Instead of accessing objects directly users requesting access to objects must

the SRM maintains only one copy of the access validation code on the system. Instead of accessing objects directly, users requesting access to objects must have SRM validation. The steps used to determine user access to objects are as follows: • When access to an object is requested, a comparison is made between the file’s security descriptor and the SID information stored in the user’s access token. The user will obtain access to the object given sufficient rights. The security descriptor is made up of all the Access Control Entries (ACE) included in the object’s Access Control List (ACL). • When the object has an ACL, the SRM checks each ACE in the ACL to determine if access to the object is granted. If the object has no ACL associated with it, SRM automatically allows access to everyone. If the object has an ACL with no ACEs, all access requests to that object will be denied. • After the SRM grants access to the object, continued validation checks are not needed to access the particular object. Any future access to the object is obtained by the use of a handle which was created when the access was initially validated. Figure 3: SRM Access Validation Process 9.4 NT Logon Windows NT logon processes provide mandatory logon for user identification and cannot be disabled. Before accessing any resources on the system, the users go through the logon process so that the security subsystem can authenticate the user name and password.

222 222 To protect against an application running in background mode, such as a Trojan logon program, the logon process begins with a Welcome message box that requests the user to press Ctrl, Alt and Del keys before activating the actual logon screen. Logon Banner A logon banner, also referred to as a warning banner, should be added to warn individuals who may try gaining access to a system without authorization. If activated, this message is displayed after the Welcome message in a dialog box that must be confirmed. The text and style of the legal notice is set in the Registry Editor. 9.4.0 NT Logon Process Outlined in Figure 4 is the Windows NT logon process: A Welcome dialog is displayed which requires a user name, password and the server/domain the user would like to access. If the user information is valid, the system proceeds to authenticate the user. User authentication is determined by passing the user input from the Welcome screen to SAM via the security subsystem. SAM does a comparison between the user logon information and the server’s SAM database. If the data matches, the server notifies the workstation of the approval. The server also stores information about the user, such as account privileges, home directory location and workstation variables. The LSA now constructs the access token. The access token is connected with each process the user runs. This process and token information together form a subject. When a user requests access to an object, the contents of the subject’s token are compared to the object’s ACL through an access validation procedure. This access validation procedure grants or denies permission to the user’s request. 9.5