A
- AAM (Admin Approval Mode), Running with Administrator Rights
- aborts, Trap Dispatching
- absolute timers, Timer Expiration
- abstract classes, Providers
- AcceptEx function, Winsock Server Operation
- access, ACL Assignment, Ghosts, Network Access Protection
- caching, Ghosts
- determining, ACL Assignment
- network, Network Access Protection
- access checks, Protecting Objects, ACL Assignment, Determining Access, Determining Access, Determining Access
- access token-based, Determining Access
- discretionary, ACL Assignment, Determining Access
- user-mode equivalents, Determining Access
- access control, Security, Trusted Computer System Evaluation Criteria, Security Descriptors and Access Control, The AuthZ API, The AuthZ API
- claims based, The AuthZ API
- discretionary, Trusted Computer System Evaluation Criteria
- forms of, Security
- identity-based, The AuthZ API
- access control entries (ACEs), Security Descriptors and Access Control (see ACEs (access control entries))
- access control lists (ACLs), Security Descriptors and Access Control (see ACLs (access control lists))
- access logging, Protecting Objects
- access mask, specifying, Object Security
- access rights, Reserve Objects, Protected Processes, Protected Processes, Determining Access, Assured Authentication, User Account Control and Virtualization
- administrative vs. user, User Account Control and Virtualization
- group claims, Assured Authentication
- process requests, Protected Processes
- protected processes and, Protected Processes
- revocation, Determining Access
- to objects, Reserve Objects
- access tokens, Services, Functions, and Routines, Processes, Threads, and Jobs, Local Session Manager (Lsm.exe), Tokens, Determining Access, Super Privileges, User Logon Steps, User Logon Steps, User Logon Steps, Application Identification (AppID)
- access checks based on, Determining Access
- AppIDs in, Application Identification (AppID)
- creation, User Logon Steps
- generation, Local Session Manager (Lsm.exe)
- privileges, adding, User Logon Steps
- user, User Logon Steps
- access validation, Determining Access, Determining Access
- ACE ordering, Determining Access
- algorithms, Determining Access
- access-denied errors, Process Monitor Troubleshooting Techniques
- AccessCheck, Digging into Windows Internals, Object Security, Integrity Levels, Determining Access
- object integrity levels, viewing, Integrity Levels
- object security checks, Object Security
- AccessCheckByType function, Determining Access
- account profiles, loading, Service Startup
- account rights, Conditional ACEs, Account Rights
- defined, Conditional ACEs
- ACEs (access control entries), Security Descriptors and Access Control, Security Descriptors and Access Control, Security Descriptors and Access Control, Security Descriptors and Access Control, ACL Assignment, ACL Assignment, Determining Access, Determining Access, Determining Access, The AuthZ API, Security Auditing, Application Identification (AppID), AppLocker
- audit types, Security Auditing
- conditional, The AuthZ API, Application Identification (AppID), AppLocker
- flags, Security Descriptors and Access Control
- in SACLs, Security Descriptors and Access Control
- inheritance, Security Descriptors and Access Control
- order of, ACL Assignment, Determining Access
- processing, Determining Access
- propagation, ACL Assignment
- viewing, Determining Access
- ACLs (access control lists), Reserve Objects, Service Isolation, Virtual Service Accounts, Virtual Service Accounts, Security Descriptors and Access Control, Security Descriptors and Access Control, Security Descriptors and Access Control, ACL Assignment
- accumulation of access rights, Security Descriptors and Access Control
- ACE order in, ACL Assignment
- assigning, Security Descriptors and Access Control
- displaying, Reserve Objects
- services, permissions for, Service Isolation
- types, Security Descriptors and Access Control
- virtual service accounts in, Virtual Service Accounts, Virtual Service Accounts
- act as part of operating system privilege, Super Privileges
- Action Center, viewing crashes in, Windows Error Reporting
- activation contexts, DLL Name Redirection
- active desktop, Winlogon Initialization
- Active Directory, HKEY_LOCAL_MACHINE, Security System Components, Security Descriptors and Access Control, RPC Operation, Remote Access, Remote Access, Remote Access, Active Directory, Active Directory
- ACEs used in, Security Descriptors and Access Control
- APIs to access objects, Remote Access
- architecture, Active Directory
- directory service, Active Directory
- schema, Remote Access
- server name publishing integration, RPC Operation
- Active Directory Service Interfaces (ADSI), Remote Access
- Active Directory Users and Groups MMC snap-in, Account Rights and Privileges
