Overview#
MSFT Access Token s component of the Access Control Model-Microsoft Windows that and a Microsoft Windows Access Token that contains the security information for a logon session.MSFT Access Token is created when an entity performed a successful Authenticates and every process executed on behalf of the entity has a copy of the MSFT Access Token.
Microsoft Windows MSFT Access Token identifies the entity, the entity's groups, and the user's privileges. The system uses the MSFT Access Token for Access Control to Protected Resources and to control the ability of the entity to perform various system-related operations on the local computer or within Microsoft Active Directory.
There are at least the following kinds of MSFT Access Token:
Microsoft Windows Security Reference Monitor uses an MSFT Access Token for Identification of the entity when a thread interacts with a securable Resource or tries to perform a system task that requires privileges.
MSFT Access Token contain the following information:
- The Security Identifier (SID) for the user's Digital Identity
- SIDs for the groups of which the user is a member
- A logon SID that identifies the current logon session
- Access Control Entries which is a list of the privileges held by either the user or the user's groups
- An owner SID
- The SID for the PrimaryGroupID
- The default DACL that the system uses when the user creates a securable object without specifying a security descriptor
- The source of the MSFT Access Token
- MSFT Access Token Type: Primary Access Token or an Impersonation Token
- An optional list of restricting SIDs
- Current impersonation levels
- Other statistics
