Access Tokens Technical Reference

Updated: March 28, 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Access Tokens Technical Reference

When a user is authenticated, the Local Security Authority (LSA) creates an access token for that user. An access token contains a security identifier (SID) for the user, all of the SIDs for the groups to which the user belongs, and the user’s privileges. If you add a user to a group after the user access token has been issued, or you modify privileges assigned to the user account, the user must log off and then log on again before the access token will be updated.

This subject will explain what an access token is in the Microsoft Windows Server 2003 operating system, and how the system uses access tokens to grant access to resources.

In this subject

Community Additions