Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
Authorization
About Authorization
Access Control
Security Descriptor Definition Language

The security descriptor definition language (SDDL) defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe a security descriptor as a text string. The language also defines string elements for describing information in the components of a security descriptor.

See Also

Security Descriptor String Format
Security Descriptor Definition Language for Conditional ACEs
ACE Strings
SID Strings

Send comments about this topic to Microsoft

Build date: 9/11/2009

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Some common SDDL idioms      Gideon7   |   Edit   |   Show History

D:PAR - Snapshot the parent object's inheritable ACEs into the current object. Block future changes to the parent object's ACEs from propagating to the current object.

D:PAI - Freeze the ACEs in the current object. Retain all previously inherited ACEs. Block future propagation of changes from the parent object.

Tags What's this?: Add a tag
Flag as ContentBug
Very Clear Explanation of SDDL      Jorge de Almeida Pinto [MVP-DS]   |   Edit   |   Show History

For more information and a great explanation on SDDL see:

http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/parsing-sddl-strings.aspx

Tags What's this?: Add a tag
Flag as ContentBug
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker