What is a security descriptor?
A security descriptor is a structure and associated data that contains the security information for a securable object. A security descriptor identifies the object’s owner and primary group. It can also contain a DACL that controls access to the object, and a SACL that controls the logging of attempts to access the object.
And just what is a DACL? This is a discretionary access control list and when present on the object the system will grant access. For information on DACLs see:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa446683(v=vs.85).aspx (and this is a useful article, that as far as I can tell is correct)
A code sample that is current can be found at:
For a more complete and generalized discussion see: