Access Token


Access Token is an object generated during a successful logon by the security subsystem in Microsoft Windows systems and attached by the Winlogon process to all the user’s processes.



An access token is used to uniquely identify the user’s processes in order to provide the user with appropriate access to resources on a network.

How it works

An access token is like a card key. Your card key will provide you with access to doors that have been configured to grant you permission to open them. The list of card keys that a door will accept is analogous to an access control list (ACL).

Access token -> Access Control List

Access Token

When you successfully log on to Windows NT or Windows 2000, you are granted an access token, which is attached to all your user processes. Your access token contains the security identifier (SID) of your user account and every group to which you belong.



When your application tries to access an object such as a file on a volume formatted with the NTFS file system, Windows NT or Windows 2000 compares the SIDs in your application’s access token to those in the access control entries (ACEs) in the object’s ACL. If it finds a match, the system grants access to that object.

Editor

Articles posted after being checked by editors.

Recent Content

link to Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure, also known as PKI, is a set of services that support the use of public-key cryptography in a corporate or public setting. A public key infrastructure (PKI) enables key pairs to be generated, securely stored, and securely transmitted to users so that users can send encrypted transmissions and digital signatures over distrusted public networks such as the Internet.
link to Digital Signature

Digital Signature

Digital Signature is an electronic signature that you can use to sign a document being transmitted by electronic means such as e-mail. Digital signatures validate the identity of the sender and ensure that the document they are attached to has not been altered by unauthorized parties during the transmission.