From the Security tab of the Properties dialog box, click the Advanced button to see more detailed information about the SD. This interface, called the Advanced Security Settings dialog box, shown in Figure has tabs for permissions, auditing, ownership, and effective permissions.



The Permissions tab of the Advanced Security Settings dialog box has the following important
features, some of which might not be familiar to you:

■ In Windows Server 2008 and Windows Vista, each tab of the dialog box is in view mode. You must click the Edit button on a tab (which will be enabled only if your credentials enable you to make a change) to modify settings on that tab.

■ Unlike the Security tab of the Properties dialog box, you can identify the source of inherited permissions: The Inherited From column indicates the parent folder or volume where the permissions are explicitly defined. Permissions assigned explicitly to the selected object show “<not inherited>” in the Inherited From column.

The initial view of permission entries is in canonical order. This means the ACEs (Access Control Entries) are listed in the order in which the local security subsystem analyzes them against the SIDs in the security token. The first match that is found—allow or deny—for the specific type of access that is being requested is used to determine whether that access is permitted.

Therefore, the “more important” or “winning” permissions are at the top of the list. You can sort the list by clicking any column header, and therefore change the list from canonical order. However, when you close and reopen the Advanced Security Settings dialog box, you will again see the ACEs in canonical order.