Windows security question.

Posted on 2004-11-04
Medium Priority
Last Modified: 2013-12-04
What are the main differences between security principals, identifiers and discretionary access control lists within a Windows 2k domain?
Question by:plate55

Accepted Solution

MBarber1957 earned 1000 total points
ID: 12503169
There are two types of ACLs — Discretionary Access Control Lists (DACLs), which identify the users and groups that are allowed or denied access, and System Access Control Lists (SACLs), which control how access is audited. Each object has its own DACL, and each DACL has a set of access control entries (ACEs) that can be set to allow or to deny permissions to another object in Active Directory. These permissions include full control, read, write, create all child objects, delete all child objects and many other special permissions. You can implicitly deny permissions by simply not allowing them, or you can explicitly deny permissions by selecting Deny.

Security Principals - User, security group, service, and computer. Identified by a unique ID.

Security Identifiers (SIDs) - Uniquely identify security principals. Are never reused.

Security Descriptors - Security information associated with an object (e.g. a folder or a printer).

Try the following link for more info:

LVL 37

Expert Comment

ID: 12508345

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
When you have multiple client accounts to manage, it often feels like there aren’t enough hours in the day. With too many applications to juggle, you can’t focus on your clients, much less your growing to-do list. But that doesn’t have to be the cas…
Through the video, you can check the migration process of Outlook PST file to PDF. Kernel for Outlook to PDF tool can convert Outlook emails with all attributes like Subject, To, From, Cc, Bcc and other folders such as Inbox, Outbox, Sent Items, Jun…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question