Microsoft® Windows® Security Resource Kit, Second Edition

Securing File and Folder Permissions

All file and folder objects stored on an NTFS volume have security descriptors to control access to the object. The security descriptor includes a discretionary access control list (DACL) and a system access control list (SACL), in addition to information that identifies the object’s owner. Figure 8-1 shows the contents of a security descriptor.

Figure 8-1. Contents of a security descriptor

DACLs owe their name to the fact that they can be configured at the discretion of any account that possesses Take Ownership, Change Permissions, or Full Control permissions to the file system object. DACLs are defined ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team

Securing File and Folder Permissions

Figure 8-1. Contents of a security descriptor

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly