A feature in the security framework of Microsoft Windows NT and Windows 2000 that allows the access control entry (ACE) for an object whose security settings are being configured to be propagated to other objects that are beneath it in the file system or directory hierarchy. In Windows NT, inheritance is used in the NTFS file system for propagating the permissions assigned to a folder to the files and folders within that folder.
In Windows 2000, inheritance also applies to Active Directory and allows permissions assigned to a container or an organizational unit (OU) within Active Directory to be propagated further down the directory tree.
Inheritance also appears in other directory-based systems such as Microsoft Exchange Server, in which Exchange administrative permissions assigned to a container in the Exchange directory that is based on the Lightweight Directory Access Protocol (LDAP) can be applied to leaf objects and other containers within that container.
Inheritance simplifies the administration of hierarchical file systems and directories by allowing administrators to configure ACEs globally and then modify them on an exception basis, rather than configure ACEs individually for each object in the system.