Security Descriptor

Stores the security descriptor of a Distributed File System resource. The following table summarizes the attributes of the Security Descriptor property.

Attribute Value
Data type Byte array
Access Read/write (see Remarks)
Status Optional
Maximum None (but see Maximum Property Size.)
Default 0


Although the property value is read/write, the underlying security descriptor can be changed only through the Access Control or Network Management APIs. To change the value of the Security Descriptor property.

  • Retrieve the value of the property.

  • Assign the value to a SECURITY_DESCRIPTOR structure.

  • Pass the value to any Access Control or Network Management API function that will change the discretionary access control list (DACL) of the descriptor, such as SetSecurityDescriptorDacl or NetShareSetInfo.

  • Once the value has been modified, update the Security Descriptor property.

  • Take the Distributed File System resource offline and bring it back online to activate the new security settings.


When you use the Failover Cluster API to create the File Share resource, permissions for the "Everyone" group for that file share are set to full control by default. You can modify this property as previously described to change the default permissions.


Minimum supported client
None supported
Minimum supported server
Windows Server 2008 Datacenter, Windows Server 2008 Enterprise

See also

Distributed File System Private Properties

Access Control


Network Management