http://msmvps.com/blogs/alunj/archive/2006/02/13/83472.aspxSDDL was introduced by Microsoft in Windows 2000, as a counter to the difficulty developers had in writing (and administrators had in reading) Security Descriptors, and specifically the Access Control Lists that come with them. The recent advisory aboutenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/alunj/archive/2006/02/13/83472.aspx#84539Wed, 22 Feb 2006 16:33:19 GMTd67277c4-116b-43f1-b688-e9ef184ea916:84539Dana Epp's ramblings at the SanctuaryMicrosoft has recently released a KB article on Best practices and guidance for writers of service discretionary access control lists that I think developers of services on Windows should really read. In the article Microsoft shows how to successfully apply DACLs to make services more secure for our workstations and servers, and offers guidance on how to assess the security of your application. A majority of the information surrounds around understanding and interpreting SDDL (Security Descriptor Definition Language), something I fear too many developers don't properly understand. I would also recommend that you check out the MSDN hub on Service Security and Access Rights. There you can get a better feeling for how the Windows security model enables controlled access to service objects and the service control manager (SCM). Happy reading! UPDATE: Alun reminded me in the comments that he wrote a pretty good post on how to read SDDL a few weeks back. You can check it out here....<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=84539" width="1" height="1">http://msmvps.com/blogs/alunj/archive/2006/02/13/83472.aspx#84538Wed, 22 Feb 2006 16:09:03 GMTd67277c4-116b-43f1-b688-e9ef184ea916:84538Tales from the CryptoThanks to Dana Epp's blog for drawing my attention to Microsoft's rather easier-to-read explanation of...<div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=84538" width="1" height="1">