system access control list (SACL)

Definition of system access control list (SACL) in The Network Encyclopedia.

What is system access control list (SACL)?

A form of access control list (ACL) used by the Microsoft Windows 2000 and Windows NT operating systems for security control purposes.

System access control lists (SACLs) are not to be confused with the more familiar discretionary access control lists (DACLs) used by Windows 2000 and Windows NT to control access to Active Directory and NTFS file system objects by users and groups.

SACLs are used for establishing system-wide security policies for actions such as logging or auditing resource access. The SACL attached to a system, directory, or file object specifies

  • Which security principals (users, groups, computers) should be audited when accessing the object
  • Which access events should be audited for these principals
  • Whether a Success or Failure attribute is generated for an access event, depending on the permissions granted in the DACL for the object
TIP

In the Windows NT operating system, be sure to use the emergency repair disk (ERD) instead of the Restore utility if any system files are lost or damaged, since the Backup and Restore utilities do not copy the SACLs, but the ERD does.

Web References