• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

NTFS Permissions

As mentioned earlier in this chapter, NTFS is the only one of Windows 2000's file systems to support local security. Within Windows 2000, user accounts, groups, and even computers (collectively referred to as security principals), all have a Security IDs, or SIDs. A SID is a unique number; part of it identifies a security principal, and part of it identifies the Domain or individual computer where the SID was issued.

When permissions are set on an object, such as a file or folder, the SID of the user or group and the permissions assigned to them are recorded in an Access Control Entry, or ACE. An ACE identifies a single user or group and their permissions. However, many objects will have ACEs for multiple users and groups: The list of entries for an object is known strictly as a Discretionary Access Control List (usually, the Discretionary is omitted and it is just called Access Control List, or ACL).


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint