Process or thread User sid Object ACL Group sid MN Object Owner Userl SID: R/W/X/D ACE 0 Priviledges Object groups Owner sid Default acL 州 Group2SID:R/X ACe 1 Primary group security Descriptor User2 SID: R/W/X ACE 2 Ac ccess oken Windows nt的对象访问权限认证ACL User1 SID:R/W/X/D ACE 0 Group2 SID:R/X ACE 1 User2 SID:R/W/X ACE 2 Process or Thread Access Token User SID Group SID Priviledges Owner SID Primary Group Security Descriptor Object Owner Object Groups Default ACL Object Windows NT的对象访问权限认证