Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following diagram shows the internal components of the DAC system.
Figure 9: Internal components of the DAC system
The Local Security Authority (LSA) is the security subsystem in Windows. This component is responsible for creating the access token with the user authorization information (PAC), privileges from the LSA policy database, and local security groups from the security account manager (SAM) database.
The Security Reference Monitor (SRM) is the component of Windows that implements the authorization system. It is the only security component of Windows that is running in the highly privileged operating system kernel mode. It implements the access check algorithm, and it checks access to resources by comparing the access control entries (ACEs) in the security descriptor with the group membership information in the user's access token.