Microsoft® Windows® 2000 Security Handbook

Securing Objects

At the heart of the Windows 2000 security model are Security Descriptors (SDs) and Access Control Lists (ACLs). Every securable object (files, devices, pipes, processes, threads, timers, printers, you name it) has a security descriptor attached to it. A security descriptor contains the following pieces of information:

The SID of the object owner
The SID of the primary owning group
Discretionary Access Control List (DACL)
System Access Control List (SACL)

WINNT.H, which is included in the Windows SDK, contains the SECURITY_DESCRIPTOR structure, as well as a brief explanation of the fields:

 typedef struct _SECURITY_DESCRIPTOR { BYTE Revision; BYTE Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; PSID Owner; PSID Group; PACL Sacl; PACL ...

Get Microsoft® Windows® 2000 Security Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® 2000 Security Handbook by Jeff Schmidt

Securing Objects

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly