Overview#Security Reference Monitor (SRM) is a Microsoft Windows system used to implement security in the Microsoft Windows.
Security Reference Monitor determines whether access to a resource is allowed. The SRM works with the user-mode security subsystem, used for Authentication Request user logons to the Microsoft Windows.
All Microsoft Windows Security Principal Objects have a Security Descriptor, the Access Control List (ACL), associated with consists of individual elements called Access Control Entry (ACEs). Each ACE contains a Security Identifier (SID) of a user of group. A SID is an internal number used with a Microsoft Windows to describe a user and a group uniquely among Microsoft Windows computers. In addition to the SID, the ACE contains a list of actions permitted or denied to a user or group.
When a user logs on to a Microsoft Windows computer after successful authentication, a MSFT Access Token is created for the user. The MSFT Access Token contains the SID of the user and the SIDs of all the groups to which the user belongs. The MSFT Access Token is used to verify all user actions.
Security Reference Monitor, when a logged-on user accesses an object, checks the object's Security Descriptor to see whether a SID listed in the MSFT Access Token matches an ACE entry. If a match exists, the security permissions listed in the matching ACE apply to that user.