Access Tokens Technical Reference

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Access Tokens Technical Reference

When a user is authenticated, the Local Security Authority (LSA) creates an access token for that user. An access token contains a security identifier (SID) for the user, all of the SIDs for the groups to which the user belongs, and the user’s privileges. If you add a user to a group after the user access token has been issued, or you modify privileges assigned to the user account, the user must log off and then log on again before the access token will be updated.

This subject will explain what an access token is in the Microsoft Windows Server 2003 operating system, and how the system uses access tokens to grant access to resources.

In this subject

• What Are Access Tokens?

• How Access Tokens Work

• Access Tokens Tools and Settings