1.Any process(hence thread) running in windows is under a "logon session","user account" or
"group account"
2.lets talk about a client application and a server service in windows
the above applies to client
3.for server service, when this service application is written, the programmer can specify
security details of all obects it creates and accesses.for he can associate a security info with a directory he creates and another he acceses.before accessing a directory he can also impersonate before the access
4.the service application will have a data structure called DACL,SACL in which he stores the information of all objects
5.client also have access to SID that represent accounts
6.while doing remote access, first a logon session is established, this inturn will give client attributes to each access done by that session.
No comments:
Post a Comment