Overview#Primary Access Token (Microsoft Windows) the Microsoft Windows system uses the Primary Access Token for Access Control to Protected Resources and to control the ability of the user to perform various system-related operations on the Local Computer.
Primary Access Token is generated by the Local Security Authority Subsystem Service (LSASS) and Security Reference Monitor (SRM) right after the first communication between the NTLM and SAMSRV.dll when translating from username to Security Identifier (SID).
Primary Access Token is an object that describes the security context of a process or thread. The information in a token includes the identity and privileges of the user account associated with the process or thread.
When a user logs on, the system verifies the user's password by comparing it with information stored in a security database. If the password is authenticated, the system produces an access token. Every process executed on behalf of this user has a copy of this access token.