ADMF

1.13.100

internal/data/domainDefaults/accessRules/addefault_cn_Keys.json

                                [

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericAll",

        "InheritanceType":  "All",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "NT AUTHORITY\\ENTERPRISE DOMAIN CONTROLLERS",

        "Optional":  true

    },

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericAll",

        "InheritanceType":  "All",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "NT AUTHORITY\\SYSTEM",

        "Optional":  true

    },

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericAll",

        "InheritanceType":  "none",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "NT AUTHORITY\\SYSTEM",

        "Optional":  true,

        "Present":  "false"

    },

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericAll",

        "InheritanceType":  "All",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "%DomainSID%-512",

        "Optional":  true

    },

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericAll",

        "InheritanceType":  "None",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "%DomainSID%-512",

        "Optional":  true,

        "Present":  "false"

    },

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericAll",

        "InheritanceType":  "All",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "%DomainName%\\Domain Controllers",

        "Optional":  true

    },

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericAll",

        "InheritanceType":  "All",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "%RootDomainName%\\Enterprise Admins",

        "Optional":  true

    },

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericAll",

        "InheritanceType":  "All",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "%DomainName%\\Key Admins",

        "Optional":  true

    },

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericAll",

        "InheritanceType":  "All",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "%RootDomainName%\\Enterprise Key Admins",

        "Optional":  true

    },

    {

        "Path":  "CN=Keys,%DomainDN%",

        "ActiveDirectoryRights":  "GenericRead",

        "InheritanceType":  "None",

        "ObjectType":  "<All>",

        "InheritedObjectType":  "<All>",

        "AccessControlType":  "Allow",

        "Identity":  "S-1-5-11",

        "Optional":  true,

        "Present":  "false"

    }

]