{
	"id": "c123385f-9099-4471-a44c-7190426fec7d",
	"created_at": "2026-04-06T00:17:01.256674Z",
	"updated_at": "2026-04-10T03:20:57.031415Z",
	"deleted_at": null,
	"sha1_hash": "44195950013c9f1346bd747899a3d157a7212a0a",
	"title": "DACLs and ACEs - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35749,
	"plain_text": "DACLs and ACEs - Win32 apps\r\nBy GrantMeStrength\r\nArchived: 2026-04-05 16:36:09 UTC\r\nIf a Windows object does not have a discretionary access control list (DACL), the system allows everyone full\r\naccess to it. If an object has a DACL, the system allows only the access that is explicitly allowed by the access\r\ncontrol entries (ACEs) in the DACL. If there are no ACEs in the DACL, the system does not allow access to\r\nanyone. Similarly, if a DACL has ACEs that allow access to a limited set of users or groups, the system implicitly\r\ndenies access to all trustees not included in the ACEs.\r\nIn most cases, you can control access to an object by using access-allowed ACEs; you do not need to explicitly\r\ndeny access to an object. The exception is when an ACE allows access to a group and you want to deny access to a\r\nmember of the group. To do this, place an access-denied ACE for the user in the DACL ahead of the access-allowed ACE for the group. Note that the order of the ACEs is important because the system reads the ACEs in\r\nsequence until access is granted or denied. The user's access-denied ACE must appear first; otherwise, when the\r\nsystem reads the group's access allowed ACE, it will grant access to the restricted user.\r\nThe following illustration shows a DACL that denies access to one user and grants access to two groups. The\r\nmembers of Group A get Read, Write, and Execute access rights by accumulating the rights allowed to Group A\r\nand rights allowed to Everyone. The exception is Andrew, who is denied access by the access-denied ACE in spite\r\nof being a member of the Everyone Group.\r\nRelated content\r\nAccess control model\r\nSource: https://docs.microsoft.com/windows/desktop/secauthz/dacls-and-aces\r\nhttps://docs.microsoft.com/windows/desktop/secauthz/dacls-and-aces\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.microsoft.com/windows/desktop/secauthz/dacls-and-aces"
	],
	"report_names": [
		"dacls-and-aces"
	],
	"threat_actors": [],
	"ts_created_at": 1775434621,
	"ts_updated_at": 1775791257,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/44195950013c9f1346bd747899a3d157a7212a0a.pdf",
		"text": "https://archive.orkl.eu/44195950013c9f1346bd747899a3d157a7212a0a.txt",
		"img": "https://archive.orkl.eu/44195950013c9f1346bd747899a3d157a7212a0a.jpg"
	}
}