Security descriptor - AbsoluteAstronomy.com

Security descriptors are data structures of security information for securable Windows

Windows NT

Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...

objects

Object Manager (Windows)

Object Manager is a subsystem implemented as part of the Windows Executive which manages Windows resources. Each resource, which are surfaced as logical objects, resides in a namespace for categorization. Resources can be physical devices, files or folders on volumes, Registry entries or even...

, that is objects that can be identified by a unique name. Security descriptors can be associated with any named objects, including files

Computer file

A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...

, folders

Directory (file systems)

In computing, a folder, directory, catalog, or drawer, is a virtual container originally derived from an earlier Object-oriented programming concept by the same name within a digital file system, in which groups of computer files and other folders can be kept and organized.A typical file system may...

, shares, registry

Windows registry

The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...

keys, processes, threads, named pipes, services, job objects and other resources.

Security descriptors contain discretionary access control list

Access control list

An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...

s (DACL's) that contain access control entries (ACEs) that grant and deny access to trustees such as users or groups. They also contain a system access control list (SACLs) that control auditing of object access. ACEs may be explicitly applied to an object or inherited from a parent object. The order of ACEs in an ACL is important, with access denied ACEs appearing higher in the order than ACEs that grant access. Security descriptors also contain the object owner.

Files and folder permissions can be edited by various tools including Windows Explorer

Windows Explorer

This article is about the Windows file system browser. For the similarly named web browser, see Internet ExplorerWindows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface...

, WMI

Windows Management Instrumentation

Windows Management Instrumentation is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification...

, command line tools like Cacls

Cacls

cacls and icacls are Microsoft Windows native command line utilities capable of displaying and modifying the access control lists on folders and files...

, XCacls, ICacls, SubInACL, the freeware

Freeware

Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...

win32 console

Win32 console

Win32 console is a text user interface implementation within the system of Windows API, which runs console applications. A Win32 console has a screen buffer and an input buffer, and is available both as a window or in text mode screen, with switching back and forth available via Alt-Enter...

FILEACL, the free software

Free software

Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...

utility

Utility software

Utility software is system software designed to help analyze, configure, optimize or maintain a computer. A single piece of utility software is usually called a utility or tool....

SetACL

SetACL is a free software utility for manipulating security descriptors on Microsoft Windows. It is available under the GNU Lesser General Public License as a command line utility and as an ActiveX component.-Features:...

, and other freeware

Freeware

and shareware

Shareware

The term shareware is a proprietary software that is provided to users without payment on a trial basis and is often limited by any combination of functionality, availability, or convenience. Shareware is often offered as a download from an Internet website or as a compact disc included with a...

utilities. To edit a security descriptor, a user needs WRITE_DAC permissions to the object, a permission that is usually delegated by default to administrators

System administrator

A system administrator, IT systems administrator, systems administrator, or sysadmin is a person employed to maintain and operate a computer system and/or network...

and the object's owner.

External links

The source of this article is wikipedia, the free encyclopedia. The text of this article is licensed under the GFDL.

See also

External links