Windows security question.

Posted on 2004-11-04
Last Modified: 2013-12-04
What are the main differences between security principals, identifiers and discretionary access control lists within a Windows 2k domain?
Question by:plate55
    LVL 3

    Accepted Solution

    There are two types of ACLs — Discretionary Access Control Lists (DACLs), which identify the users and groups that are allowed or denied access, and System Access Control Lists (SACLs), which control how access is audited. Each object has its own DACL, and each DACL has a set of access control entries (ACEs) that can be set to allow or to deny permissions to another object in Active Directory. These permissions include full control, read, write, create all child objects, delete all child objects and many other special permissions. You can implicitly deny permissions by simply not allowing them, or you can explicitly deny permissions by selecting Deny.

    Security Principals - User, security group, service, and computer. Identified by a unique ID.

    Security Identifiers (SIDs) - Uniquely identify security principals. Are never reused.

    Security Descriptors - Security information associated with an object (e.g. a folder or a printer).

    Try the following link for more info:

    LVL 36

    Expert Comment

    by:Bing CISM / CISSP

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now