Security descriptor

Security descriptors are structures pointing to security information for securable Windows objects, that is objects that can be identified by a unique name. Security descriptors can be associated with any named objects, including files, folders, registry keys and other resources, and contain information about the owner (creating user) of the object as well as which users can access the object, the type of access (read, read/write, execute, etc) on a per-user basis, among others.

It is possible to edit, using various tools like the Windows command line tool 'CACLS', the 'permissions' of files and folders for every user or group. (Of course, to do so, a given user must be an administrator and have the appropriate access to the object (file or folder) whose security descriptor is being altered.)

• Access control as it relates to computer security
• Access control list
• Audit
• Authorization
• Computer security
• Information security
• Token (Windows NT architecture)
• Windows SID

• CACLS command description on SS64.com
• What Are Security Descriptors and Access Control Lists?