- A data structure that contains authentication and authorization information for a user.
- Windows creates the access token when the user logs on and the user's identity is confirmed.
- The access token contains the user's security ID (SID), the list of groups that the user is a member of, and the list of privileges held by that user.
- Each process or thread started for the user inherits a copy of the access token. In some cases a user may have more than one access token, with different levels of authority.
What do they do?
- Provide the security context for processes and threads when accessing objects in the system
- Securable objects include files, directories, devices, registry keys, etc, and have specific user and group permissions.