Search notes:
Windows: Security descriptor
A
security descriptor stores some security related information about
object such as
- ownership
- who is allowed to execute which action on the object
- which actions are audited
All objects that are managed by Active Directory and all securable objects on a local computer or on the network have a security descriptor.
An object can have two types of access control lists:
- DACL: Discretionary access control list to identifiy users and groups that are allowed or denied access
- SACL: System access control list to store information on how auditing is performed.
The four main components of a security descriptor are:
- Owner (
O:
)
- Primary Group (
G:
)
- DACL (
D:
)
- SACL (
S:
)
See also
Security descriptors can be textually described with
SDDLs.