Term Description
Security Descriptor (SD) Every NT object (files, Registry keys, named pipes, user objects, and so on) has an object owner and an Access Control List
Access Control List (ACL) A list that specifies users and groups and their access permissions on that object
Discretionary Access Control List (DACL) Contains an entry for each user, global group, or local group that is given access permission (whether allowing or denying access) to the object
System Access Control List (SACL) Like DACL, but each ACE specifies an auditing directive instead of a user/group right
Access Control Entry (ACE) Each ACL contains zero or more ACEs, one for each user's or group's rights in the ACL
Security Identifier (SID) A unique value of variable length used to identify a user or group account, or a logon session
Table 1 Survive the Acronym Blizzard. You must know a few core definitions before you can use NT File Security effectively. Learn these abbreviations—you will see them everywhere in the MSDN documentation.