This exercise complements material in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
Use this exercise to view a Discretionary Access Control List (DACL) on a Windows 7 system.
Requirements: This exercise assumes you’re running a Windows 7 system.
- Open Windows Explorer. One way is to press the Open Window+ E keys to launch Windows Explorer. The Open Window key is just to the left of the left Alt key on most keyboards.
- Open the C: drive to access the folders.
- Right click any folder and select Properties.
- Select the Security tab. Your display will look similar to the following graphic:
- You will see user accounts, group accounts, or both.
- Each account is identified in the Security Accounts Manager (SAM) with a security identifier (SID). SIDs are rather cryptic and look something like this: S-1-5-21-3991871189-223218. Each SID is matched to the user account name.
- Instead of displaying the cryptic SID, the system displays user’s account name (as long as it can find it in the SAM).
- When you select an account, you can see the permissions assigned to the account. For example, Darril is selected and you can see the permissions for Darril in the graphic. If you select a different group or user, you will see the permissions assigned to that group or user.
- The combination of each account and it’s assigned permissions is an Access Control Entry (ACE).
- The combination of ACEs is the ACL for the folder.
- The list of entries for User accounts are shown with the icon of one head and group accounts are shown with the icon of two heads. The access control list (ACL) identifies each of these internally with security identifiers (SIDs) that look similar to this: S-1-5-21-3991871189-223218. However, the system looks up the SID
