Overview#

Integrity Level, in Microsoft Windows, are represented by Security Identifiers (SIDs).

Microsoft Windows defines four integrity levels:

• Low (SID: S-1-16-4096)
• Medium (SID: S-1-16-8192) - Standard MSA receive medium
• High (SID: S-1-16-12288) - elevated MSA receive high
• System (SID: S-1-16-16384)

By default, processes started by a regular user gain a Medium Integrity Level and elevated processes have High Integrity Level

Processes started and objects you create receive the Integrity Level (medium or high) or low if the executable file's level is low.

System services receive system integrity.

Objects that lack an integrity label are treated as medium by the Operating System; this prevents low-integrity code from modifying unlabeled objects.

Additionally, Windows ensures that processes running with a low Integrity Level cannot obtain access a process which is associated with an app container.

More Information#

There might be more information for this subject on one of the following:

• Mandatory Integrity Control

---

• [#1] - Mandatory Integrity Control - based on information obtained 2020-09-02