Windows Security Components !

There are some components which are for windows security. Often I have searched on google that how the windows security is actually implemented. From my understanding i want to describe the basic here so that any interested person can get some quick idea. See below:

SAM database: SAM is a databases where users information are stored. It stores all users information excluding domain users. The SAM can be found in HKEY_LOCAL_MACHINE\SAM and Directory : C:\WINDOWS\system32\config\SAM.


LSASS: Local Security Authority Subsystem(LSASS) is responsible for security policy of the windows system. It also alerts security warning to events logs. LSASS is completely responsible for users loging, password changing, token generating etc. If we open the task manager then we will see that there is a running process called lsass.exe as SyStEM user. If we force to exit this process then we have relogin to windows system.

 http://en.wikipedia.org/wiki/Local_Security_Authority_Subsystem_Service
http://www.neuber.com/taskmanager/process/lsass.exe.html


  WinLogon: http://technet.microsoft.com/en-us/library/cc780095%28v=ws.10%29.aspx


NetLogon: http://www.windowsitpro.com/article/domains2/the-netlogon-service-516


AppLocker: It specify which application, file can be used by an specified users. This can set Restriction to access specific file(Access control).


Active Directory: Active Directory stores information of users,groups, computers of domain. 

Security reference monitor (SRM): http://www.cs.gmu.edu/~menasce/osbook/nt/tsld034.html


Quickly written for searching purpose :)....