An object generated during a successful logon by the security subsystem in Microsoft Windows NT and Windows 2000 and attached by the Winlogon process to all the user’s processes. An access token is used to uniquely identify the user’s processes in order to provide the user with appropriate access to resources on a network.
An access token is like a card key. Your card key will provide you with access to doors that have been configured to grant you permission to open them. The list of card keys that a door will accept is analogous to an access control list (ACL).
When you successfully log on to Windows NT or Windows 2000, you are granted an access token, which is attached to all your user processes. Your access token contains the security identifier (SID) of your user account and every group to which you belong. When your application tries to access an object such as a file on a volume formatted with the NTFS file system, Windows NT or Windows 2000 compares the SIDs in your application’s access token to those in the access control entries (ACEs) in the object’s ACL. If it finds a match, the system grants access to that object.