# dacledit.py

This helps read/write DACLs!

This came in real handy in this tale of pentest pwnage where I had full write access to the MSOL-SYNC-ACCOUNT. I used dacledit.py to grant my LOWPRIV account full access to the MSOL-SYNC-ACCOUNT like so:

The write action made a backup of the DACL by default, but I still made a manual backup first just because I'm paranoid. You know what they say though, right? Two backups are better than no backups!

dacledit.py -action 'write' -rights 'FullControl' -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 