When you log on to your computer, Windows follows a specific process to validate you as an authorized user and to decide what you are allowed to do. At the end of the process, Windows has all the information it needs to allow or deny actions based on your security settings. Here are the steps Windows takes to validate a user and build the necessary security information:

1. Windows prompts the user to enter identification and authentication credentials. This can be a prompt for username and password, token entry such as a smart card or a token generated password, or a biometric device, such as a fingerprint reader.

2. Windows looks up the defined user and the associated authentication information. If the supplied information matches the stored information, the user is authenticated.

3. Once a user has been authenticated, the operating system records the user account’s security identifier (SID), the SID of each group to which the user is assigned, and the current user’s privileges in a token. A token is just a collection of information all stored together. The token that Windows uses to store all the SIDs is called the Security Access Token (SAT). FIGURE 3-2 shows a Windows SAT.

4. The SAT, with all the user and group SIDs, is attached to each process the user runs.