Microsoft® Windows® Internals: Microsoft Windows Server™ 2003, Windows XP, and Windows 2000, 4th Edition
by Mark E. Russinovich, David A. Solomon
Security System Components
These are the core components and databases that implement Windows security:
Security reference monitor (SRM) A component in the Windows executive (\Windows\ System32\Ntoskrnl.exe) that is responsible for defining the access token data structure to represent a security context, performing security access checks on objects, manipulating privileges (user rights), and generating any resulting security audit messages.
Local security authority subsystem (Lsass) A user-mode process running the image \Windows\System32\Lsass.exe that is responsible for the local system security policy (such as which users are allowed to log on to the machine, password policies, privileges granted to users and groups, and the system security auditing ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access