The security functionality in Windows 2000 has several components. I looked briefly at some of these components in Chapter 1, "Architecture" ; now it's time to really dig in:
Security Reference Monitor (SRM)— The component of the Windows 2000 Executive (kernel) that actually performs the security access checks, adjusts privileges, and generates audit messages when necessary.
Local Security Authority (LSA)— A privileged user-mode process that enforces local security policy. This includes logon, password, and audit policies and privileges affecting the local system (such as the right to back up and the right to debug programs). Also works with the SRM to process logons and audits. Implemented in LSASS.EXE.
Logon Process (WINLOGON. ...