The authentication token contains the security identifier (SID) of the user and SIDs of all the groups to which the user belongs, directly or indirectly as in the case of nested groups. Windows uses this access token to determine if a permission entry’s principal applies to the principal ac...