Configuring DACLs to Secure Active Directory Objects
All objects and their properties in Active Directory have security descriptors to control access to the object and the values of the object’s attributes. As with NTFS file system objects, the Active Directory object’s security descriptor includes a discretionary access control list (DACL) and a system access control list (SACL) in addition to the object’s ownership data. Figure 5-1 shows a security descriptor.
Figure 5-1. Contents of a security descriptor for Active Directory objects and attributes
What Are DACLs?
DACLs can be configured at the discretion of any account that possesses the ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.