How Access Control Works
When you attempt to access an object or container, Windows XP takes a look at your access token. This token contains a list of SIDs, including the unique user SID and the SIDs for each group to which a user belongs. If any of the SIDs associated with your account match any of the SIDs present in the DACL on the resource you are attempting to access, Windows XP evaluates the applicable ACEs to determine whether or not you should be allowed to interact with the resource.
Windows XP will check local ACEs before inherited ACEs, and Deny ACEs (which prevent a specified type of access) are evaluated before Allow ACEs (which, as the name suggests, allow a specific type of access). So, effective permissions are determined with ...
Get Platinum Edition Using® Microsoft® Windows® XP now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
