Active Directory's security model secures and protects every object stored in Active Directory, including domain user accounts and domain computer accounts, domain security groups and group policies.

It allows administrators to specify who has what access to which object to a high degree of control. It also allows administrators to specify access for an entire group of users so as to simply security management.

The following is an overview of how Active Directory's security model protects stored content –

Each object is protected by a Security Descriptor
Each security descriptor contains an Access Control List (ACL)
Each ACL contains numerous Access Control Entries (ACEs)
Each ACE allows or denies specified security permissions to some user or security group
Security groups can be transitively nested into other security groups
ACEs can be explicit or inherited; explicit ACEs override inherited ACEs
Access is specified in the form of low–level technical permissions
These low-level permissions can be standard permissions, extended rights or validated writes
Active Directory's current object visibility mode impacts list access requests
The access check takes into account the object's DACL and the user's security token and determines the resultant authorized access for the user on the object

In this manner, Active Directory's security model secures and protects Active Directory content.

What if you could instantly generate over 400 Active Directory security audit reports for FREE?

You can, with the Gold Finger Active Directory Reporting Tool Download your Free copy


<	About	Copyright ActiveDirSec.Com 2008 – 2010. All Rights Reserved	Disclaimer	>