Introducing Access Control in Windows

The Windows approach to security is discretionary: each securable system resource—each file or printer, for example—has an owner, who has discretion over who can and cannot access the resource . Usually, a resource is owned by the user who created it. If you create a file, for example, you are the file's owner under ordinary circumstances . (Computer administrators, however, can take ownership of resources they didn't create.)

To determine which users have access to a resource, Windows assigns a security identifier (SID) to each user account. Your SID (a gigantic number guaranteed to be unique) follows you around wherever you go in Windows . When you log on, the operating system first validates your user name and password. Then it creates a security access token. You can think of this as the electronic equivalent of an ID badge. It includes your user name and SID, plus information about any security groups to which your account belongs. (Security groups are described later in this chapter.) Any program you start gets a copy of your security access token

With User Account Control (UAC) turned on, administrators who log on get two security access tokens—one that has the privileges of a standard user, and one that has the full privileges of an administrator

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment