Windows Access Control
- Users belong to groups
- Preconfigured groups with useful default permissions
- Permissions to files are fine grained:
- File permissions can be specified for users, groups, or abstract entities
- Can also specify auditing on an element basis
- Audit can generate log entries for success or failure
- A policy editor allows the centralized specification of the security policy
- Comprehensive, but complex system.
Few users and administrators understand it and use it correctly.