Applies To: Windows 7, Windows Server 2008 R2
Every container and object on the network has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups.
When you are a member of a security group that is associated with an object, you have some ability to manage the permissions on that object. For those objects you own, you have full control. You can use different methods, such as Active Directory Domain Services (AD DS), Group Policy, or access control lists, to manage different types of objects.
This section contains:
For information about managing permissions by using AD DS, see Assign, change, or remove permissions on Active Directory objects or attributes (https://go.microsoft.com/fwlink/?LinkId=63970).
For information about managing permissions by using Group Policy, see Apply or Modify Permission Entries for Objects Using Group Policy (https://go.microsoft.com/fwlink/?LinkId=64928).