Access Token is an object generated during a successful logon by the security subsystem in Microsoft Windows systems and attached by the Winlogon process to all the user’s processes.

An access token is used to uniquely identify the user’s processes in order to provide the user with appropriate access to resources on a network.

How it works

An access token is like a card key. Your card key will provide you with access to doors that have been configured to grant you permission to open them. The list of card keys that a door will accept is analogous to an access control list (ACL).

Access token -> Access Control List

When you successfully log on to Windows NT or Windows 2000, you are granted an access token, which is attached to all your user processes. Your access token contains the security identifier (SID) of your user account and every group to which you belong.

When your application tries to access an object such as a file on a volume formatted with the NTFS file system, Windows NT or Windows 2000 compares the SIDs in your application’s access token to those in the access control entries (ACEs) in the object’s ACL. If it finds a match, the system grants access to that object.