What are the core components of Windows Security System?

Followings are the core components that implement Windows security:
· Security reference monitor (SRM) A component in the Windows executive (\Windows\ System32\Ntoskrnl.exe) that is responsible for defining the access token data structure to represent a security context, performing security access checks on objects, manipulating privileges (user rights), and generating any resulting security audit messages.

· Local security authority subsystem (Lsass) A user-mode process running the image \Windows\System32\Lsass.exe that is responsible for the local system security policy (such as which users are allowed to log on to the machine, password policies, privileges granted to users and groups, and the system security auditing settings), user authentication, and sending security audit messages to the Event Log. The local security authority service (Lsasrv—\Windows\System32\Lsasrv.dll), a library that Lsass loads, implements most of this functionality.

· Lsass policy database A database that contains the local system security policy settings. This database is stored in the registry under HKLM\SECURITY. It includes such information as what domains are entrusted to authenticate logon attempts, who has permission to access the system and how (interactive, network, and service logons), who is assigned which privileges, and what kind of security auditing is to be performed. The Lsass policy database also stores "secrets" that include logon information used for cached domain logons and Windows service user-account logons.

· Security Accounts Manager (SAM) service: A set of subroutines responsible for managing the database that contains the usernames and groups defined on the local machine. The SAM service, which is implemented as \Windows\System32\Samsrv.dll, runs in the Lsass process.

· SAM database A database that on systems not functioning as domain controllers contains the defined local users and groups, along with their passwords and other attributes. On domain controllers the SAM stores the system's administrator recovery account definition and password. This database is stored in the registry under HKLM\SAM.

· Authentication packages These include dynamic-link libraries (DLLs) that run both in the context of the Lsass process and client processes and that implement Windows authentication policy. An authentication DLL is responsible for checking whether a given username and password match, and if so, returning to the Lsass information detailing the user's security identity, which LSASS uses to generate a token.

· Logon process (Winlogon) A user-mode process running \Windows\System32\ Winlogon.exe that is responsible for responding to the SAS and for managing interactive logon sessions. Winlogon creates a user's shell (user-interface) process when the user logs on.

· Graphical Identification and Authentication (GINA) A user-mode DLL that runs in the Winlogon process and that Winlogon uses to obtain a user's name and password or smartcard PIN. The standard GINA is \Windows\System32\Msgina.dll.

· Network logon service (Netlogon) A Windows service (\Windows\System32\ Netlogon.dll) that sets up the secure channel to a domain controller, over which security requests—such an interactive logon (if the domain controller is running Windows NT 4) or LAN Manager and NT LAN Manager (v1 and v2) authentication validation—are sent.