Windows NT security model
E805871
The Windows NT security model is a comprehensive, enterprise-oriented access control and authentication framework used by Windows operating systems to manage user rights, permissions, and system protection.
Statements (75)
| Predicate | Object |
|---|---|
| instanceOf |
access control model
ⓘ
authentication framework ⓘ computer security model ⓘ |
| abbreviation | SID-based security model ⓘ |
| accessTokenContains |
default DACL
ⓘ
group SID ⓘ privilege ⓘ user SID ⓘ |
| coreConcept | Security Identifier ⓘ |
| designedFor | enterprise environments ⓘ |
| developedBy | Microsoft ⓘ |
| enforcesPolicy | least privilege ⓘ |
| includesComponent |
Access Token
ⓘ
Active Directory NERFINISHED ⓘ Audit policy ⓘ Group Policy ⓘ LSASS NERFINISHED ⓘ Local Security Authority Subsystem Service NERFINISHED ⓘ Privilege management ⓘ SAM database NERFINISHED ⓘ Security Descriptor ⓘ Security Reference Monitor NERFINISHED ⓘ User Rights Assignment ⓘ |
| influencedBy | C2 security requirements ⓘ |
| primaryGoal |
auditable access control
ⓘ
resource protection ⓘ user isolation ⓘ |
| securityDescriptorContains |
DACL
ⓘ
SACL ⓘ group SID ⓘ owner SID ⓘ |
| supportsAccessControlType |
discretionary access control
GENERATED
ⓘ
privilege-based access control GENERATED ⓘ role-like group-based access control GENERATED ⓘ system access control GENERATED ⓘ |
| supportsAuthenticationMechanism |
batch logon
ⓘ
interactive logon ⓘ network logon ⓘ remote interactive logon ⓘ service logon ⓘ |
| supportsAuthenticationProtocol |
Kerberos
NERFINISHED
ⓘ
NTLM NERFINISHED ⓘ |
| supportsFeature |
UAC-based elevation
ⓘ
account lockout policy ⓘ auditing ⓘ delegation ⓘ file system permissions ⓘ impersonation ⓘ job object permissions ⓘ kernel object permissions ⓘ logon rights ⓘ named pipe permissions ⓘ object-level permissions ⓘ password policy ⓘ privilege escalation control ⓘ process and thread permissions ⓘ registry permissions ⓘ service control manager permissions ⓘ share permissions ⓘ token privileges ⓘ |
| supportsSecurityPrincipal |
computer account
GENERATED
ⓘ
group account GENERATED ⓘ service account GENERATED ⓘ user account GENERATED ⓘ |
| usedInOperatingSystemFamily |
Windows 2000
NERFINISHED
ⓘ
Windows NT NERFINISHED ⓘ Windows Server family NERFINISHED ⓘ Windows XP NERFINISHED ⓘ modern Microsoft Windows ⓘ |
| usesAccessControl |
Access Control List
NERFINISHED
ⓘ
Discretionary Access Control List NERFINISHED ⓘ System Access Control List ⓘ |
| usesAccessControlEntry | ACE ⓘ |
| usesDataStructure | access token ⓘ |
| usesIdentifier | Security Identifier ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.