Platform SDK: Access Control |
A security descriptor contains the security information associated with a securable object. A security descriptor consists of a SECURITY_DESCRIPTOR structure and its associated security information. A security descriptor can include the following security information:
Applications must not directly manipulate the contents of a security descriptor. The Win32 API provides functions for setting and retrieving the security information in an object's security descriptor. In addition, there are functions for creating and initializing a security descriptor for a new object.
This overview describes the Win32 security functions for working with security descriptors for applications running on Windows NT version 4.0 and later. For applications that must be compatible with earlier versions of Windows NT, see Low-Level Access Control.
Applications working with security descriptors on Active Directory objects can use the Win32 security functions or the security interfaces provided by the Active Directory Services Interfaces (ADSI). For more information about ADSI security interfaces, see Controlling Access to Active Directory Objects.