What is Security Descriptors in Windows
What is Security Descriptors ?
Last updated
What is Security Descriptors ?
Last updated
A security descriptor contains the security information associated with a securable object. A security descriptor consists of a structure and its associated security information. A security descriptor can include the following security information:
Security identifiers (SIDs) for the owner and primary group of an object.
A DACL that specifies the access rights allowed or denied to particular users or groups.
A SACL that specifies the types of access attempts that generate audit records for the object.
A set of control bits that qualify the meaning of a security descriptor or its individual members.
The goal of a security descriptor (SD) is to hold the security information that is related with a specific securable object. Examples for securable objects are: file, folder, network share, printer, registry key, synchronization object, active directory objects and more. The structure which describes a SD is defined in “winnt.h” and is named “SECURITY_DESCRIPTOR”.
Overall, every object created by the “Object Manager” in Windows has a SD. Each objects has an header with different fields (like object name, reference count, object type and more) one of them is the security descriptor ,You can see an illustration of that in the diagram below.
