Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing 1 / converted Edition James Forshaw

Windows Security Internals: A Deep Dive into
Windows Authentication, Authorization, and
Auditing 1 / converted Edition James Forshaw
download
https://textbookfull.com/product/windows-security-internals-a-
deep-dive-into-windows-authentication-authorization-and-
auditing-1-converted-edition-james-forshaw/
Download more ebook from https://textbookfull.com

We believe these products will be a great fit for you. Click
the link to download now, or visit textbookfull.com
to discover even more!
Windows Security Internals - A Deep Dive into Windows
Authentication, Authorization, and Auditing (for True
Epub) 1st Edition James Forshaw
https://textbookfull.com/product/windows-security-internals-a-
deep-dive-into-windows-authentication-authorization-and-auditing-
for-true-epub-1st-edition-james-forshaw/
Windows Security Internals 1 / converted Edition James
Forshaw
https://textbookfull.com/product/windows-security-
internals-1-converted-edition-james-forshaw/
Biota Grow 2C gather 2C cook Loucas
https://textbookfull.com/product/biota-grow-2c-gather-2c-cook-
loucas/
Windows Internals Part 1 7th Edition Pavel Yosifovich
https://textbookfull.com/product/windows-internals-part-1-7th-
edition-pavel-yosifovich/

Database Internals A Deep Dive into How Distributed
Data Systems Work Alex Petrov
https://textbookfull.com/product/database-internals-a-deep-dive-
into-how-distributed-data-systems-work-alex-petrov/
Windows Internals Part 2 Developer Reference 7th
Edition Russinovich
https://textbookfull.com/product/windows-internals-
part-2-developer-reference-7th-edition-russinovich/
Deep Learning on Windows: Building Deep Learning
Computer Vision Systems on Microsoft Windows Thimira
Amaratunga
https://textbookfull.com/product/deep-learning-on-windows-
building-deep-learning-computer-vision-systems-on-microsoft-
windows-thimira-amaratunga/
Deep Learning on Windows Building Deep Learning
Computer Vision Systems on Microsoft Windows 1st
Edition Thimira Amaratunga
https://textbookfull.com/product/deep-learning-on-windows-
building-deep-learning-computer-vision-systems-on-microsoft-
windows-1st-edition-thimira-amaratunga/
FOR500 1 Windows Digital Forensics and Advanced Data
Triage FOR500 2 Core Windows Forensics Part 1 Windows
Registry Forensics and Analysis Sans Institute
https://textbookfull.com/product/for500-1-windows-digital-
forensics-and-advanced-data-triage-for500-2-core-windows-
forensics-part-1-windows-registry-forensics-and-analysis-sans-

CONTENTS IN DETAIL
TITLE PAGE
COPYRIGHT
DEDICATION
ABOUT THE AUTHOR AND TECHNICAL REVIEWER
FOREWORD
ACKNOWLEDGMENTS
INTRODUCTION
Who Is This Book For?
What Is in This Book?
PowerShell Conventions Used in This Book
Getting in Touch
PART I: AN OVERVIEW OF THE
WINDOWS OPERATING SYSTEM
1
SETTING UP A POWERSHELL TESTING ENVIRONMENT
Choosing a PowerShell Version
Configuring PowerShell
An Overview of the PowerShell Language
Understanding Types, Variables, and Expressions
Executing Commands
Discovering Commands and Getting Help
Defining Functions
Displaying and Manipulating Objects

Filtering, Ordering, and Grouping Objects
Exporting Data
Wrapping Up
2
THE WINDOWS KERNEL
The Windows Kernel Executive
The Security Reference Monitor
The Object Manager
Object Types
The Object Manager Namespace
System Calls
NTSTATUS Codes
Object Handles
Query and Set Information System Calls
The Input/Output Manager
The Process and Thread Manager
The Memory Manager
NtVirtualMemory Commands
Section Objects
Code Integrity
Advanced Local Procedure Call
The Configuration Manager
Worked Examples
Finding Open Handles by Name
Finding Shared Objects
Modifying a Mapped Section
Finding Writable and Executable Memory
Wrapping Up
3
USER-MODE APPLICATIONS
Win32 and the User-Mode Windows APIs
Loading a New Library
Viewing Imported APIs
Searching for DLLs
The Win32 GUI
GUI Kernel Resources
Window Messages
Console Sessions
Comparing Win32 APIs and System Calls
Win32 Registry Paths
Opening Keys
Listing the Registry’s Contents
DOS Device Paths
Path Types

Maximum Path Lengths
Process Creation
Command Line Parsing
Shell APIs
System Processes
The Session Manager
The Windows Logon Process
The Local Security Authority Subsystem
The Service Control Manager
Worked Examples
Finding Executables That Import Specific APIs
Finding Hidden Registry Keys or Values
Wrapping Up
PART II: THE WINDOWS SECURITY
REFERENCE MONITOR
4
SECURITY ACCESS TOKENS
Primary Tokens
Impersonation Tokens
Security Quality of Service
Explicit Token Impersonation
Converting Between Token Types
Pseudo Token Handles
Token Groups
Enabled, EnabledByDefault, and Mandatory
LogonId
Owner
UseForDenyOnly
Integrity and IntegrityEnabled
Resource
Device Groups
Privileges
Sandbox Tokens
Restricted Tokens
Write-Restricted Tokens
AppContainer and Lowbox Tokens
What Makes an Administrator User?
User Account Control
Linked Tokens and Elevation Type
UI Access
Virtualization
Security Attributes
Creating Tokens

Token Assignment
Assigning a Primary Token
Assigning an Impersonation Token
Worked Examples
Finding UI Access Processes
Finding Token Handles to Impersonate
Removing Administrator Privileges
Wrapping Up
5
SECURITY DESCRIPTORS
The Structure of a Security Descriptor
The Structure of a SID
Absolute and Relative Security Descriptors
Access Control List Headers and Entries
The Header
The ACE List
Constructing and Manipulating Security Descriptors
Creating a New Security Descriptor
Ordering the ACEs
Formatting Security Descriptors
Converting to and from a Relative Security Descriptor
The Security Descriptor Definition Language
Worked Examples
Manually Parsing a Binary SID
Enumerating SIDs
Wrapping Up
6
READING AND ASSIGNING SECURITY DESCRIPTORS
Reading Security Descriptors
Assigning Security Descriptors
Assigning a Security Descriptor During Resource Creation
Assigning a Security Descriptor to an Existing Resource
Win32 Security APIs
Server Security Descriptors and Compound ACEs
A Summary of Inheritance Behavior
Worked Examples
Finding Object Manager Resource Owners
Changing the Ownership of a Resource
Wrapping Up
7
THE ACCESS CHECK PROCESS
Running an Access Check
Kernel-Mode Access Checks

User-Mode Access Checks
The Get-NtGrantedAccess PowerShell Command
The Access Check Process in PowerShell
Defining the Access Check Function
Performing the Mandatory Access Check
Performing the Token Access Check
Performing the Discretionary Access Check
Sandboxing
Restricted Tokens
Lowbox Tokens
Enterprise Access Checks
The Object Type Access Check
The Central Access Policy
Worked Examples
Using the Get-PSGrantedAccess Command
Calculating Granted Access for Resources
Wrapping Up
8
OTHER ACCESS CHECKING USE CASES
Traversal Checking
The SeChangeNotifyPrivilege Privilege
Limited Checks
Handle Duplication Access Checks
Sandbox Token Checks
Automating Access Checks
Worked Examples
Simplifying an Access Check for an Object
Finding Writable Section Objects
Wrapping Up
9
SECURITY AUDITING
The Security Event Log
Configuring the System Audit Policy
Configuring the Per-User Audit Policy
Audit Policy Security
Configuring the Resource SACL
Configuring the Global SACL
Worked Examples
Verifying Audit Access Security
Finding Resources with Audit ACEs
Wrapping Up

PART III: THE LOCAL SECURITY
AUTHORITY AND AUTHENTICATION
10
WINDOWS AUTHENTICATION
Domain Authentication
Local Authentication
Enterprise Network Domains
Domain Forests
Local Domain Configuration
The User Database
The LSA Policy Database
Remote LSA Services
The SAM Remote Service
The Domain Policy Remote Service
The SAM and SECURITY Databases
Accessing the SAM Database Through the Registry
Inspecting the SECURITY Database
Worked Examples
RID Cycling
Forcing a User‘s Password Change
Extracting All Local User Hashes
Wrapping Up
11
ACTIVE DIRECTORY
A Brief History of Active Directory
Exploring an Active Directory Domain with PowerShell
The Remote Server Administration Tools
Basic Forest and Domain Information
The Users
The Groups
The Computers
Objects and Distinguished Names
Enumerating Directory Objects
Accessing Objects in Other Domains
The Schema
Inspecting the Schema
Accessing the Security Attributes
Security Descriptors
Querying Security Descriptors of Directory Objects
Assigning Security Descriptors to New Directory Objects
Assigning Security Descriptors to Existing Objects
Inspecting a Security Descriptor’s Inherited Security
Access Checks

Creating Objects
Deleting Objects
Listing Objects
Reading and Writing Attributes
Checking Multiple Attributes
Analyzing Property Sets
Inspecting Control Access Rights
Analyzing Write-Validated Access Rights
Accessing the SELF SID
Performing Additional Security Checks
Claims and Central Access Policies
Group Policies
Worked Example
Building the Authorization Context
Gathering Object Information
Running the Access Check
Wrapping Up
12
INTERACTIVE AUTHENTICATION
Creating a User’s Desktop
The LsaLogonUser API
Local Authentication
Domain Authentication
Logon and Console Sessions
Token Creation
Using the LsaLogonUser API from PowerShell
Creating a New Process with a Token
The Service Logon Type
Worked Examples
Testing Privileges and Logon Account Rights
Creating a Process in a Different Console Session
Authenticating Virtual Accounts
Wrapping Up
13
NETWORK AUTHENTICATION
NTLM Network Authentication
NTLM Authentication Using PowerShell
The Cryptographic Derivation Process
Pass-Through Authentication
Local Loopback Authentication
Alternative Client Credentials
The NTLM Relay Attack
Attack Overview
Active Server Challenges

Signing and Sealing
Target Names
Channel Binding
Worked Example
Overview
The Code Module
The Server Implementation
The Client Implementation
The NTLM Authentication Test
Wrapping Up
14
KERBEROS
Interactive Authentication with Kerberos
Initial User Authentication
Network Service Authentication
Performing Kerberos Authentication in PowerShell
Decrypting the AP-REQ Message
Decrypting the AP-REP Message
Cross-Domain Authentication
Kerberos Delegation
Unconstrained Delegation
Constrained Delegation
User-to-User Kerberos Authentication
Worked Examples
Querying the Kerberos Ticket Cache
Simple Kerberoasting
Wrapping Up
15
NEGOTIATE AUTHENTICATION AND OTHER SECURITY
PACKAGES
Security Buffers
Using Buffers with an Authentication Context
Using Buffers with Signing and Sealing
The Negotiate Protocol
Less Common Security Packages
Secure Channel
CredSSP
Remote Credential Guard and Restricted Admin Mode
The Credential Manager
Additional Request Attribute Flags
Anonymous Sessions
Identity Tokens
Network Authentication with a Lowbox Token
Authentication with the Enterprise Authentication Capability

Authentication to a Known Web Proxy
Authentication with Explicit Credentials
The Authentication Audit Event Log
Worked Examples
Identifying the Reason for an Authentication Failure
Using a Secure Channel to Extract a Server’s TLS Certificate
Wrapping Up
Final Thoughts
A
BUILDING A WINDOWS DOMAIN NETWORK FOR
TESTING
The Domain Network
Installing and Configuring Windows Hyper-V
Creating the Virtual Machines
The PRIMARYDC Server
The GRAPHITE Workstation
The SALESDC Server
B
SDDL SID ALIAS MAPPING
INDEX

WINDOWS SECURITY
INTERNALS
A Deep Dive into Windows
Authentication,
Authorization, and Auditing
by James Forshaw
San Francisco

WINDOWS SECURITY INTERNALS. Copyright © 2024 by James Forshaw.
All rights reserved. No part of this work may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopying,
recording, or by any information storage or retrieval system, without the prior
written permission of the copyright owner and the publisher.
First printing
ISBN-13: 978-1-7185-0198-0 (print)
ISBN-13: 978-1-7185-0199-7 (ebook)
Published by No Starch Press®, Inc.
245 8th Street, San Francisco, CA 94103
phone: +1.415.863.9900
www.nostarch.com; info@nostarch.com
Publisher: William Pollock
Managing Editor: Jill Franklin
Production Manager: Sabrina Plomitallo-González
Production Editor: Sydney Cromwell
Developmental Editors: Alex Freed and Frances Saux
Cover Illustrator: Garry Booth
Interior Design: Octopod Studios
Technical Reviewer: Lee Holmes
Copyeditor: Rachel Head
Proofreader: Audrey Doyle
Indexer: BIM Creatives, LLC
Library of Congress Cataloging-in-Publication Data
Name: Forshaw, James, author.
Title: Windows security internals / James Forshaw.
Description: San Francisco : No Starch Press, [2024] | Includes index. |
Identifiers: LCCN 2023040842 (print) | LCCN 2023040843 (ebook) | ISBN
9781718501980 (print) | ISBN 9781718501997 (ebook)
Subjects: LCSH: Computer security. | Microsoft Windows (Computer file) | Computer
networks—Security measures.
Classification: LCC QA76.9.A25 F65655 2024 (print) | LCC QA76.9.A25 (ebook) | DDC
005.8—dc23/eng/20231208
LC record available at https://lccn.loc.gov/2023040842
LC ebook record available at https://lccn.loc.gov/2023040843
For customer service inquiries, please contact info@nostarch.com. For
information on distribution, bulk sales, corporate sales, or translations:
sales@nostarch.com. For permission to translate this work:
rights@nostarch.com. To report counterfeit copies or piracy:
counterfeit@nostarch.com.

No Starch Press and the No Starch Press logo are registered trademarks of No
Starch Press, Inc. Other product and company names mentioned herein may be
the trademarks of their respective owners. Rather than use a trademark symbol
with every occurrence of a trademarked name, we are using the names only in
an editorial fashion and to the benefit of the trademark owner, with no
intention of infringement of the trademark.
The information in this book is distributed on an “As Is” basis, without
warranty. While every precaution has been taken in the preparation of this
work, neither the author nor No Starch Press, Inc. shall have any liability to
any person or entity with respect to any loss or damage caused or alleged to be
caused directly or indirectly by the information contained in it.

Dedicated to my amazing wife, Huayi, and my little Jacob,
without whom I would never get anything done.

About the Author
James Forshaw is a renowned computer security expert on
Google’s Project Zero team. In his more than 20 years of
experience analyzing and exploiting security issues in
Microsoft Windows and other products, he has discovered
hundreds of publicly disclosed vulnerabilities in Microsoft
platforms. Others frequently cite his research, which he
presents in blogs, on the world stage, or through novel
tooling, and he has inspired numerous researchers in the
industry. When not breaking the security of other products,
James works as a defender, advising teams on their
security design and improving the Chromium Windows
sandbox to secure billions of users worldwide.
About the Technical Reviewer
Lee Holmes is a security architect in Azure security, an
original developer on the PowerShell team, a fanatical
hobbyist, and the author of The PowerShell Cookbook
(O’Reilly Media, 2010). You can find him on Mastodon
(@Lee_Holmes@infosec.exchange), as well as on his
personal website (https://leeholmes.com).

FOREWORD
A Microsoft Technical Fellow once told me he had never
met someone who understood how the security of the
Windows operating system actually worked. While I don’t
think he was right (and plan to send him a copy of this book
to prove it), he had a point. Though critical, there is no
doubt that Windows security is complex.
One of the reasons for this is related to the core
architectural difference between Linux and Windows. Linux
is a file-oriented operating system, while Windows is API
oriented, and though APIs can provide a much richer set of
capabilities, they come at the expense of simplicity. So,
exploring an API-oriented operating system is more
difficult. You need to read the API documentation, write
code, compile and run it, and debug the results.
This is a very time-consuming loop, and it’s why so few
people have a deep understanding of how Windows security
works—it’s just too hard to explore.
It was because of these problems that I invented
PowerShell. I wanted administrators to automate Windows
and had originally tried to do so by distributing Unix tools
for free. (Remember Windows Services for Unix?) This
failed because Unix tools work on files, while everything
important in Windows lives behind an API. Thus, awk didn’t
work against the registry, grep didn’t work against Windows
Management Instrumentation (WMI), sed didn’t work
against Active Directory, and so on. What we needed was

an API-oriented command line interface and scripting tool.
So, I created PowerShell.
Today, James is using PowerShell to address the
difficulty of acquiring Windows security expertise; he has
made the system explorable. Step one: install his
PowerShell module, NTObjectManager, which provides over
550 cmdlets to experiment with all aspects of Windows
security. This hands-on exploration will allow you to
understand how things really work.
This book belongs on the desk of every security
professional and developer working with Windows security.
Part I provides an overview of Windows security’s
architecture, Part II covers the details of the operating
system’s security mechanisms and services, and Part III
explores the various aspects of Windows authentication.
Each chapter includes a set of PowerShell examples.
I strongly encourage you to follow the examples
provided; exploration turns words into experience, and
experience is the foundation of competence. Run the
commands, make intentional mistakes, and see what errors
you get. In doing so, you’ll acquire a deep understanding of
the system.
And trust me: it will be fun.
Jeffrey Snover
Inventor of PowerShell, former chief architect for Windows
Server, and former Microsoft Technical Fellow

ACKNOWLEDGMENTS
Few books are written in complete isolation, and this one
certainly doesn’t break that mold. I’d like to take the
opportunity to thank some of the many people who have
contributed to making this tome a reality. I apologize to
anyone I’ve forgotten.
I must start by acknowledging the contribution of my
wife, Huayi, who cheers me up when I’m down and kicks
me (metaphorically) when I’m being lazy. Without her by
my side, the past few years would have been much less
agreeable. The rest of my family are just as important;
without them, my life would be so very different.
Next, I’d like to thank my technical reviewer, Lee
Holmes, who has made the review a valuable experience,
teaching me many PowerShell tricks I didn’t know existed
and providing important feedback on the structure and
content.
I’m not the only person doing significant research on
Windows. While there are far too many to list here, I’d like
to acknowledge the following people who have made
important contributions to my work. First is Alex Ionescu,
well-known Windows internals guru and my sometimes
collaborator (or competitor), who always seems to know
some weird bit of operating system esoterica. Then there
are the many practitioners of Windows enterprise security
research and testing, such as Lee Christensen, Will
Schroeder, and Nick Landers. They’ve been important

sounding boards for my understanding of software like
Active Directory and Kerberos and have actively tested and
contributed to my tooling projects.
I’d be remiss not to mention the amazing researchers
from my more formative years, especially Pete and Rich;
you know who you are. Also, I’d like to thank Rob and his
team for looking at early drafts of my book’s chapters and
providing valuable feedback.
My relationship with Microsoft has had its ups and
downs. That said, I’d like to thank many of its current and
former employees who have helped me along the way. This
includes Katie Moussouris, who was instrumental in
convincing me that it pays to find bugs in Microsoft
products. Without her friendship and contributions, I doubt
I’d be as successful as I am today. Then there’s Nate
Warfield, who for many years was my point of contact at
the Microsoft Security Response Center (MSRC), where he
shielded me from much of the company’s party politics and
ensured the bugs I reported got fixed in a timely manner.
Finally, I’d like to thank current MSRC representatives,
including Nic Fillingham and Stephanie Calabrese, for
helping me when I need to contact someone deep inside the
beast, and for providing me with swag.
Special thanks to my Google colleagues, who support
me in making and breaking things on Windows. This
includes the entirety of the current Google Project Zero
team and its alumni: the best set of security researchers
you’ll likely ever find in a single room, or even two. Then
there’s Will Harris, my friend and colleague on the
Chromium Windows sandbox team, who asked me many of
the questions about Windows security on which this book is
based. Finally, thanks to Heather Adkins, who was
instrumental in my being allowed to write a book of this
nature while keeping a job at Google.
I’d also like to thank everyone at No Starch Press who
has worked on this book and been patient with me:

especially Alex Freed, my longtime editor, who
unfortunately left before this book was published, and
Frances Saux, who became my new editor after Alex’s
departure and pulled this book, kicking and screaming, to
completion. Finally, I must thank Bill Pollock, who is a good
friend and always has amazing advice on the book writing
process, as well as the latest recommendations for
incredible restaurants.
I don’t have the space here to name everyone, but to
wrap up I’d like to express my gratitude to all the friends
and colleagues who contribute massively every day to my
life and success. Thanks also to you, for picking up my
book. I hope you find the information about Windows
security contained herein to be useful.

INTRODUCTION
Hundreds of millions of devices
use the Microsoft Windows
platform. Many of the world’s largest
companies rely on its security to protect
their data and communications, as does
anyone hosting their code in the Azure
cloud. But because Windows is so
important to the security of the modern
internet, it’s also a popular target for
attack.
The Windows NT operating system began including
security in its design in 1993, when it introduced user
accounts, control over resources, and remote access from a
network. In the more than 20 years since then, much has
changed in Windows security. Microsoft has replaced its
original authentication process with modern technology,
granted the access control mechanism additional
capabilities, and significantly hardened the platform
against attack.
Today, the security of the Windows platform is
surprisingly complex, and many attacks rely on abusing this

complexity. Unfortunately, Microsoft’s documentation in
this area can be lacking. As Windows is not open source,
sometimes the only way to understand its security is
through deep research and analysis.
This is where I come in. I’ve spent more than 20 years
as a developer and security researcher on Windows
platforms, cultivating an understanding of the operating
system’s undocumented corners. In this book, I share some
of my extensive expertise in an easy-to-understand form. By
mastering the principles of Windows security, you’ll be able
to kick-start your own research project or improve your
software product.

Who Is This Book For?
I wrote this book for people who work with Windows
security. Perhaps you’re a developer of Windows software
and want to ensure that your product is secure. Or maybe
you’re a system administrator tasked with securing
Windows across an enterprise and don’t fully understand
how various security features combine to protect the
platform. Or you might want to poke holes in the operating
system to find security vulnerabilities as a researcher.
This book assumes reasonable familiarity with the
Windows user interface and its basic operations, such as
manipulating files. That said, you don’t need to be a low-
level Windows expert: for those who need a little more
grounding, Chapters 2 and 3 provide an overview of the
operating system and how it’s put together.
I rely heavily on the use of PowerShell scripting, so
you’ll find it helpful to have some experience with the
language, as well as with the .NET framework on which it’s
based. To get you up to speed, Chapter 1 gives a very quick
overview of some of PowerShell’s features. Elsewhere, I’ll
do my best to avoid using esoteric features of the language,
to keep the code accessible to readers with knowledge of
other scripting languages or shell environments (such as
bash).
What Is in This Book?
In each chapter, we’ll cover core security features
implemented in modern versions of Windows. We’ll also
walk through several worked examples written in
PowerShell, which should give you a better understanding
of the commands introduced in the chapter. Here’s a brief
summary of what each chapter covers.
Part I surveys the Windows operating system from a
programming perspective. It should provide you with the

foundation needed to understand the material in the rest of
the book.
Chapter 1: Setting Up a PowerShell Testing
Environment In this chapter, you’ll set up PowerShell
to run the examples included in the subsequent
chapters. This includes installing a PowerShell module
I’ve written to interact with Windows and its security
features. The chapter also provides an overview of the
PowerShell scripting language.
Chapter 2: The Windows Kernel This chapter
covers the basics of the Windows kernel and its system
call interface, a topic crucial to developing a solid
understanding of Windows security. I also describe the
object manager, used to manage resources.
Chapter 3: User-Mode Applications Most
applications don’t directly use the system call interface
from the kernel; instead, they use a set of higher-level
programming interfaces. This chapter covers Windows
features such as file handling and the registry.
Part II covers the most important component of the
Windows kernel for security, the Security Reference
Monitor. We’ll look at all aspects of access control, from
constructing the user’s identity to securing an individual
resource, such as a file.
Chapter 4: Security Access Tokens Windows
assigns every running process an access token, which
represents the user’s identity to the system. This
chapter describes the various components stored in the
token that are used to check access.
Chapter 5: Security Descriptors Each securable
resource needs a description of who is allowed to
access it and what type of access they are granted. This
is the purpose of security descriptors. In this chapter,

we’ll cover their internal structure and how you can
create and manipulate them.
Chapter 6: Reading and Assigning Security
Descriptors To inspect the security of the system, you
need to be able to query the security descriptor of a
resource. This chapter explains how this querying
happens for different types of resources. It also covers
the many complex ways that Windows assigns security
descriptors to resources.
Chapter 7: The Access Check Process Windows
uses the access check to determine what access to
grant a user to a resource. This operation takes the
token and the security descriptor and follows an
algorithm to determine the granted access. This chapter
works through a PowerShell implementation of the
algorithm to explore its design in depth.
Chapter 8: Other Access Checking Use Cases
Although Windows primarily uses access checks to
grant access to resources, it sometimes uses them to
determine other security properties, such as the
visibility of resources and whether a process is running
with a low level of privilege. This chapter covers these
alternative use cases for the access check.
Chapter 9: Security Auditing The access check
process can also create logs of the resources a user has
accessed, and with what level of access. This chapter
covers these system auditing policies.
Part III contains details of Windows authentication, the
mechanisms that verify a user’s identity for the purposes of
access control.
Chapter 10: Windows Authentication As the topic
of authentication is quite complex, this chapter
summarizes the authentication structure and services

on which the rest of the authentication mechanisms
depend.
Chapter 11: Active Directory Windows 2000
introduced a new model for networking Windows
systems in an enterprise, with all authentication
information stored in a network directory that users and
administrators could query and modify. This chapter
covers how Active Directory stores information and
secures it from malicious modification.
Chapter 12: Interactive Authentication The most
common authentication scenario on Windows occurs
when a user enters their username and password into
their computer and gains access to the desktop. This
chapter covers how the operating system implements
this authentication process.
Chapter 13: Network Authentication When a user
wants to access a network service in a Windows
enterprise network, they typically must authenticate to
it. Windows provides special network protocols to
implement this authentication without disclosing the
user’s credentials to a potentially hostile network. This
chapter explains the network authentication process,
focusing on the New Technology LAN Manager (NTLM)
authentication protocol.
Chapter 14: Kerberos Along with Active Directory,
Windows 2000 also introduced the use of the open
Kerberos authentication protocol for enterprise network
authentication. This chapter explains how Kerberos
works in Windows to authenticate a user interactively
and over a network.
Chapter 15: Negotiate Authentication and Other
Security Packages Over the years, Windows has
added other types of network authentication protocols.
This chapter covers these new types, including

Negotiate, to supplement those discussed in Chapters
13 and 14.
Finally, the two appendices provide configuration
details and further resources.
Appendix A: Building a Windows Domain Network
for Testing To run some of the examples in the book,
you’ll need a Windows domain network. This appendix
provides some steps for using PowerShell to configure a
network for testing.
Appendix B: SDDL SID Alias Mapping This
appendix provides a table of constants referenced in
Chapter 5.
PowerShell Conventions Used in This Book
The PowerShell scripting language, which is included with
all versions of Windows, is one of the best ways to flexibly
experiment with the internals of the operating system
without needing to install much additional software. As
PowerShell is based on the .NET runtime, this book will use
a .NET library I’ve written for interacting with Windows,
making it easy to develop complex scripts. All example
scripts in the book will be available to download from
https://github.com/tyranid/windows-security-internals.
The PowerShell examples in each chapter follow a
common set of style conventions that should help you
understand how to use them. Each example is provided as a
listing, of which there are two types: interactive and non-
interactive. Interactive PowerShell listings are those you
should enter on the command line to observe the results.
Here is an example of an interactive listing:
❶ PS> ls C:
❷ Directory: C:
Mode LastWriteTime Length Name

---- ------------- ------ ----
d-r--- 4/17 11:45 AM Program Files
❸ --snip--
An interactive listing precedes each command to enter
with a PowerShell- style prompt (PS>) and shows the
command in bold ❶. You’ll see the resulting output below
the command ❷. Sometimes the output can be quite long,
so to save space, I use --snip-- to indicate that the output
has been truncated ❸. Also note that in some examples the
output is indicative; it might be subtly different depending
on your operating system or network configuration.
Most of the interactive listings are designed to be
executed from a normal user account. However, some must
run under an administrator account to access certain
protected features. If you don’t run the commands as an
administrator, the results won’t be correct. The text
preceding each listing will clarify whether you must run the
command as an administrator.
A non-interactive listing contains PowerShell code that
you can copy into a script file for reuse, like this:
function Get-Hello {
"Hello"
}
Non-interactive listings don’t include the PowerShell
prompt and aren’t in bold.
If you’ve written any scripts in PowerShell, you’ll know
that the language is notorious for verbose command and
parameter names. This makes it difficult to fit certain
commands on a single line in the book. Here is an example
of a long PowerShell line and a few ways the book might
split it to make it fit on the page:

PS> Get-ChildItem -LiteralPath "C:" -Filter "*.exe" -Recurs
e -Hidden
❶ -System -Depth 5 | Where-Object {
❷ $_.Name -eq "Hello"
}
The first line, using the Get-ChildItem command, is too
long to fit on the page, so it wraps onto a subsequent line
❶. You can’t just add a newline in the middle of such a
command, so when you’re entering it into the shell or a file,
you should treat it as a single line. The key indicator that
the line continues, instead of being part of the output, is
that there’s a bold character in the first column.
PowerShell can break long lines on certain characters,
such as the pipe (|), the comma (,), or braces ({}). In this
listing, I’ve added a newline following the opening brace ({)
and placed the subsequent commands in the braced block,
indented one level ❷. In this case, the shell will handle the
introduction of the new line. Note that the closing brace (})
is in the first column, so you might assume it needs to be
placed on the previous line. While moving the brace to the
previous line will still work in this specific case, it’s
unnecessary.
Note that the Windows operating system is still under
active development. While all the PowerShell examples
have been tested on the latest versions of Windows
available at the time of writing, there is a chance that new
security features will have been introduced, or older ones
deprecated, by the time you come to read this book. The
following is a list of the versions on which the examples
were tested, along with the major OS build number:
Windows 11 (OS build 22631)
Windows 10 (OS build 19045)
Windows Server 2022 (OS build 20384)
Windows Server 2019 (OS build 17763)

Random documents with unrelated
content Scribd suggests to you:

Rudinsky and her hasty toilet, and her hands on which the scrubbing brush
and paring knife had left their unmistakable marks.
I, of course, find that I was interested in the plot. Indeed, I read stories
principally for the fun of seeing how the events shape themselves at the
close. It doesn’t matter here that we are not told exactly what happened in
that conversation between Miss Ralston and David. We know that the
trouble was all smoothed out. Personally, I feel quite sure that David finally
took part in that school entertainment.
BLUE REEFERS
ELIZABETH ASHE is the pen name of Georgiana Pentlarge, a young and
promising story-writer, living in Boston.
A reefer properly belongs in the category useful. Even in its second or
third season of usefulness, it retains certain warm and comforting qualities.
How its sphere of endeavor may be extended to include a divine mission of
poetic justice, Miss Ashe unfolds in a delightfully humorous experience of
two little girls—one very pretty and habitually urbane, the other very
homely and rather crude. With reefers smothering all glories of Persian
lawn and fine silk slips, we have two little girls arrived at the height of
ecstatic self-forgetfulness in the excitement of giving a recitation for the
Christmas entertainment.
Complete satisfaction, too, is the reader’s. What a delightful chuckle he
gives over Aunt Emma’s chagrin at discovering that, in the matter of little
girls, golden hair and pink cheeks, or freckles and a 'jaw,' make very little
difference! Yet his chuckle, after all, is only an echo from an adult world, a
world suggested to Martha by the vague whisperings of Father and Mother
after she has gone to bed. Far more real is the world Miss Ashe has created,
where Miss Miriam’s black dress and gold cross present a charming but
insoluble mystery; where one is forced, however regretfully, to reconcile
cotton-batting with a Sunday-School Christmas tree, and where 'it is so nice
to be in things.'
Suggested Points for Study and Comment
1. Comment on the author’s use of detail. Does it create a real
atmosphere?

2. Is the author successful in her interpretation of the mind of the small
girl? Is the author’s own personality ever intruded? How is she able to
secure the larger view of the events that take place?
3. Is the climax made more or less effective by the children’s
unconsciousness of their act? Would you have preferred a more startling
dénouement?
4. Why is Luella sketched so lightly? Is the contrast only between the two
little girls?
5. How does Miss Miriam contribute to the interest in the story?
6. Comment on the skillful ending of the story.
THE DEBT
KATHLEEN CARMAN (Mrs. L. N. Dodge), a writer of interesting short
stories, lives in Evanston, Illinois. The Debt is her first contribution to The
Atlantic.
Certain of the old Flemish painters present a canvas which seems to
suggest that a peaceful meadow-land, a winding river, or a distant
mountain-slope, exists only as a background for the figure in which they are
interested. The relative importance is indicated by the proportions that make
the figure loom large and masterful within the scene. Miss Carman, too, has
cleared her canvas for the presentation of her figure; but her heroine is very
small, very insignificant, in the presence of greater realities of expansive
sea, cloud-fancies, or the rising moon. The interest of the story centres in
the relation between Nature—more exactly God in Nature—and patient,
plodding Sister Anne.
Nothing else matters. The problem itself is clear to Sister Anne; only the
solution is difficult. To one whose life has seen all the unloveliness of heavy
manual labor, there exists a pressing necessity to pay for the joy of living
that is in her: a strange, absorbing joy in the beauty that God has created.
Praise and prayer are not her instruments. A loving attendance at chapel and
early matins cannot translate her feelings. Love and worship must be
transmuted into the thing she knows—service.
The time comes. Simply, consciously, unquestioning, she risks her life to
return another’s to God—a small payment for what He has given her. The
problem is between them. Her devout companions may admire, the wealthy

landowner wonder; nothing can be given to this 'poor, lonely, ignorant, toil-
worn being, who in her starved existence had found more joy than she
could make return for.'
1. The reader will find it interesting to contrast the ways in which Sister
Anne and The Princess, in Miss Donnell’s story of The Princess of Make-
Believe, reconcile themselves to the drudgery of dish-washing and similar
tasks of kitchen routine.
2. What various manifestations of nature especially impressed Sister
Anne? What appeal did these make to her companions?
3. Do you regard the author’s prolonged analytical method of
characterization—as employed in the first part of the story—as the most
effective means of bringing the reader into an understanding of the deeper
personality of Sister Anne?
4. What special detail in this analysis most strongly impresses you?
5. What other method might have been adopted?
6. Characterize fully the spirit and the motive which impel Sister Anne’s
final deed of sacrifice. What impresses you as the finest element in her act?
7. Comment upon the author’s way of ending the story.
SETH MILES AND THE SACRED FIRE
Cornelia A. P. Comer, accomplished critic, essayist, and writer of short
stories, was educated at Vassar, and afterwards engaged in journalistic work
in the Middle West and California. She now lives in Seattle.
There are really three stories in one: Cynthia’s and Dick’s we put together
from suggestions; that of Seth Miles we know from his own detailed
narrative; Richard’s remains for our forming. All the details are woven into
a tale of one day. A day hot and sultry in itself is made to coincide with the
grumblings and self-pitying of a pampered son; both day and character are
cleared without the arrival of the threatened storm, and duty is made as
splendid and beautiful as the sun emerging from a darkened sky. A
dilettante, conceiving in his cultured self an appropriate offering from

Mammon to the Muses, learns that even the heir of millions has work to do.
The place and the teacher emphasize the greatness of the lesson. There is
little doubt in the reader’s mind that Seth Miles’s sacrifice has been worth
while. To him comes a double reward: the realization that Cynthia and Dick
have lived lives worth his self-denial, and the satisfaction that to their son,
through his own wise teachings, has come the ability to 'sense things.'
1. Comment upon the advantages secured by opening the story with direct
quotations.
2. What light do these quotations throw upon the character of Richard’s
father?
3. Note how quickly the transfer is made from the office of Mr. Bonniwell,
Senior, to Seth Miles’s farm house. Such compression is necessary in a
short story.
4. How do you explain Richard’s first attitude toward his teaching and
toward all his surroundings at Garibaldi?
5. What was the first surprise Richard received concerning the character of
Seth Miles?
6. What, according to Mr. Miles, was the marked change which the young
teacher, 'Earnin' money to get through college,' effected?
7. Was Seth Miles’s sacrifice—the sacrifice he made when he gave up
Cynthia—a natural one under the circumstances? Why? What helped to
console him for his loss?
8. What was the second sacrifice, and in what spirit was it met?
9. Contrast Seth Miles’s spirit with the spirit of Sister Anne in Miss
Carman’s The Debt.
BURIED TREASURE
Miss Mazo De La Roche has attained her most notable literary success in
Buried Treasure. So apparent is this success, that a moving-picture
company has recently asked the privilege of producing this story.

One suspects that Mrs. Mortimer Pegg never was a little girl; one is
surprised to learn that Mr. Mortimer Pegg was, in a mysterious long ago,
'just so high'; that Mrs. Handsomebody issued from some unnamable
monstrosity a fullfledged, much-starched governess, is beyond doubt. If not,
how could they fail to enter with zest into the midnight treasure-hunt? What
a wonderful scene it is: a burly old pirate in leather jerkin, breeches, and
top-boots, not to mention a gleaming cutlass, surrounded by an Angel, a
Seraph, and 'just John,' with as bloodthirsty appointments, all intent on the
treasure-trove mysteriously located in Mrs. Handsomebody’s back yard.
And then come the Grown-Ups! Poor Mr. Pegg must return to the disguise
of an archæologist and the realms of respectable age.
1. Divide the story into scenes for a motion-picture production. What
would be the most regrettable loss in such a representation?
2. What do the names of the characters contribute to the charm of the
story? Are they any help to your interpretation of the characters?
3. Comment on the characterization of Mary Ellen. Is she a type? Are
there any other characters that you recognize as types? Do the presence of
these detract from the real interest of the story?
4. Discuss the author’s power of word-selection and striking comparisons.
What does this power add to her style?
THE PRINCESS OF MAKE-BELIEVE
Annie Hamilton Donnell was born in Maine, where much of her life
has been spent. She has, however, lived in the Middle West, and her present
home is in Framingham, Massachusetts. She has been a frequent contributor
to many of our best periodicals.
It is the charm of perfect understanding that lifts Annie Hamilton
Donnell’s story, out of the many, into that enchanting region inhabited by
such bewildering creatures as Rebecca of Sunnybrook Farm and Anne of
the famed Green Gables. To the author must be attributed that same
responsive gift that makes the Prince really a Prince. For the Princess there
is no evil to her who will not see it; so there is no harsh stepmother or

horrid witch—only a Queen who 'never enjoys herself on wash-days.' The
author’s delightful touches of humor make an easy and comfortable
medium from Make-Believe to a no less interesting world of Little Willow
Twins and fishing pools.
1. What is the most marked characteristic of the Princess?
2. What foils are introduced to bring this characteristic into bolder view?
3. In what particular items is the author’s sense of humor best displayed?
4. Where is the emotion of the Princess most intense?
5. Is this emotion suddenly or gradually destroyed?
6. What are the points of strongest contrast between the imagined Prince
and the real little neighbor-boy?
7. Comment on the sudden ending of the story.
THE TWO APPLES
James Edward Dunning, journalist and publicist, is the author of many
reviews, government reports, essays, and short stories. He has had a long
and honorable connection with the Department of State at Washington.
What has happened before the sixteenth day, what ship it was, what its
destination, who its crew, how they had been wrecked, we are not told; nor
are we particularly concerned with the history of those preceding events.
We are intent on one man living with half-mad intensity a whole life in a
single day. It is not so much that he knows the pain of diminishing vitality,
the scorchings of hunger and thirst, as it is the spiritual tortures he
undergoes. Everything that treacherous Desire can mean, he feels. It is only
an apple, but as he, in his hungered, famished state, gazes upon it, every
sense is alive with an intense elemental desire. At the moment of severest
trial, with the clearness of vision of those near death, he sees himself,
knows his sin, feels the mercy of God. And as the day closes, he
experiences the happiness of sacrifice. Beside him Zadoc sleeps, perhaps
drifts off into the Unknown.

1. If the author had wished to make a much longer story of this, what
episode or episodes could he have greatly elaborated? Can you surmise why
he did not do this, but preferred rather to develop the situation he had
selected?
2. What artistic effect is created by the description of the Cape Cod farm?
Analyze the sensory imagery.
3. Why does Zadoc command that the last apple be placed 'under the tin
cup in the middle of the raft'?
4. What had previously been Jeems’s attitude toward the sea? Has his
attitude now changed? Why, or why not?
5. From the standpoint of mere sense-impression, what is the most
significant moment in the story?
6. What is the point of highest spiritual interest?
THE PURPLE STAR
Mrs. Rebecca Hooper Eastman, a magazine writer of distinction, lives
in Brooklyn, New York. Her father, the late Dr. Hooper, was for many years
president of the Brooklyn Institute.
The judgment of his peers proved fatal to the glory of Charley Starr. Miss
Prawl, the sixth-grade teacher, learned, too, with surprise, that if one is a
dutiful child who neither disobeys nor deceives, he thereby lessens his
opportunity to achieve the heroic. The literalness of Theodora and her
zealots destroys any romantic impulse to make reckless synonymous with
brave. One is reminded that the youthful escapades which brighten the
biographies of certain national heroes—always making notable exception of
the Father of Our Country—would not have met the rigorous demands of
Theodora’s approval. The conclusion is obvious: it is difficult to become a
hero and at the same time retain all the virtues—particularly the much-
desired charity. And who would be judge? Let the order of the Purple Star
be abolished!
1. What is the author’s purpose in writing this story?

2. What are the chief points of interest, besides this well-defined purpose?
3. Are you satisfied with the outcome of the story? Could you suggest any
other way of meeting the problem?
4. Do you find the characters real? Is Theodora typical?
5. Why is it necessary to make character and setting somewhat
subordinate?
6. Do you like the introduction? What is the basis of its charm?
7. Do you find the author critical of other things outside the immediate
purpose of the story?
RUGGS—R. O. T. C.
William A. Ganoe, now stationed at West Point, is a captain in the
Regular Army. When Ruggs—R. O. T. C. was printed in the Atlantic, it was
immediately tried out in the class-room, where it won the instant favor of
high-school pupils. It was the first story to be issued in the series of Atlantic
Readings.
Amusing situations, with lively dialogue a-plenty, in this training-camp
story of Mr. Ganoe, are the conveyances for a splendid lesson in pluck.
Ruggs, the successful bank-manager, knew that only the best in the
individual is worthy of recognition when it comes to government service.
He meant to give that best. The trial came. Despite the confusion and the
jeers, Ruggs came through; brains and thorough-going effort counted. To
Ruggs it meant a first lieutenancy for his pluck, something to tell Alice, and
a ride in a blanket for the glorious 'sell' he had practised on his jeering
comrades. Underneath the fun and the hazing, there is, on all sides, sincere
appreciation of merit.
1. What purpose does the opening dream serve, besides that of arousing
immediate interest?
2. Besides his ability for quick decision, what is the outstanding feature of
Ruggs’s character?

