Identity

Every process runs with a token — a structured bundle of security information the kernel evaluates on every access decision.

How Security Identifiers uniquely and permanently identify every user, group, service, and machine on Peios.

What a token contains, how tokens are created and inherited, and why identity is immutable but policy is adjustable.

The difference between a process's primary token and per-thread impersonation tokens, and when the kernel uses each.

What logon sessions are, the different logon types, and how the logon SID scopes access to a single session.

How services get purpose-built tokens with per-service SIDs to isolate authority between services sharing an account.

How machines are security principals with their own SIDs, domain accounts, and authentication credentials.

How linked token pairs give administrators standard-user defaults with explicit elevation to full privileges.

How to use idn show to inspect the token attached to the current process or another process by PID.

How to check whether a thread is impersonating and inspect its impersonation token with idn show.

How to query specific token fields — user SID, group memberships, and privileges — using idn subcommands.

How to use idn compare to diff two tokens and find mismatched groups, privileges, or integrity levels.

How to check elevation status and launch processes with the elevated token using idn and elevate.

Reference table of well-known SIDs including universal, NT Authority, built-in, service, and confinement SIDs.