We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Technology

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What Is a Security Descriptor?

M. McGee
By
Updated: Jan 31, 2024
Views: 8,112
Share

A security descriptor is a piece of information that is added to part of a computer system, process or file that controls its access parameters. These descriptors will determine whether or not a user or process can access the secured object and whether the object can access other things. A security descriptor is often placed on a high part of a directory path or process chain and the items below the secured object inherit the descriptors and become secured themselves. This simplifies the process for the user since he only needs to secure one thing to create a secured area.

The term ‘security descriptor’ is only properly used by Windows®-based Operating Systems (OS). These descriptors were developed to secure Windows® objects from being accessed in improper ways. Since the term is so vague, it is often used to describe file and process securing methods on other systems that use different methods. This is particularly common with OSs that make heavy use of read/write access commands.

In Windows® systems, security descriptors apply only to securable objects. "Securable" simply means that it has the potential of having a security descriptor added; the term differentiates these items from standard objects. While securable objects and common objects are different, the term is unrelated to the actual difference.

Objects are a wide range of different things inside the Windows® OS. The system uses the term to denote anything that it can or may access and everything it has accessed — so nearly every non-fixed bit of information on the system is an object. These objects could be on the user side, such as a file or folder full of files, or they could be a system side object, such as a running process or registry entry.

An object may only be securable if it is unique and identifiable. This is a simple concept that has a huge impact on the way a system runs. A unique object means that there is only one in existence at any time. If only one of an object that can have duplicates exists, it is still not unique because there is a possibility of another coming into existence. An identifiable object contains discrete parameters that determine its beginning, end and reason for existence.

If an object is capable of having a security descriptor added to it, the process is often very simple and generally automatic. The descriptor will contain three pieces of information: ownership, access in and access out. Ownership denotes what created the object and whether it passes its descriptor on to its children. Access in tells the object what has access to its contents. Access out tells the object what objects it has access to.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
M. McGee
By M. McGee
Mark McGee is a skilled writer and communicator who excels in crafting content that resonates with diverse audiences. With a background in communication-related fields, he brings strong organizational and interpersonal skills to his writing, ensuring that his work is both informative and engaging.

Editors' Picks

Discussion Comments
M. McGee
M. McGee
Mark McGee is a skilled writer and communicator who excels in crafting content that resonates with diverse audiences....
Learn more
Share
https://www.wise-geek.com/what-is-a-security-descriptor.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.