Maximum number of access control entries in the access control list

Applies to: Windows Server 2008 R2 DatacenterWindows Server 2008 R2 EnterpriseWindows Server 2008 R2 for Itanium-Based Systems


When you add users or groups to the security permissions of an object share, file, or directory, you may receive the following error message:

You have exceeded the operating system's limit on the number of users and groups that can be in a security information structure. Remove some users or groups and try the operation again.

Additonally, when you use Cacls.exe to perform this function, you may receive the following error message:

The parameter is incorrect.


This issue occurs when you reach the maximum size of the access control list (ACL). The size of an ACL varies with the number and size of its access control entries (ACEs). The maximum size of an ACL is 64 kilobytes (KB), or approximately 1,820 ACEs. However, for performance reasons, the maximum size is not practical. 

More Information

For more information about security descriptors and ACLs, go to the following Microsoft website: