Sometimes it's necessary to store security descriptors for later use. For example, when deploying software in an enterprise setting, it might be necessary to set ACLs on files, directories, or even other types of objects like services or registry keys from an installation program that may run on many different machines. While you could hardwire these ACL modifications into your code (I show an example of this in Item 47), it's usually best to provide a user interface that allows an administrator to construct the required ACLs graphically, using a familiar tool, and then simply persist these ACLs for later deployment.^[1] To see an example of such a tool, download the “EditSD” sample from the book's ...