Active Directory^® Object and Attribute Security

Active Directory^® object security provides the ability to delegate administration and control the visibility of published resources. Access Control Lists (ACL) protect all objects. The ACL identifies the security principals who can gain access to the individual attributes of an object. ACLs can be set explicitly or inherited from an object’s parent container. The fine granularity of control combined with inherited and explicit ACLs provides ultimate flexibility, however the security model is complex and difficult to understand.

This session will show you how to master the object security model both on Windows^® 2000 and Windows^® Server 2003. The session is backed up with comprehensive demonstrations.
Topics covered include:

• Explicit versus inherited ACLs
• Multilevel inheritance
• Blocking and propagating inheritance
• Modifying the default object security
• Security Descriptor Definition Language (SDDL)
• Auditing object and attribute access
• Effective permissions