Security tab

The Security tab of the Process Properties window shows the list of groups and privileges listed in the security token of the selected process on this page:

A group that has the Deny flag set can be considered effectively equivalent to not being present in the token at all. With User Account Control, powerful groups such as Administrators are marked Deny-Only (except in elevated processes). The Deny flag indicates that if an object has an access-allowed access control entry (ACE) for Administrators in its permissions, that entry is ignored, but if it has an access-denied ACE for Administrators (not common), the access is denied.

A privilege that is marked as Disabled is not at all the same as the privilege not being present. If a privilege is in the token, the program can enable the privilege and then use it. If the privilege is not present, the process cannot acquire it.

This tab also shows whether the User Account Control file and registry virtualization is enabled for the process, the Security Identifier (SID) of the user that started the process, and the selected group SID.

The Permissions button opens a permissions window that shows the access permissions assigned to the process: