> For the complete documentation index, see [llms.txt](https://books.spartan-cybersec.com/cpad/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://books.spartan-cybersec.com/cpad/vulnerabilidades-y-ataques-en-ad/abuso-de-acl/tipos-de-permisos/tabla-de-referencia-de-permisos-y-derechos-en-active-directory.md).

# Tabla de Referencia de Permisos y Derechos en Active Directory

Explicacion detallada en formato tabla:

| Derecho en AD                    | Valor de Permiso/GUID                     | Tipo de Permiso                       | Descripción Breve                                                                                                 |
| -------------------------------- | ----------------------------------------- | ------------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
| `WriteDacl`                      | `ADS_RIGHT_WRITE_DAC` (0x40000)           | Access Right                          | Permite modificar la DACL (lista de control de acceso discrecional) del objeto.                                   |
| `GenericAll`                     | `ADS_RIGHT_GENERIC_ALL` (0x10000000)      | Access Right                          | Proporciona control total sobre el objeto, incluyendo la modificación de permisos.                                |
| `GenericWrite`                   | `ADS_RIGHT_GENERIC_WRITE` (0x40000000)    | Access Right                          | Permite realizar cambios en las propiedades del objeto, pero no cambiar permisos ni borrar el objeto.             |
| `WriteProperty`                  | `ADS_RIGHT_DS_WRITE_PROP` (0x20)          | Access Right                          | Permite modificar las propiedades de un objeto.                                                                   |
| `WriteOwner`                     | `ADS_RIGHT_WRITE_OWNER` (0x80000)         | Access Right                          | Permite cambiar el propietario de un objeto.                                                                      |
| `Self`                           | No aplica/GUID específico de la operación | Access Right                          | Permite a un usuario modificar sus propios atributos o pertenencia a ciertos grupos.                              |
| `AllExtendedRights`              | `ADS_RIGHT_DS_CONTROL_ACCESS` (0x100)     | Access Right                          | Otorga todos los derechos extendidos, como cambiar contraseñas o leer propiedades no replicadas.                  |
| `User-Force-Change-Password`     | `{00299570-246d-11d0-a768-00aa006e0529}`  | Control Access Right (extended right) | Permite forzar el cambio de contraseña de otro usuario.                                                           |
| `DS-Replication-Get-Changes`     | `{1131f6ae-9c07-11d1-f79f-00c04fc2dcd2}`  | Control Access Right (extended right) | Permite sincronizar cambios de datos de AD (usado en ataques DCSync).                                             |
| `DS-Replication-Get-Changes-All` | `{1131f6ad-9c07-11d1-f79f-00c04fc2dcd2}`  | Control Access Right (extended right) | Permite ver todos los cambios, incluyendo versiones anteriores y eliminadas de objetos (usado en ataques DCSync). |
| `Self-Membership`                | `bf9679c0-0de6-11d0-a285-00aa003049e2`    | Validate Write                        | Permite a un usuario modificar su propia pertenencia a ciertos grupos.                                            |
| `Validated-SPN`                  | `f3a64788-5306-11d1-a9c5-0000f80367c1`    | Validate Write                        | Permite a un servicio agregar o modificar el atributo Service Principal Name (SPN) de su propio objeto de cuenta. |

{% hint style="success" %}
Si te esta gustando nuestro curso te invitamos a conocer nuestro catalogo de cursos:
{% endhint %}

[**Todas nuestras redes sociales y catalogo**](https://linktr.ee/spartancybersecurity)

<figure><img src="/files/72yXxFasITFEUM8500tI" alt=""><figcaption></figcaption></figure>

{% embed url="<https://learn.microsoft.com/es-es/windows/win32/secauthz/dacls-and-aces>" %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://books.spartan-cybersec.com/cpad/vulnerabilidades-y-ataques-en-ad/abuso-de-acl/tipos-de-permisos/tabla-de-referencia-de-permisos-y-derechos-en-active-directory.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.