O'Reilly logo

Microsoft® Windows® Security Resource Kit, Second Edition by The Microsoft Security Team, Brian Komar, Ben Smith

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuring DACLs to Secure Active Directory Objects

All objects and their properties in Active Directory have security descriptors to control access to the object and the values of the object’s attributes. As with NTFS file system objects, the Active Directory object’s security descriptor includes a discretionary access control list (DACL) and a system access control list (SACL) in addition to the object’s ownership data. Figure 5-1 shows a security descriptor.

Figure 5-1. Contents of a security descriptor for Active Directory objects and attributes

What Are DACLs?

DACLs can be configured at the discretion of any account that possesses the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required