What is Security Subsystem?
The component of the Microsoft Windows NT and Windows 2000 operating systems that validates logons and authenticates access to network resources. Portions of the security subsystem run in kernel mode and portions run in user mode, as shown in the following diagram. The components that work together to provide security in Windows NT and Windows 2000 include the following:
Local Security Authority (LSA): Checks to see whether users have permission to access the system itself. The LSA manages the local security policy, generates access tokens, supports interactive logons, and manages auditing.
Logon processes: Display the Windows NT and Windows 2000 Security dialog boxes, in which a user can log on to the system interactively. Windows NT and Windows 2000 also include remote logon processes for pass-through authentication by remote users who want to access network resources.
Security Account Manager (SAM) database: The database in the registry that contains the user and group account credentials. The LSA uses the SAM database to determine whether to allow a user to log on to the network.
Security Reference Monitor: Checks to see whether users have permission to access a particular object, such as a file on an NTFS volume. The Security Reference Monitor enforces the access validation functions of the LSA and generates audit messages (if this feature is enabled).
Graphic S-3. Security subsystem.