The Windows approach to security is discretionary: each securable system resource—each file or printer, for example—has an owner, who has discretion over who can and cannot access the resource . Usually, a resource is owned by the user who created it. If you create a file, for example, you are the file's owner under ordinary circumstances . (Computer administrators, however, can take ownership of resources they didn't create.)
To determine which users have access to a resource, Windows assigns a security identifier (SID) to each user account. Your SID (a gigantic number guaranteed to be unique) follows you around wherever you go in Windows . When you log on, the operating system first validates your user name and password. Then it creates a security access token. You can think of this as the electronic equivalent of an ID badge. It includes your user name and SID, plus information about any security groups to which your account belongs. (Security groups are described later in this chapter.) Any program you start gets a copy of your security access token
With User Account Control (UAC) turned on, administrators who log on get two security access tokens—one that has the privileges of a standard user, and one that has the full privileges of an administrator
Was this article helpful?