- active logon sessions, listing, User Logon Steps
- active probes, Registry Change Monitoring
- ActiveX controls, WMI Architecture
- address mapping, Virtual Memory
- address ordering, Data Structures
- address sharing, restricting, Winsock Kernel
- address space, Virtual Memory, Wow64, Stage 3A: Setting Up the EPROCESS Object
- for Wow64 processes, Wow64
- initial process, Stage 3A: Setting Up the EPROCESS Object
- layout, Virtual Memory
- Address Windowing Extension (AWE), Virtual Memory
- addresses, Winsock Extensions, Network Load Balancing
- (see also IP addresses)
- well-known, Winsock Extensions
- AdjustBoost dispatch events, Boosts Due to Scheduler/Dispatcher Events
- AdjustBoost priority boosts, Applying Boosts
- AdjustUnwait dispatch events, Priority Boosts
- AdjustUnwait priority boosts, Priority Boosts for CPU Starvation
- Admin Approval Mode (AAM), Running with Administrator Rights
- administrative rights, User Account Control and Virtualization, Registry Virtualization, Running with Administrator Rights, Running with Administrator Rights
- operations requiring, Registry Virtualization
- requesting, Running with Administrator Rights
- running with, Running with Administrator Rights
- Administrator account name, Security Identifiers
- administrators, Account Rights and Privileges, Privileges
- Bypass Traverse Checking privilege, Privileges
- privileges assignment, Account Rights and Privileges
- admission control, QoS
- ADSI (Active Directory Service Interfaces), Remote Access
- Advanced Local Procedure Call (ALPC), Executive (see ALPC (Advanced Local Procedure Call))
- Advanced Security Settings dialog box, Determining Access, Determining Access
- Effective Permissions tab, Determining Access
- Permissions tab, Determining Access
- Advanced Settings dialog box Adapters And Bindings
tab, QoS
- Advapi32.dll, Architecture Overview, API Sets, Protected Processes
- process-creation routines, Protected Processes
- virtual DLL files, API Sets
- AFD (Ancillary Function Driver), Extending Winsock
- affinity masks, Symmetric Multiprocessing, Thread Selection, NUMA Systems, Logical Processor State, Affinity, Affinity
- (see also processor affinity)
- extended, Affinity
- process, Affinity
- restricting to specific node, NUMA Systems
- thread, Logical Processor State
- affinity policy, interrupts, Software Interrupt Request Levels (IRQLs)
- alertable wait state, Asynchronous Procedure Call Interrupts
- ALPC (Advanced Local Procedure Call), Executive, Session Manager (Smss), Windows Global Flags, Windows Global Flags, Connection Model, Connection Model, Message Model, Message Model, Message Model, Message Model, Message Model, Asynchronous Operation, Asynchronous Operation, Asynchronous Operation, Asynchronous Operation, Views, Regions, and Sections, Views, Regions, and Sections, Views, Regions, and Sections, Views, Regions, and Sections, Blobs, Handles, and Resources, Blobs, Handles, and Resources, Security, Security, Debugging and Tracing, Debugging and Tracing
- asynchronous operation, Message Model
- attributes, Views, Regions, and Sections
- blobs, Views, Regions, and Sections
- completion list, Message Model
- connection model, Connection Model
- debugging, Debugging and Tracing
- handle table, Blobs, Handles, and Resources
- handles, Views, Regions, and Sections
- message model, Message Model
- message queues, Message Model
- message zones, Security
- performance, Security
- port creation, Session Manager (Smss)
- ports, Connection Model, Message Model
- regions, Asynchronous Operation
- resources, Views, Regions, and Sections
- sections, Asynchronous Operation
- security, Asynchronous Operation, Blobs, Handles, and Resources
- tracing, Debugging and Tracing
- uses, Windows Global Flags
- views, Asynchronous Operation
- altitudes of registry callbacks, Stable Storage
- AMD-V Rapid Virtualization Indexing (RVI), Memory Virtualization
- Ancillary Function Driver (AFD), Extending Winsock
- ANSI character text strings, converting to
Unicode, Registry
- antivirus products, use of callback
mechanism, Stable Storage
- APC boosts, Unwait Boosts
- APC delivery, Keyed Events, Fast Mutexes and Guarded Mutexes, Wow64 Process Address Space Layout
- disabling, Keyed Events, Fast Mutexes and Guarded Mutexes
- in Wow64, Wow64 Process Address Space Layout
- APC interrupt level, Software Interrupt Request Levels (IRQLs), Stage 7: Performing Process Initialization in the Context of
the New Process, Interrupt Levels vs. Priority Levels
- APC objects, Dispatch or Deferred Procedure Call (DPC)
Interrupts
- APC queue, Dispatch or Deferred Procedure Call (DPC)
Interrupts
- APCs (asynchronous procedure calls), Dispatch or Deferred Procedure Call (DPC)
Interrupts, Dispatch or Deferred Procedure Call (DPC)
Interrupts, Asynchronous Procedure Call Interrupts, Reserve Objects, Stage 4: Creating the Initial Thread and Its Stack and