3. How is the character of the Meter drawn? Is there any advantage in not
naming him?
4. Are you prepared for the Meter’s decision in regard to the Duke? Is the
latter introduced into the story for any purpose other than to amuse?
5. What are the author’s chief means of keeping suspense?
6. What ends do Squirmy’s nightly exercises serve?
7. Would it have added to the interest of the study to have Alice more fully
characterized? Why is she introduced?
THE WAY OF LIFE
LUCY HUFFAKER is a short-story writer of distinction, who has recently
been devoting her principal interest to the drama. She is connected with the
Washington Square players in New York City.
In the short space of a May evening, Emmeline Black, mother of eight
children, a good wife for a farmer, careful and industrious, lives through her
girlhood aspirations and the complete shattering of her dreams. Finally,
there comes to her the greater tragedy of the realization that, in spite of
what she can do, her daughter faces the same career of fantasy and
disillusionment. For the first time in twenty-one years, Jake Black finds his
wife different, almost a bit untractable. Yet he can find no solution for the
problem. 'Em' has been a good wife, their marriage has been successful, his
daughter’s possible engagement augurs well for the future; but 'Em' is
worried about something. It is the daughter herself who sets their small
world aright. Her gratitude for the dreams her mother has given her brings
to Emmeline the realization of the value of inspiration where
accomplishment proves impossible. The years of hard work before her, and
the prospect of a similar life for her daughter, grow insignificant before the
new consciousness that dreams do last.
1. Comment on the general atmosphere produced by the opening
paragraphs.
2. What descriptive details contribute particularly to the realism of the
scene?

3. How is this realism more fully brought out in the conversation between
the wife and husband?
4. What feelings prompted the lie which Mrs. Black told? What can be
said in extenuation of this lapse?
5. What contrasts were prominent in her mind?
6. What in Victoria’s character, makes the strongest appeal?
7. Do we feel that Victoria is more likely than her mother to keep the
youthful dreams and visions?
8. What is Mrs. Black’s greatest consolation?
9. Comment on the author’s way of ending her story.
A YEAR IN A COAL MINE
JOSEPH HUSBAND has, since his graduation from Harvard in 1907, been
engaged in industrial pursuits. He has, however, found time to contribute
frequently to The Atlantic Monthly. At present Mr. Husband is an ensign in
the United States Navy. The first account of his naval experience is
published in the May (1918) Atlantic.
For vividness of sense-suggestion—color, sound, smell, feeling—Joseph
Husband’s smooth-flowing narration of a year’s experience in a soft-coal
mine is worthy of study. The blackness which is 'absence of light rather than
darkness,' the submerging silence, the seeping gas-vapors, the nervous
consciousness of lurking danger—all these give indisputable atmosphere.
What grim tragedy, awful in its heavy brutality, might not here be grimly
enacted! Instead, there is work—the grimy, sweating work of the
underground; hard muscles, and senses not too alive to material forces. An
occasional superstition gives life to the blackness—a strange white phantom
that dazzles the sight and blinds the understanding with unreasoning fear.
But most vivid of all is the blackness and the work.
1. How does the author’s preface add to the interest in his narrative? Are
your expectations of his added power borne out?

2. Do you find Mr. Husband more able in his descriptions of large scenes,
masses of buildings, groups of people,—or in the individualizing of the
single person or thing?
3. Is the setting for the work, or the work itself, the chief purpose of the
narrative? Which do you find the more interesting?
4. Can you explain the author’s feelings of mortification as he first enters
upon his duties?
5. What are some of the elements that make for the vividness of the
scenes?
6. Why is the occasional mention of color so effective?
7. Contrast the mental occupations during a period of temporary leisure in
a coal mine with a similar rest hour in the upper world?
8. From reading this narrative, can you offer any reasons why the ancient
peoples believed mines to be inhabited by a race of gnomes?
WOMAN’S SPHERE
S. H. Kemper’s short stories reveal a genuinely sympathetic understanding
of child-life. Mr. Kemper’s present home is in Scranton, Pennsylvania.
The plot itself is slight: the presentation of a ball—a worsted ball—as a
birthday present to a boy of nine! The comic element immediately suggests
itself; Wilbur discovers that it may come very near tragedy—not for him,
but for Aunt Susan. To be so inconceivably old that one cannot understand
what a ball of gay worsted would mean to a boy who had already practised
imaginary curves with a magnificent white sphere bearing the proud blue
label of the American League! All Wilbur’s chivalric nature is called out to
keep his great aunt from knowing how great is her misunderstanding, and
how keen his aching pity that age could be so terrible.
Is there, perhaps, a suggestion here of refined propaganda?—Education
for women—higher, broader, what you will?
1. Contrast Aunt Susan with Wilbur’s grandmother.

2. Mention certain significant items that contribute to the realism of the
various situations.
3. Comment on the way in which Wilbur’s fancy works, as he views the
ball in anticipation.
4. What was there in Aunt Susan’s conversation that reveals her lack of
understanding of boy nature?
5. Is there any element of surprise in the way Wilbur takes his
disappointment? Comment fully upon his varied emotions.
6. What is the marked contrast between Aunt Susan and Wilbur’s father?
7. Which paragraph is most interesting from the point of view of setting?
Why?
8. Comment on the aptness of the title.
BABANCHIK
CHRISTINA KRYSTO lived the first nine years of her life, from 1887 to 1896,
in Russia. She then came with her father’s family to America, settling on a
ranch. Her vocation is ranch-work; her avocation is writing. Miss Krysto’s
The Mother of Stasya is published in the June (1918) Atlantic.
An Armenian, a Revolutionist, a voluntary exile, desiring in his old age
nothing so much as the privilege of serving Russia, whose government,
institutions, and rulers he had fought all his seventy years—such is
Babanchik. Russia had driven his twenty-year-old daughter into an exile of
hard labor, had imprisoned his son for the best ten years of his life; and
Babanchik died because his strength was too weak to carry him back to
serve her. Shall you call it patriotism in a man who cursed his native land
with a hymn of everlasting hate? racial instinct in one whose Armenian
birth made him an object of official suspicion? Here there could be no
overpowering conviction that his country’s civilization must be protected
against the dreaded Kultur. Yet the desire comes—not only his own, but the
command of his imprisoned son, that he serve Russia.
There are other beautiful things in Christina Krysto’s story, not the least of
which are the suggestive bits of description of the life in the Georgian
village. Yet Babanchik, of the caressing name, product of that strange

country whose people grow more incomprehensible as the Great War
progresses, interesting as he is, directing the summer play in the Caucasian
Mountains, is a thousand times more wonderful when swayed by the
unnamed power that returns him dead to Russia.
1. What are the characteristics in Babanchik that make him a favorite with
the children?
2. Contrast the Babanchik who played with the children with the
Babanchik who talked with the father.
3. What were Babanchik’s most serious interests?
4. What circumstances of his birth hampered his influence with the
Russian government?
5. How was his ambition to become a member of the city Duma crushed?
6. In spite of government intervention, what were some of the beneficial
influences which Babanchik found that he could exert?
7. What was there in the government of Russia that was particularly
distasteful to a man of Babanchik’s nature?
8. What strong traits of Babanchik are brought out in that long furious
fight for his children in the Russian prison?
9. What effect did the war have upon Babanchik’s view of Russia?
10. What hastened the old man’s desire to return?
11. Comment upon the author’s artistic close.
ROSITA
ELLEN MACKUBIN was, several years ago, a frequent contributor to the
Atlantic. Nearly all her stories are tinged with the military spirit with which
she was thoroughly familiar.
The cause of the deed is never revealed to the garrison; its consequences
can only be surmised. Indeed the true standing of the affair as tragedy is
only guessed. The instigator of the quarrel between Major Prior and Jerry
Breton, the perpetrator, and the victim of the tragedy unite in the person of
one christianized just enough to suffer for the savage instincts she had never

