eric 
0 
2007-09-20 22:13:06 -04006.6.1. Security Descriptor Control Flags
Table 2.18. Security Descriptor Control Flags
| Flag | Description |
| 0x0001 | Owner Defaulted |
| 0x0002 | Group Defaulted |
| 0x0004 | DACL Present |
| 0x0008 | DACL Defaulted |
| 0x0010 | SACL Present |
| 0x0020 | SACL Defaulted |
| 0x0100 | DACL Auto Inherit Req |
| 0x0200 | SACL Auto Inherit Req |
| 0x0400 | DACL Auto Inherited |
| 0x0800 | SACL Auto Inherited |
| 0x1000 | DACL Protected |
| 0x2000 | SACL Protected |
| 0x4000 | RM Control Valid |
| 0x8000 | Self Relative |
Upon and include the NTFS 5.0 version, all the security descriptor stored in $Secure file. You can find it correctly with security ID attributes in the standard information attributes.
Each security descriptor assigns only one security_id. The security_id is the sole for each file. And it used for the only one index in the $SII index. Further more, it stores the data stream of $SDS attributes.
6.6.1.1. OWNER DEFAULTED
This Boolean flag, when set, indicates that the SID pointed Toby the Owner field was provided by a defaulting mechanism rather than explicitly provided by the original provider of the security descriptor. This may affect the treatment of the SID with respect to inheritance of an owner.
6.6.1.2. GROUP DEFAULTED
This Boolean flag, when set, indicates that the SID in the Group field was provided by a defaulting mechanism rather than explicitly provided by the original provider of the security descriptor. This may affect the treatment of the SID with respect to inheritance of primary group.
6.6.1.3. DACL PRESENT
This Boolean flag, when set, indicates that the security descriptor contains a discretionary ACL. If this flag is set and the ACL domain of the SECURITY DESCRIPTOR is null, then a null ACL is explicitly being specified.
6.6.1.4. DACL DEFAULTED
This Boolean flag, when set, indicates that the ACL pointed toby the DACL field was provided by a defaulting mechanism rather than explicitly provided by the original provider of the security descriptor. This may affect the treatment of the DACL with respect to inheritance of an ACL. This flag is ignored if the SACLPresentflag is not set.
6.6.1.5. SACL PRESENT
This Boolean flag, when set, indicates that the security descriptor contains a system SACL pointed to by the Sacl domain. If this flag is set and the Sacl field of the SECURITY DESCRIPTOR is null, then an empty (but present) ACL is being specified.
6.6.1.6. SACL DEFAULTED
This Boolean flag, when set, indicates that the SACL pointed toby the Sacl field was provided by a defaulting mechanism rather than explicitly provided by the original provider of the security descriptor. This may affect the treatment of the ACL with respect to inheritance of an ACL. This flag is ignored if the SaclPresentflag is not set.
Trackback: http://blog.easeus.com/action.php?action=tb&id=53
Tags: windows,NTFS,xp,ntfs,filesystem
