If you've used the SC command line or worked with ADSI or MIIS, you'll recognize these easy to read strings representing ACLs (like O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)). For those that haven't seen these before, goto a cmd prompt and run the command SC SDSHOW LANMANSERVER from Windows XP Pro or Windows Server 2003. This is a text representation of an ACL called security descriptor definition language (SDDL). SDDL is useful for storing or transporting security descriptor information. The SD string format is a null-terminated, concatenated string with tokens to indicate each of the four main components of a security descriptor: owner (O:), primary group (G:), DACL (D:), and SACL (S:). If you don't want to parse this by hand, you can write quick little tool that helps you parse this information into something more meaningful, like I did.