Paramount Defenses Company | Leadership | Products | Solutions | Partners | Privileged Access Insight | Support | News | Careers | Blog | Contact 100%
Our Global Customers - Cyber Security Thought Leaders
Welcome | Importance | Assets | Top Risks | Mitigation | Audit | Auditing | Checklists | How-Tos | Tools | Guides | Learning | Technicals | Resources

Active Directory Security Model

Active Directory's security model secures and protects every object stored in Active Directory, including domain user accounts and domain computer accounts, domain security groups and group policies.

It allows administrators to specify who has what access to which object to a high degree of control. It also allows administrators to specify access for an entire group of users so as to simply security management.

The following is an overview of how Active Directory's security model protects stored content –

Active Directory Security Model

  1. Each object is protected by a Security Descriptor

  2. Each security descriptor contains an Access Control List (ACL)

  3. Each ACL contains numerous Access Control Entries (ACEs)

  4. Each ACE allows or denies specified security permissions to some user or security group

  5. Security groups can be transitively nested into other security groups

  6. ACEs can be explicit or inherited; explicit ACEs generally override inherited ACEs

  7. Access can either be allowed or denied, and denies generally precede allows

  8. Access is specified in the form of low–level technical permissions

  9. These low-level permissions can be standard permissions, extended rights or validated writes

  10. Active Directory's current object visibility mode impacts list access requests

  11. The access check takes into account the object's DACL and the user's security token and determines the resultant authorized access for the user on the object

In this manner, Active Directory's security model secures and protects Active Directory content.

Back to Technicals Back to Technicals

Who We Are What We Do How We Protect You