ForestSafe Access Control Containers (FACs) are extending Access Control lists (ACLs). Whereas ACL are a static list of computers, FACs can contain dynamic lists based on pattern matches of hostnames, group memberships and the computers location in Active Directory.
FACs can also be nested in a hierarchy and a single FAC can link to several sub FACs simultaneously.
They are used when configuring Privileged Accounts to restrict the computers the group are allowed to access.