learned to control. We see her just once, Rosita, the beautiful, the impulsive,
the passionate; the next time she is dead. It is the feeling of repressed power
that makes Ellen Mackubin’s story grip the attention. In a few short pages,
three—possibly four—characters are made to live, and a tragedy wrecks
two lives.
1. Discuss which of the common elements of story—setting, plot,
character, theme, or style—is here most prominent.
2. Discuss the way in which the separate characters are introduced and the
complication arranged.
3. How can Jerry’s treatment of the commanding officer on the day of the
dress parade be condoned?
4. How does the reader feel regarding Rosita’s vague declaration that she
will rid Jerry of Prior’s unfairness?
5. On the night of the shooting, what motive prompted Jerry to fling the
pistol far over the edge of the bluff?
6. Describe the effects which the tragedy produced upon the garrison.
7. What were Jerry’s feelings during the days immediately succeeding the
tragedy?
8. How does the reader decide the question as to who is the really guilty
person?
PERJURED
Edith Ronald Mirrielees is a member of the English Department of
Leland Stanford Junior University.
It was a useless lie. Robbins knew that, as soon as he had spoken it. But it
stopped the boys' teasing. Once spoken, events followed in too rapid
succession for him to do more than qualify his statement; the bald
accusation remained. Repetition had done more than confirm the story in
Sutro; it had benumbed Robbins’s own sense of exactness. His reputation
for truth constantly confronted him; sometimes it made it easier for him, but
increasingly often he saw the difficulty of reconciling the lie with himself.

On the other hand, time and self-torture strengthened the conviction that
truth must prevail and that no innocent man could suffer by the law. And so
it proved. Robbins, the boy who had tried to save himself from momentary
discomfiture, who had deliberately placed a man in direct accusation for
murder, found himself, not a self-righteous person who by a last act of grace
redeems the innocent and places himself on a martyr’s pedestal; instead, he
found himself a perjured youth, no better than the truck-gardener Emerson
in whom truth itself lost credence.
That a malignant fate had placed the name of the guilty man in the boy’s
mouth, comes with no shock; the author has so carefully prepared our
minds for that very verdict, that we are merely surprised that we could have
forgotten the bits of telling evidence. The interest begins and ends with a
boy of sixteen who in weakness was forsworn.
1. Comment on the appropriateness of the direct opening. Is such a
method more appropriate to one type of story than another?
2. Describe the steps by which the author prepares for, without explaining,
his climax.
3. How does the author focus attention, not on the murderer and criminal,
but on the individual problem of Robbins? Would you have preferred a
more detailed explanation of the cause of the crime?
4. Why is Emerson introduced?
5. Is the enormity of the injury he is doing ever clear to Robbins?
6. What other stories are included, but left untold, in this one?
7. What, to you, is the most significant thing in the author’s handling of
the narrative? Why would such a story not lend itself to scenic production?
WHAT MR. GREY SAID
Margaret Prescott Montague, living among the West Virginia
mountains, has written many successful stories of the Hill people whom she
knows so well.

To make of the little blind child of the coal-miner a compellingly human
little soul, yet to touch him with a warmth and beauty of imagination so
exquisite that it pains the heart; to do all this so deftly, so tenderly that one
draws a quick breath of wonder—these are only bare suggestions of the
power that created Margaret Prescott Montague’s What Mr. Grey Said.
1. Contrast the richness of sense-perceptions of Stanislaus with his
poverty of all things else.
2. Analyze the elements that make up the charm of Stanislaus. Aside from
the pathetic, what is the strongest interest?
3. How does Miss Julia help to prolong the suspense?
4. Would the story have been as powerful if it were entirely tragic?
5. Would the story have gained if Stanislaus were presented in direct
contrast to the other blind children? Why would a longer story have been
weaker?
6. Does the dialect contribute to the charm of the story? What is the real
function of dialect?
7. Does the ending seem a makeshift to avoid a difficulty? How has the
author succeeded in making the ending not only possible but probable?
A SOLDIER OF THE LEGION
E. Morlae was an American who, in the early days of the Great War,
enlisted in the French Army and became a Soldier of the Legion. Many of
his war experiences are graphically told in his various articles in The
Atlantic Monthly.
'We spent our time eating and sleeping, mildly distracted by an
intermittent bombardment': these were the breathing spells; active work
found analogy only in the regions below. Yet either adventure was told with
equal calm. That is what impresses one in Sergeant Morlae’s narrative. It is
so grimly calm, almost impersonal. There is no careless enthusiasm, excited
hilarity, or mad vengeance—simply a job to be done. The enemy alive
present a target; dead, a source of added comfort for one’s self, a souvenir

for one’s brother, or, if need be, material for a parapet. One’s life before and
after has nothing to do with the present. And this is even more terrible for
what it leaves unsaid.
There is, however, no lack of vividness in A Soldier of the Legion. The
matter-of-factness of the telling deceives us only for a time, until the
intrusion of a crisp, 'Hell kissed us welcome'; or, more significant still, 'And
we were counted: eight hundred and fifty-two in the entire regiment, out of
three thousand two hundred who entered the attack on the 25th of
September.'
1. Does the conversational tone of the narrative make it any the less vivid?
2. When is the author’s power of vivid portrayal most apparent?
3. What ideas do you get of the Legion’s views of the enemy? Contrast it
with other war stories you have read. Could it be accounted for by the type
of men who entered the Foreign Legion?
4. What in the author’s account suggests the general morale of the troops?
5. What does the grimness of the occasional bits of humor convey as to
the mental state of the men? What do these occasional jokes gain by their
very scarcity?
6. What new ideas of war come to you from Sergeant Morlae’s account?
THE BOULEVARD OF ROGUES
MEREDITH NICHOLSON has won most of his popularity as a novelist. He is,
however, an accomplished essayist, a poet of distinction, and a keen critic
of current literary and political matters. More recently, he has become
interested in the writing of short stories. His home is in Indianapolis, where
he was privileged to enjoy for many years an intimate friendship with
James Whitcomb Riley, whose character Mr. Nicholson has sympathetically
portrayed in his novel, The Poet, and in an illuminating essay in The
Atlantic Monthly for October, 1916.
Propaganda in such disguise needs no apology. Not only can we
appreciate the cleverness of the trick as well as the earnestness of its author,

but we relish what a very good thing a similar lesson would be for our own
or for our neighboring cities.
At the same time, there is a worth-while character-study to be made of the
Chairman of the Committee on Art, who presents a type almost as rare in
fiction as it is in life.
1. The student will find it interesting to make a thorough study of Barton’s
character—his cynicism, his practical good sense, and all his other
prominent traits. A composition discussing all these could be made very
interesting and enlightening.
2. Discuss the general political attitude of the average city councilman.
3. In an examination of the plot, what incident seems to you to mark the
point of highest interest? Discuss fully.
4. How is Barton’s character relieved from any final censure for the
spending of money for a statue of a rogue?
WHAT HAPPENED TO ALANNA
KATHLEEN NORRIS, a Californian by birth, has been a voluminous writer of
magazine fiction since 1910, when she contributed two stories to the
Atlantic—What Happened to Alanna and The Tide Marsh.
To those who know Kathleen Norris’s Mother, nothing more need be said
of this author’s ability to depict the wholesome sentiment of family life,
without the sentimentality that clings to many of the ordinary short stories
and novels. The less fortunate may make valuable acquaintance in the halls
of Costello. F. X., Senior, 'undertaker by profession and mayor by an
immense majority,' shares his position of importance by reason of the
charms of his numerous offspring. Mrs. Costello is, of course, the centre of
interest, as she is of the Costello circle, which means all who come within
range of her generous hand and kindly word. Yet no one remains
unindividualized. A few vivid strokes, and the picture is complete. If an
artistic hand adds another touch now and then, we are never made
conscious of technique. Especially is this true in the case of young Mrs.
Church. And what more delightful could there be than the family

conversations, which are quite as revealing in points of character as they are
delightful in their flashes of humor?
1. What purpose does the detailed description of family life serve?
Comment on the choice of detail.
2. Besides the plot, what are the most interesting elements in the story?
3. Could you suggest another climax?
4. What is gained by having Alanna solve her problem alone? How does
the author arrange that the solution shall be thus accomplished?
5. Is Mrs. Church introduced for any reason other than her slight
connection with the plot?
6. Is Mr. Costello as well portrayed as his wife? Can you suggest any
reasons why he typifies the Irish-American rather than the native Irishman
of the same rank?
7. How does Miss Norris achieve the atmosphere that she does?
8. Could the story be criticized as being sentimental?
SPENDTHRIFTS
Laura Spencer Portor (Mrs. Francis Pope) has long been engaged in
literary work. Her essays and stories 'give proof of a versatility of
experience as Protean as her talents.' Mrs. Pope is now connected with the
editorial staff of one of the prominent New York magazines.
Perhaps that which impresses the reader most in Spendthrifts is the
production of an atmosphere that makes the strange seem real, and the
commonplace take on a suggestion of the fanciful. Not half so wonderful is
it that the woman of the orange-colored eyes should meet the lover of her
youth, now a lay Franciscan, and live again with him the story of their love
before a smilingly complacent husband, as that this story should have been
unfolded before the eyes of a romantic little girl who went out to see the
world in a rambling old coach. The author, like the successful playwright,
completely transfers us to another world. The careful preparation of
atmosphere is followed by a swift march of events to a climax the more

