You
might even hear the Administrator be called the ???500 account.???
Access Token
Allowme to start the explanation of access tokens with an example that might help you
understand them. If you work in an environment with controlled entry, you are probably
familiar with presenting your badge to a security guard or a card reader to gain
access. Your badge identifies who you are and might also designate you as a member of a
certain group having certain rights and privileges. For example,my blue badge grants me
access at times when a yellow badge or purple badge is denied entry. My security badge
also grants me access to enter a private lab wheremy test machines are stored. This is an
access right granted to me by name; not all full-time employees are granted that access.
Windows access tokens work in a similar manner as my employee badge. The access
token is a container of all a user??™s security information and it is checked when that user
requests access to a secured resource. Specifically, the access token contains the
following:
??? Security identifier (SID) for the user??™s account
??? SIDs for each of the groups for which the user is a member
??? A logon SID that identifies the current logon session, useful in Terminal
Services cases to maintain isolation between the same user logged in with
multiple sessions
??? A list of the privileges held by either the user or the user??™s groups
??? Any restrictions on the privileges or group memberships
??? A bunch of other flags to support running as a less-privileged user
Despite all the preceding talk about tokens in relation to users, tokens are actually
connected to processes and threads.
Pages:
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705