Every container and object on the network has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups.

When you are a member of a security group that is associated with an object, you have some ability to manage the permissions on that object. For those objects you own, you have full control. You can use different methods, such as Active Directory Domain Services (AD DS), Group Policy, or access control lists, to manage different types of objects.

This section contains:

Additional references