Security Descriptors and Access Control Lists Technical Reference

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security Descriptors and Access Control Lists Technical Reference

In this subject

• What Are Security Descriptors and Access Control Lists?

• How Security Descriptors and Access Control Lists Work

• Security Descriptors and Access Control Lists Tools and Settings

All objects in the Active Directory directory service, and all securable objects on the network, have security descriptors to help control access to the objects. Security descriptors contain access control lists (ACLs), and they include information about who owns an object, who can access it and in what way, and what types of access are audited.

You can use this access control model to individually secure objects such as files and folders, Active Directory objects, registry keys, and printers, as well as devices, ports, services, processes, and threads. Because of this individual control, you can adjust the security of objects to meet the needs of your organization, delegate authority over objects or attributes, and create custom objects or attributes that require unique security protections to be defined.