Security Descriptor
Stores the security descriptor of a Distributed File System resource. The following table summarizes the attributes of the Security Descriptor property.
| Attribute | Value |
|---|---|
| Data type | Byte array |
| Access | Read/write (see Remarks) |
| Status | Optional |
| Structure | CLUSPROP_BINARY |
| Maximum | None (but see Maximum Property Size.) |
| Default | 0 |
Remarks
Although the property value is read/write, the underlying security descriptor can be changed only through the Access Control or Network Management APIs. To change the value of the Security Descriptor property.
Retrieve the value of the property.
Assign the value to a SECURITY_DESCRIPTOR structure.
Pass the value to any Access Control or Network Management API function that will change the discretionary access control list (DACL) of the descriptor, such as SetSecurityDescriptorDacl or NetShareSetInfo.
Once the value has been modified, update the Security Descriptor property.
Take the Distributed File System resource offline and bring it back online to activate the new security settings.
Note
When you use the Failover Cluster API to create the File Share resource, permissions for the "Everyone" group for that file share are set to full control by default. You can modify this property as previously described to change the default permissions.
Requirements
| Minimum supported client |
None supported |
| Minimum supported server |
Windows Server 2008 Datacenter, Windows Server 2008 Enterprise |