Access Token

From Bauman National Library
This page was last modified on 18 June 2016, at 15:02.
Access Token
Developer(s) Microsoft Windows
Repository {{#property:P1324}}
Written in C++
Operating system Windows
Type Access Token
Website Official

The access token is an operating system object that describes the context of restrictions on access to the process or thread. It contains the privileges corresponding to the user account associated with a process or thread. The access token is created after successful identification of the user in the system. Thereafter, each process that is anyway the user data is started, it is accompanied by a copy of the token. The access token contains a plurality of security identifiers (security identifiers, SID), defining the user accounts and the groups to which it belongs. In addition, an access token contains a list of privileges - rights of access to certain facilities offered by a particular account. With this information, the operating system determines the capabilities of the user's access to resources.


Markers length varies due to the fact that the accounts of different users have different sets of privileges and compared with different groups of accounts. Ho all markers comprise the same information shown in Fig.1

Fig.1 Access Token

Security mechanisms used two marker element to determine which facilities are available and what operations can be performed. The first element consists of the user's SID and the SID field group account. Using SID-IDs, the SRM determines whether it is possible to provide the requested type of access to the protected object, such as an NTFS file. SID in the token groups indicate in which groups is the user account. When processing client requests server applications can block certain groups to limit the protection of certificates that are associated with the marker. Blocking groups gives almost the same effect as that of its exclusion from the marker. The second element of the marker, determining what can make a thread or process is assigned to the marker is a list of privileges - rights that are associated with the marker. An example of a privilege is the right to serve process or thread that is associated with a marker, to turn off the computer. Fields core group of the default marker and selective access control list (discretionary access-control list, DACL) represent the security attributes applied to objects that are process or thread using a marker. Incorporating markers security information for processes and threads simplifies the creation of objects with standard protection attributes, as in this case, they do not need to request information about the protection when creating each object.

Types of markers

The marker may be:

  1. The main (primary token) (identifies the security context of the process)
  2. Personifies (impersonation token) (used for temporary borrowing flow security context of another - usually another user). Impersonation Markers report impersonation level that determines what type of impersonation is active in the marker.

View tokens

The command dt_TOKEN (Figure 2) shows the format of the kernel debugger internal object "marker". Although its structure is different from the user-mode marker structure, similar to their fields. [1]

Fig.2 dt_TOKEN

Marker process

The marker for the process can be seen with the command !Token. Address marker you will find in the information submitted by a team of !process (Figure 3):

Fig.3 !process


Cite error: Invalid <references> tag; parameter "group" is allowed only.

Use <references />, or <references group="..." />


  • Detailed description see markers. Documentation Platform SDK. - Https://