC_EXECUTE
The right to read permissions on, and list the contents of, a container object.

0x10000000

 ADS_RIGHT_GENERIC_ALL
The right to create or delete child objects, delete a subtree, read and write properties, examine child objects and the object itself, add and remove the object from the directory, and read or write with an extended right.