What is a security descriptor?

A security descriptor is a structure and associated data that contains the security information for a securable object. A security descriptor identifies the object's owner and primary group. It can also contain a DACL that controls access to the object, and a SACL that controls the logging of attempts to access the object.

And just what is a DACL? This is a discretionary access control list and when present on the object the system will grant access.  For information on DACLs see:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa446683(v=vs.85).aspx (and this is a useful article, that as far as I can tell is correct)

A code sample that is current can be found at:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa446595(v=vs.85).aspx

For a more complete and generalized discussion see:

 

http://www-unix.globus.org/toolkit/docs/4.0/security/authzframe/security_descriptor.html