How Token Filtering Works
When a user logs on to a Windows Vista or Windows Server 2008 computer, the operating system examines the Relative IDs (RIDs) and privileges of the user. The user will receive two tokens (filtered and full) if her account possesses any of the RIDs listed in Table 4-1 or any of the privileges listed in Table 4-2.
Table 4-1. UAC List of Restricted RIDs
Restricted RIDs | Description |
|---|---|
DOMAIN_GROUP_RID_ADMINS | Administrative domain user account |
DOMAIN_GROUP_RID_CONTROLLERS | Domain Controllers group |
DOMAIN_GROUP_RID_CERT_ADMINS | Certificate Publishers group |
DOMAIN_GROUP_RID_SCHEMA_ADMINS | Schema administrators group |
DOMAIN_GROUP_RID_ENTERPRISE_ADMINS | Enterprise Administrators group |
DOMAIN_GROUP_RID_POLICY_ADMINS | Policy Administrators group |
DOMAIN_ALIAS_RID_ADMINS ... |
Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
