Share via


Security Principals Technical Reference

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security Principals Technical Reference

In this subject

Security principals include the following:

  • Any entity that can be authenticated by the system, such as a user account, a computer account, or a thread or process that runs in the security context of a user or computer account.

  • Security groups of these accounts.

Every security principal is automatically assigned a security identifier (SID) when it is created.

Accounts and security groups that are created in an Active Directory directory service domain are directory objects, and they can be used to manage access to domain resources.

Local user accounts and security groups are created on a local computer, and they can be used to manage access to resources on that computer. Local user accounts and security groups are stored in and managed by the Security Accounts Manager (SAM) on the local computer.

In Microsoft Windows Server 2003, security principals are a foundation for controlling access to securable resources.