6.6.1.7. SELF RELATIVE
This Boolean flag, when set, indicates that the security descriptor is in self-relative form. In this form, all fields of the security descriptor are contiguous in memory and all pointer fields are expressed as offsets from the beginning of the security descriptor.

The SID structure is a variable-length structure used to uniquely identify users or groups. SID stands for security identifier.   

The standard textual representation of the SID is of the form: S-R-I-S-S... Where:
-   The first "S" is the literal character 'S' identifying the following digits as a SID.     
-   R is the revision level of the SID expressed as a sequence of digits either in decimal or hexadecimal (if the later, prefixed by "0x").      
-   I is the 48-bit identifier_authority, expressed as digits as R above.
-    S... is one or more sub_authority values, expressed as digits as above.   

Example SID:
The domain-relative SID of the local Administrators group on Windows NT/2k: S-1-5-32-544   

This translates to a SID with:       
Revision = 1,       
sub_authority_count = 2,       
identifier_authority = {0,0,0,0,0,5},   
SECURITY_NT_AUTHORITY ub_authority[0] = 32,  
SECURITY_BUILTIN_DOMAIN_RID sub_authority[1] = 544,
DOMAIN_ALIAS_RID_ADMINS ACE ACCESS_MIN_MS_ACE_TYPE = 0   
ACCESS_ALLOWED_ACE_TYPE = 0   
ACCESS_DENIED_ACE_TYPE = 1   
SYSTEM_AUDIT_ACE_TYPE = 2   
SYSTEM_ALARM_ACE_TYPE = 3
Not implemented as of Win2k.   
ACCESS_MAX_MS_V2_ACE_TYPE = 3  
ACCESS_ALLOWED_COMPOUND_ACE_TYPE = 4
ACCESS_MAX_MS_V3_ACE_TYPE       
The following are Win2k only.   
ACCESS_MIN_MS_OBJECT_ACE_TYPE = 5
ACCESS_ALLOWED_OBJECT_ACE_TYPE = 5
ACCESS_DENIED_OBJECT_ACE_TYPE = 6
SYSTEM_AUDIT_OBJECT_ACE_TYPE = 7
SYSTEM_ALARM_OBJECT_ACE_TYPE = 8
ACCESS_MAX_MS_OBJECT_ACE_TYPE= 8  
ACCESS_MAX_MS_V4_ACE_TYPE = 8   
This one is for WinNT&2k.   
ACCESS_MAX_MS_ACE_TYPE = 8   
The ACE flags (8-bit) for audit and inheritance SUCCESSFUL_ACCESS_ACE_FLAG is only used with system audit and alarm ACE types to indicate that a message is generated (in Windows!) for successful accesses.   

FAILED_ACCESS_ACE_FLAG is only used with system audit and alarm ACE types   to indicate that a message is generated (in Windows!) for failed accesses. The inheritance flags.

OBJECT_INHERIT_ACE = 0x01   
CONTAINER_INHERIT_ACE= 0x02   
NO_PROPAGATE_INHERIT_ACE = 0x04   
INHERIT_ONLY_ACE = 0x08   
INHERITED_ACE= 0x10
Win2k nearly ALID_INHERIT_FLAGS = 0x1f.The audit flags.
SUCCESSFUL_ACCESS_ACE_FLAG = 0x40  
FAILED_ACCESS_ACE_FLAG = 0x80  
The access mask defines the access rights. The standard is right.
DELETE = 0x00010000  
READ_CONTROL = 0x00020000  
WRITE_DAC = 0x00040000  
WRITE_OWNER = 0x00080000  
SYNCHRONIZE = 0x00100000  
STANDARD_RIGHTS_REQUIRED = 0x000f0000   
STANDARD_RIGHTS_READ= 0x00020000
STANDARD_RIGHTS_WRITE = 0x00020000
STANDARD_RIGHTS_EXECUTE = 0x00020000   
STANDARD_RIGHTS_ALL = 0x001f0000
The access system ACL and maximum allowed accessing types.
ACCESS_SYSTEM_SECURITY = 0x01000000
MAXIMUM_ALLOWED = 0x02000000  
The generic is right.
GENERIC_ALL = 0x10000000  
GENERIC_EXECUTE = 0x20000000  
GENERIC_WRITE = 0x40000000   
GENERIC_READ = 0x80000000   
The object ACE flags (32-bit).
ACE_OBJECT_TYPE_PRESENT = 1   
ACE_INHERITED_OBJECT_TYPE_PRESENT = 2  
ACL_CONSTANTS   
Current Revision.  
ACL_REVISION = 2  
ACL_REVISION_DS = 4  
History Revisions.
ACL_REVISION1 = 1   
MIN_ACL_REVISION = 2   
ACL_REVISION2= 2
ACL_REVISION3 = 3  
ACL_REVISION4 = 4  
MAX_ACL_REVISION= 4

Trackback: http://blog.easeus.com/action.php?action=tb&id=55

Tags: NTFS,xp,ntfs,window