You are here: Compliance Check Types > Windows Configuration > ACL Format > Launch2 Permission Control Checks

Launch2 Permission Control Checks

A launch2 ACL is identified by the keyword launch2_acl. The ACL name must be unique to be used with a DCOM launch permissions item. A launch2 ACL can contain one or multiple user entry.

Usage

<launch2_acl: ["name"]>

 

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

 

</acl>

Syntax

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

acl_apply

this object only

acl_allow

acl_deny

These settings are optional and are used to define the rights a user has on the object.

Generic rights:

  • launch

Only use the launch2 ACL against Windows 2000 and NT systems.

An example launch access control check is shown below:

<launch2_acl: "2">

 

<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Launch"

</user>

 

<user: "INTERACTIVE">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Launch"

</user>

 

<user: "SYSTEM">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Launch"

</user>

 

</acl>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.