What is Security Descriptor?
A unique header for an object stored in Active Directory of Microsoft Windows 2000. Security descriptors contain security identifiers (SIDs), which are discretionary access control lists (DACLs) or system access control lists (SACLs) that specify the access permissions for the object.
Specifically, the security descriptor for an object contains the following:
The owner SID: Identifies the security principal (the owner of the object)
The group SID: Used only by Services for Macintosh and the POSIX subsystem
The DACL: Contains the access permissions and rights for the object and its attributes, along with the SIDs of the security principals who can access the object
The SACL: Contains system-wide security policies such as the auditing policy