Context, Priority Boosts, Lock Ownership Boosts, Priority Boosts for Multimedia Applications and Games, Choosing a Processor for a Thread When There Are Idle
Processors, Per-Session CPU Quota Blocks, Per-Session CPU Quota Blocks, Charging of Cycles to Throttled Threads, Resuming Execution, RPC Operation
- CPU quota enforcement, Charging of Cycles to Throttled Threads
- disabling, Dispatch or Deferred Procedure Call (DPC)
Interrupts
- insertion and delivery behavior, Asynchronous Procedure Call Interrupts
- pending, Priority Boosts for Multimedia Applications and Games, Choosing a Processor for a Thread When There Are Idle
Processors
- per-process CPU Quota APC structure, Per-Session CPU Quota Blocks
- per-thread, Per-Session CPU Quota Blocks, Resuming Execution
- queuing to thread, Priority Boosts
- rate control, Stage 4: Creating the Initial Thread and Its Stack and
Context
- signaling code implementation, Lock Ownership Boosts
- User APC reserve object, Reserve Objects
- API redirection, Image Loader, Post-Import Process Initialization
- for application compatibility, Post-Import Process Initialization
- image loader support, Image Loader
- API Sets, Image Loader, SwitchBack
- image loader support, Image Loader
- APIC (Advanced Programmable Interrupt
Controller), Hardware Interrupt Processing, Hardware Interrupt Processing, x64 Interrupt Controllers, Software Interrupt Request Levels (IRQLs), Synthetic Devices
- architecture, Hardware Interrupt Processing
- interrupt assignment, Software Interrupt Request Levels (IRQLs)
- viewing, x64 Interrupt Controllers
- virtualizing, Synthetic Devices
- APIs, Post-Import Process Initialization, SwitchBack, Protocol Drivers
- application-compatibility risks, Post-Import Process Initialization
- categorization, SwitchBack
- separating from underlying protocols, Protocol Drivers
- AppID, Controlling UAC Behavior, AppLocker
- certificate verification, AppLocker
- application desktop, Logon
- application failures, troubleshooting, Process Monitor Internals
- application layer in OSI reference model, The OSI Reference Model
- application load failures, Import Parsing, Post-Import Process Initialization
- application manifests, Post-Import Process Initialization, Requesting Administrative Rights
- execution level information, Requesting Administrative Rights
- version-specific GUIDs in, Post-Import Process Initialization
- application setup programs, Services, Services
- service initialization, Services
- service registration, Services
- application start cursor, Stage 5: Performing Windows Subsystem–Specific
Post-Initialization
- application-compatibility flags, Requesting Administrative Rights
- application-compatibility shims, File System and Registry Virtualization
- applications, Environment Subsystems and Subsystem DLLs, Windows Subsystem, Timer Processing, Object Directories, Registry Redirection, Native Support, Native Support, Image Loader, SwitchBack, Viewing and Changing the Registry, Registry Usage, Process Monitor Internals, Process Monitor Internals, Process Monitor Troubleshooting Techniques, Process Monitor Troubleshooting Techniques, The Registry Namespace and Operation, Windows Diagnostic Infrastructure, Stage 5: Performing Windows Subsystem–Specific
Post-Initialization, Thread Scheduling, Dynamic Processor Addition and Replacement, Access Checks, User Account Control and Virtualization, User Account Control and Virtualization, User Account Control and Virtualization, Running with Administrator Rights, Controlling UAC Behavior, Controlling UAC Behavior, Extending Winsock, RPC Operation, Background Intelligent Transfer Service, Location and Topology
- administrative rights, requesting, Running with Administrator Rights
- affinity updates, Dynamic Processor Addition and Replacement
- AppIDs, Controlling UAC Behavior
- buffer overflows, Process Monitor Troubleshooting Techniques
- compatibility levels, SwitchBack
- debugging startup, Image Loader
- dynamic configuration, Location and Topology
- group-aware, Thread Scheduling
- I/O control functions, Registry Redirection
- identification for security
purposes, Controlling UAC Behavior
- initialization, Native Support
- nonadministrative, User Account Control and Virtualization
- notification of registry changes, Process Monitor Internals
- peer-to-peer support, Background Intelligent Transfer Service
- private objects, Access Checks
- problem diagnosis requests, Windows Diagnostic Infrastructure
- registry key creation, The Registry Namespace and Operation
- registry settings, Registry Usage
- registry settings, locating, Process Monitor Internals
- response times, Timer Processing
- RPC, RPC Operation
- single-instancing, Object Directories
- standard user rights, running with, User Account Control and Virtualization
