NTFS: Structure of $Secure File

NTFS General Information > NTFS Permissions > Structure of $Secure File

Structure of $Secure File

The table below describes the MFT record structure of the file named $Secure.

$Secure file MFT record structure

Attribute Type	Name	Description
$STANDARD_INFORMATION
$FILE_NAME	$Secure
$DATA	$SDS	Security Descriptor Stream. Named data stream that contains a list of all the Security Descriptors on the volume.
$INDEX_ROOT	$SDH	Security Descriptor Hash index root
$INDEX_ROOT	$SII	Security ID index root
$INDEX_ALLOCATION	$SDH	Security Descriptor Hash index storage allocation table
$INDEX_ALLOCATION	$SII	Security ID Index storage allocation table
$BITMAP	$SDH	Security Descriptor Hash index bitmap
$BITMAP	$SII	Security ID Index bitmap

The figure below shows the $SDS and two indexes that provide access to the data stream: $SDH (Security Descriptor Hash) and $SII (Security ID Index).

$SDS Data Stream

The picture illustrates that each entry in the file is accompanied by two indexes:

a Security Descriptor Hash for indexing purposes
a Security ID, related to the MFT file record; this ID is unique for the NTFS volume and is used as a reference to the $SII index

The $SII index is sorted in ascending order by Security ID and maps each Security ID to the security descriptor's storage location in the $SDS data attribute.

Previous | NTFS Permissions | Next