Security Descriptor Definition Language

The security descriptor definition language (SDDL) defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe a security descriptor as a text string. The language also defines string elements for describing information in the components of a security descriptor.

See Also

Security Descriptor String Format
Security Descriptor Definition Language for Conditional ACEs
ACE Strings
SID Strings

Send comments about this topic to Microsoft

Build date: 9/11/2009

Tags :


Community Content

Gideon7
Some common SDDL idioms

D:PAR - Snapshot the parent object's inheritable ACEs into the current object. Block future changes to the parent object's ACEs from propagating to the current object.

D:PAI - Freeze the ACEs in the current object. Retain all previously inherited ACEs. Block future propagation of changes from the parent object.

Tags : sddl

Jorge de Almeida Pinto [MVP-DS]
Very Clear Explanation of SDDL

For more information and a great explanation on SDDL see:

http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/parsing-sddl-strings.aspx

Tags :

Page view tracker