MS06-011: Permissive Windows services DACLs could lead to elevation of privilege (914798)


The information in this article applies to:

  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
  • Microsoft Windows Server 2003, 64-Bit Enterprise Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
  • Microsoft Windows XP Home Edition SP1
  • Microsoft Windows XP Professional SP1
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Tablet PC Edition

Notice

The Windows XP package has been refreshed to update the DACLs on three registry keys. For the DACL settings on the full set of keys on the system that the Windows XP SP1 KB914798 update modifies, see Table 4.
Microsoft has released security bulletin MS06-011. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites, depending on whether you are a home user or an IT professional:

Known issues and caveats

  • Users cannot remove the packages that are included with security update 914798.
  • Users may examine the record state of the discretionary access control lists (DACLs) on the services that will be changed before they install the updates that are included with security update 914798. For more information and guidance on the correct setting for DACLs, click the following article number to view the article in the Microsoft Knowledge Base:

    914392 Best practices and guidance for writers of service discretionary access control lists

    To examine the DACLs, users can run the following commands:
    • Microsoft Windows XP:
      • sc sdshow netbt
      • sc sdshow ssdpsrv
      • sc sdshow upnphost
      • sc sdshow dnscache
      • sc sdshow dhcp
      • sc sdshow msdtc
      • sc sdshow scardsvr
    • Microsoft Windows Server 2003:
      • sc sdshow netbt
      • sc sdshow dhcp
      • sc sdshow dnscache
      • sc sdshow MSDTC
      • sc sdshow sysmonlog
  • Users might want to back up the registry before they install this update. If users want to return the DACLs to a base state on one or more registry keys without having to back up the registry beforehand, they can follow these steps to find the permissions for a registry key:
    1. Start Registry Editor.
    2. Locate the registry key.
    3. Right-click the registry key, and then click Permissions.
    For more information about how to back up the registry, click the following article number to view the article in the Microsoft Knowledge Base:

    322756 How to back up, edit, and restore the registry in Windows XP and Windows Server 2003

  • To restore the DACLs on the registry keys, follow these steps:
    1. Determine the appropriate accounts and access levels. To do this, see the security descriptor definition language (SDDL) in Table 3 or in Table 4. For more information about how to determine user account and access from SDDL , click the following article number to view the article in the Microsoft Knowledge Base:

      914392 Best practices and guidance for writers of service discretionary access control lists

    2. Start Registry Editor.
    3. Locate the registry key.
    4. Right-click the registry key, and then click Permissions.
    5. Add the appropriate accounts and permissions.
  • If you return the DACLs on the services or registry keys to the default or a less secure state, delete the registry key that indicates that the update has been installed.
    • Windows Server 2003:

      HKLM\Software\Microsoft\Updates\Windows Server 2003\SP1\KB914798\Installed

    • Windows XP SP1:

      HKLM\Software\Microsoft\Updates\Windows XP\SP2\KB914798\Installed

The default DACLs of the services are as follows.

Table 1: Windows Server 2003 default service DACLs

DHCP D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
DnsCache D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
MSDTC D:(A;;CCLCSWRPLOCRRC;;;S-1-2-0)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
NetBT D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;DT;;;LS)(A;;DT;;;NS)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;NO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
SysmonLog D:(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCRPLOCR;;;LU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Table 2: Windows XP SP1 default service DACLs

DHCP D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
DnsCache D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
MSDTC D:(A;;CCLCSWRPLOCRRC;;;S-1-2-0)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCDCLCSWRPLORC;;;SY)
NetBT D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;DT;;;LS)(A;;DT;;;NS)(A;;CCDCLCSWRPWPDTLODWO;;;NO)
ScardSvr D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;LS)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPLOCRRC;;;S-1-2-0)
ssdpsrv D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;PU)(A;;RPWPDTRC;;;LS)
upnphost D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;PU)(A;;CCDCLCSWLOCRRC;;;LS)
For the registry keys that have DACLs that are changed by applying the update, the default out of the box state is as follows.

Table 3: Windows Server 2003 default registry DACLs

HKLM\SYSTEM\CurrentControlSet\Services\DHCP\Parameters O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\NetBt O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\NetBt\Linkage O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;;CCDCLCSWRPRC;;;NO)(A;CIIO;GWGR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\NetBt\Parameters O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\NetBt\Parameters\Interfaces O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KR;;;LS)(A;CIIO;GR;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers\{1AA7F840-C7F5-11D0-A376-00C04FC9DA04} O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Remoateaccess\Authentication\Providers O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers\{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04} O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\DemandDialManager O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AppleTalk O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ipx O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Nbf O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\01 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\02 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\03 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\04 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\05 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\06 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\07 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\08 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\09 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\10 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\11 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\12 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\13 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\14 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\15 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\16 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\17 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\routermanagers O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;CIID;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KR;;;LS)(A;CIIO;GR;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KR;;;LS)(A;CIIO;GR;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KR;;;LS)(A;CIIO;GR;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)

Table 4: Windows XP SP1 default registry DACLs

HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Configurations O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;;KR;;;NO)(A;CIIO;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Enum O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KA;;;LS)(A;CIIOID;GA;;;LS)(A;CIID;CCLCSWRPRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Netbt O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCLCSWRPRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Netbt\Linkage O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KA;;;LS)(A;CIIOID;GA;;;LS)(A;CIID;CCLCSWRPRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Netbt\Parameters O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;;CCDCLCSWRPRC;;;NO)(A;CIIO;GWGR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;;CCDCLCSWRPRC;;;NO)(A;CIIO;GWGR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Netbt\Enum O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KA;;;LS)(A;CIIOID;GA;;;LS)(A;CIID;CCLCSWRPRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KR;;;NS)(A;CIIO;GR;;;NS)(A;;KR;;;LS)(A;CIIO;GR;;;LS)(A;;KR;;;NO)(A;CIIO;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers\{1AA7F840-C7F5-11D0-A376-00C04FC9DA04} O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers\{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04} O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\DemandDialManager O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AppleTalk O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ipx O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Nbf O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\01 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\02 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\03 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\04 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\05 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\06 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\07 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\08 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\09 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\10 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\11 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\12 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\13 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\14 O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KR;;;NS)(A;CIIOID;GR;;;NS)(A;ID;KR;;;LS)(A;CIIOID;GR;;;LS)(A;ID;KR;;;NO)(A;CIIOID;GR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCLCSWRPRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;;CCDCLCSWRPRC;;;NO)(A;CIIO;GWGR;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCLCSWRPRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Performance O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;PU)(A;CIIOID;GR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;NS)(A;CIIOID;GA;;;NS)(A;ID;KA;;;LS)(A;CIIOID;GA;;;LS)(A;CIID;CCLCSWRPRC;;;NO)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider O:BAG:SYD:PAI(A;;KR;;;BU)(A;CIIO;GR;;;BU)(A;;KR;;;PU)(A;CIIO;GR;;;PU)(A;;KA;;;BA)(A;CIIO;GA;;;BA)(A;;KA;;;SY)(A;CIIO;GA;;;SY)(A;;KA;;;NS)(A;CIIO;GA;;;NS)(A;;KA;;;LS)(A;CIIO;GA;;;LS)(A;CI;CCLCSWRPRC;;;NO)
Modification Type:MinorLast Reviewed:7/26/2006
Keywords:kbHotfixServer kbQFE kbSecurity KbSECBulletin KbSECVulnerability kbWinXPpreSP2fix kbBug kbfix kbWinServ2003preSP1fix kbWin2000preSP5fix kbWinNT400PreSP7Fix kbpubtypekc KB914798 kbAudGeneralUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.