Brief Overview of Access Control
Microsoft Windows NT, Windows 2000, and Windows XP protect securable resources from unauthorized access by employing discretionary access control, which is implemented through discretionary access control lists (DACLs). DACLs, often abbreviated to ACLs, are a series of access control entries (ACEs). Each ACE lists a Security ID (SID) which represents a user, a group, or a computer, often referred to as principals and contains information about the principal and the operations that the principal can perform on the resource. Some principals might be granted read access, and others might have full control of the object protected by the ACL. Chapter 4, Determining Good Access Control, offers a more complete explanation of ACLs.