Providing user on computer operating system with full privileges token and limited privileges token

Assignee

• Microsoft Corporation · US

Inventors

• Jeffrey B. Hamblin · Redmond, US
• Jonathan Schwartz · Seattle, US
• Kedarnath A. Dubhashi · Redmond, US
• Klaus Schutz · Kirkland, US
• Peter T. Brundrett · Seattle, US
• Richard B. Ward · Redmond, US
• Thomas C. Jones · Columbia, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2149
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.