powerful by the necessity of its restraint. The gradual trailing off into the
dim romantic atmosphere out of which the story grew, calls for a curtain
that may be raised again only on the author’s epilogue.
1. What can you say by way of comment on the somewhat leisurely
beginning of this story?
2. What do you like best in the description of the old-fashioned 'bus?
3. Justify the author’s early paragraphs on the herds of dumb cattle.
4. Can you analyze the method by which the author makes even her most
trivial details of the trip seem vital and interesting?
5. Is it true that most of these details—both narrative and descriptive—
assume greater importance because they are seen through a child’s vision?
6. What items bring out the disturbed feelings of the Franciscan soon after
he enters the 'bus?
7. Trace the details that very gradually portray the character of Louise’s
husband.
8. What part does the description of the various costumes play in the
portrayal of character?
9. As Louise analyzes to the Franciscan the past relations existing between
them, do we find ourselves sympathizing with one or the other, or with
neither?
10. What is the intended symbolism of the title, Spendthrifts?
11. What is symbolized by the herd of cattle?
CHILDREN WANTED
LUCY PRATT, a frequent contributor to magazines, lives in Cambridge,
Massachusetts.
So slight is the plot in Children Wanted that one might on reflection
question whether there is a plot. In the actual reading, one becomes too
absorbed in the very real situation that Miss Pratt presents to become coldly
analytical. The vividness of Master Crosby Tarbell’s particular adventure
with life is reflected, not only in the letter Mr. Henry Tarbell dispatches to a

certain Pony Man, but in the reader’s own warm indignation at the
carelessness, the cowardice, of compromising grown-ups in general. At the
same time, Miss Pratt’s masterly use of commonplace detail, fully as much
as the poignant bits of character delineation, such as that which ends the
story, makes of Children Wanted as effective a bit of narrative technique as
it is a striking example of the propagandist’s art.
1. Is the chief interest of the story in the principal character or in the
underlying theme?
2. Would the experience have meant as much to any child?
3. Why is the 'lady on the hill road' added to the list of customers?
4. What does Crosby’s father add to the story that Crosby’s mother could
not? Would you have preferred to be told more about Mrs. Tarbell?
5. Do you find any explanations for the climax in the previous
characterization of Crosby? How has the detailed description of the barn
helped to reveal the lad’s sensitiveness?
THE SQUIRE
ELSIE SINGMASTER (Mrs. H. Lewars), a Pennsylvanian by birth and
residence, has been writing at more or less irregular intervals ever since her
first story was published in Scribner’s Magazine twelve or thirteen years
ago. Her reputation has been largely won by her sympathetic portrayal of
the Pennsylvania Dutch character.
How adequately, how finally, a person can be characterized by his own
conversations, all the principals in this little Millerstown drama
demonstrate. Weakness, crudeness, selfishness, speak out their own
existence. And, to shine by contrast in the midst of all this pettiness, is the
figure of a man who makes the title 'Squire' mean what it has meant to
certain English townships, and whatever more comes from responsibility
assumed without force of precedent or hope of recompense.

1. What are the elements which produce the atmosphere of crudity that
stands for Millerstown? Could any description of the town produce a like
effect?
2. Would it have detracted from the story if Stemmel had been more
elaborately portrayed?
3. How is the solution of the case prevented from appearing
melodramatic?
4. Would the Squire’s sacrifice have gained or lost power if Adam and
Sula were less irresponsible?
5. How do the Squire’s actions correspond to the tradition of his title?
How different are they from what might have happened in a like situation in
England?
6. Do you think Adam and Sula worthy of the Squire’s interest?
7. What stories growing out of this one remain to be told? Which would
be the most interesting?
GREGORY AND THE SCUTTLE
Charles Haskins Townsend, an ichthyologist of international reputation,
has been a member of many U. S. government commissions. His present
address is The Aquarium, New York.
Gregory and the Scuttle, translated into the literal, means 'How the
octopus came to the Aquarium.' In the literal version, the account might
have been buried easily and unregretfully in the dry-as-dust records of the
American Aquarium Society, or some such august receptacle of
information; as it is, it becomes the easy, chatty adventure of one who
proves himself human as well as scientific. Moreover, it behooves the
practical investigator of the educative process to note that, by this sugar-
coated method, various capsules of information slip down without violent
contraction on the part of him who will be only entertained.
1. How is the title of the story indicative of its general tone?

2. Would Gregory’s vision of the adventure have been an interesting one?
What would it lack that the scientist’s has?
3. When, if ever, does the scientist take the place of the story-teller?
4. What is the chief charm of the account? Would a series of such
adventures—with all necessary variation—be altogether as delightful?
IN NOVEMBER
EDITH WYATT was born in Wisconsin, and educated at Chicago and Bryn
Mawr. She has for years been a frequent contributor to the best of our
American magazines. Her present home is in Chicago.
While listening to Miss Brackett’s naïve recital of her personal narrative,
we somehow never lose consciousness of the interesting environment
created in the beginning paragraphs. In most stories where the interest in
surroundings is strong, we are chiefly concerned with the setting in which
the incidents of the plot take place. In this instance, however, we are chiefly
interested in the autumnal atmosphere in which Miss Brackett’s ingenuous
tale is told. Here is Lake Michigan, all green and mist-blown, banding the
whole horizon. There, in the broad southward, lie the full contours of the
forest-covered dunes. And over all is the gray and purple sky of the late
autumn. In the inner circle of all this is the camp, with Elsie Norris vividly
portrayed in the centre. Her isolation is broken by the chance guest, who
tells the intimate personal episodes, so charmingly marked by the artless
notes of unselfishness. When the guest leaves and the other campers return,
and Miss Norris wanders off alone to gather firewood for supper, the
brooding influence of the pervading November scene is felt to be even more
profound and impressive.
1. What are the three or four most graphic touches in the story?
2. What, aside from the setting, is the most impressive element in the
story?
3. What comment can you make on Miss Wyatt’s feeling for style? What
effects does she produce?

4. Comment on the slight but suggestive glimpse of Baby’s character.
What other personages in the story show their sympathy for Miss Brackett?
5. Was it worth while to say anything about Mrs. Horick? Why is she
mentioned? Do the slight details contribute to the interest of the story?
6. Mention three or four items which might have been elaborated into
important incidents in the narrative.

*** END OF THE PROJECT GUTENBERG EBOOK ATLANTIC
NARRATIVES: MODERN SHORT STORIES; SECOND SERIES ***
Updated editions will replace the previous one—the old editions will
be renamed.
Creating the works from print editions not protected by U.S.
copyright law means that no one owns a United States copyright in
these works, so the Foundation (and you!) can copy and distribute it
in the United States without permission and without paying
copyright royalties. Special rules, set forth in the General Terms of
Use part of this license, apply to copying and distributing Project
Gutenberg™ electronic works to protect the PROJECT GUTENBERG™
concept and trademark. Project Gutenberg is a registered trademark,
and may not be used if you charge for an eBook, except by following
the terms of the trademark license, including paying royalties for use
of the Project Gutenberg trademark. If you do not charge anything
for copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such as
creation of derivative works, reports, performances and research.
Project Gutenberg eBooks may be modified and printed and given
away—you may do practically ANYTHING in the United States with
eBooks not protected by U.S. copyright law. Redistribution is subject
to the trademark license, especially commercial redistribution.
START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE

PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK
To protect the Project Gutenberg™ mission of promoting the free
distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.
Section 1. General Terms of Use and
Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund
from the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.
1.B. “Project Gutenberg” is a registered trademark. It may only be
used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.

1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law
in the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name associated
with the work. You can easily comply with the terms of this
agreement by keeping this work in the same format with its attached
full Project Gutenberg™ License when you share it without charge
with others.
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the
terms of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.
1.E. Unless you have removed all references to Project Gutenberg:
1.E.1. The following sentence, with active links to, or other
immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears,
or with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed:

Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade
Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.
Let us accompany you on the journey of exploring knowledge and
personal growth!
textbookfull.com

Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing 1 / converted Edition James Forshaw

More Related Content

Similar to Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing 1 / converted Edition James Forshaw (20)

Recently uploaded (20)

Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing 1 / converted Edition James Forshaw