- startup, Viewing and Changing the Registry
- subsystem DLL calls, Environment Subsystems and Subsystem DLLs
- unprivileged user accounts, running in, Process Monitor Troubleshooting Techniques
- user data, saving, User Account Control and Virtualization
- USER function calls, Windows Subsystem
- user-mode execution, Native Support
- virtualization, Stage 5: Performing Windows Subsystem–Specific
Post-Initialization
- Winsock functions, access to, Extending Winsock
- AppLocker, Security System Components, The AuthZ API, Application Identification (AppID), AppLocker, AppLocker, AppLocker, AppLocker, AppLocker, AppLocker, AppLocker
- auditing mode, AppLocker
- CBAC use, The AuthZ API
- conditional ACEs, Application Identification (AppID), AppLocker
- PowerShell commands, AppLocker
- registry change notifications, AppLocker
- rules, AppLocker
- storage location of rules, AppLocker
- APs (authentication protocols), Assured Authentication
- arbiters, Software Interrupt Request Levels (IRQLs)
- argument table, System Service Dispatching
- artificial wait state, CPU Rate Limits
- ASMP (asymmetric multiprocessing), Portability
- assembly language, Portability
- ASSERT checks, Checked Build
- association classes, The WMI Namespace
- Assured Authentication, User Logon Steps
- asymmetric multiprocessing (ASMP), Portability
- asynchronous callbacks, for change
notifications, Viewing and Changing the Registry
- asynchronous events, interrupts, Trap Dispatching
- (see also interrupts)
- asynchronous execution, Run Once Initialization
- asynchronous file transfer, Background Intelligent Transfer Service
- asynchronous messaging, Message Model, Security
- message zones, Security
- asynchronous notifications, Message Model
- asynchronous procedure calls (APCs), Dispatch or Deferred Procedure Call (DPC)
Interrupts (see APCs (asynchronous procedure calls))
- asynchronous RPC, RPC Operation
- atomic lock operations, Fast Mutexes and Guarded Mutexes
- attributes, Views, Regions, and Sections, Stage 1: Converting and Validating Parameters and Flags, The AuthZ API, Offline Files
- ALPC, Views, Regions, and Sections
- cacheable, Offline Files
- CBAC, The AuthZ API
- process, Stage 1: Converting and Validating Parameters and Flags
- Audio Device Graph process (Audiodg.exe), Protected Processes
- Audit Log, Security Descriptors and Access Control
- Audit Object Access policy, Security Auditing
- audit records, Security Auditing, Security Auditing, Security Auditing, Security Auditing
- ACEs in, Security Auditing
- flow of, Security Auditing
- generation, Security Auditing
- object-access, Security Auditing
- auditing, Security Auditing, Security Auditing, Security Auditing, Security Auditing, Security Auditing, Advanced Audit Policy Settings
- advanced policy settings, Advanced Audit Policy Settings
- audit events, generating, Security Auditing
- Audit Object Access policy, Security Auditing
- local system policies, Security Auditing
- mechanisms for, Security Auditing
- policy configuration, Security Auditing
- AuditPol command, Global Audit Policy
- AuditQueryGlobalSacl API, Global Audit Policy
- AuditSetGlobalSacl API, Global Audit Policy
- authentication, Local Session Manager (Lsm.exe), Logon, Winlogon Initialization, Winlogon Initialization, Winlogon Initialization, User Logon Steps, User Logon Steps, User Logon Steps, User Logon Steps, Assured Authentication, Assured Authentication, RPC Operation, RPC Operation
- Assured Authentication, User Logon Steps
- biometric framework, Assured Authentication
- certificate-based, Assured Authentication
- credential providers, Local Session Manager (Lsm.exe)
- Kerberos, User Logon Steps
- levels, RPC Operation
- MSV1_0, Winlogon Initialization
- network communication, RPC Operation
- password-based, Winlogon Initialization
- remote, User Logon Steps
- smartcard, User Logon Steps
- user, Logon, Winlogon Initialization
- authentication packages, Security System Components, Logon, Winlogon Initialization
- for user logon, Winlogon Initialization
- authentication protocols (APs), Assured Authentication
- authentication services, RPC Operation
- AuthIP, Internet Protocol Security, Internet Protocol Security
- authorization, Determining Access
- AuthZ Windows API, Access Checks, Determining Access
- AUTHZ_CLIENT_CONTEXT, Determining Access
- auto-elevation, Requesting Administrative Rights
- auto-start services, Services, Interactive Services and Session 0 Isolation, The Service Control Manager, Service Startup, Service Startup
- dependencies, Service Startup
- Autochk.exe, Session Manager (Smss)
- automated problem detection, Windows Diagnostic Infrastructure
- (see also WDI (Windows Diagnostic Infrastructure))
- availability, Distributed File System Namespace
- AWE (Address Windowing Extension), Virtual Memory