6.1.6.7.5 nTSecurityDescriptor
A mandatory object attribute that contains the security descriptor that is tied to the Active Directory object. The security descriptor mandates access controls to the object. TDOs are sensitive objects and have tight access controls placed upon them. Stored as the type String(NT-Sec-Desc) in SDDL ([MS-DTYP] section 2.5.1), the default security descriptor for TDOs is as follows.
-
Platforms Default Security Descriptor in SDDL Format --------- ------------------------------------------ W2000 D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLOR CWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) W2003 D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLOR W2003R2 CWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31- W2008 11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049 W2008R2 e2;CO)(A;;SD;;;CO)