Introducing Access Control in Windows

The Windows approach to security is discretionary: each securable system resource—each file or printer, for example—has an owner, who has discretion over who can and cannot access the resource . Usually, a resource is owned by the user who created it. If you create a file, for example, you are the file's owner under ordinary circumstances . (Computer administrators, however, can take ownership of resources they didn't create.)

To determine which users have access to a resource, Windows assigns a security identifier (SID) to each user account. Your SID (a gigantic number guaranteed to be unique) follows you around wherever you go in Windows . When you log on, the operating system first validates your user name and password. Then it creates a security access token. You can think of this as the electronic equivalent of an ID badge. It includes your user name and SID, plus information about any security groups to which your account belongs. (Security groups are described later in this chapter.) Any program you start gets a copy of your security access token

With User Account Control (UAC) turned on, administrators who log on get two security access tokens—one that has the privileges of a standard user, and one that has the full privileges of an administrator

Was this article helpful?

0 0
Digital Cancers

Digital Cancers

Get All The Support And Guidance You Need To Be A Success At Protecting Your PC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Damaging Facts About Computer Viruses.

Get My Free Ebook

Post a comment