An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token. The token identifies the user, the user's groups, and the user's privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There are two kinds of access token, primary and impersonation. See also impersonation token, primary token, privilege, process, and security identifier.
An object that contains security information for a logon session. The access token contains the SIDs for the user, all the groups a user belongs to, and a list of the user's privileges on a local computer. See also SID.