WinNT Security Resources

Does anyone know of any good resources for information about how NT security actually works? It can be either a book or on the web somewhere.

The only things I’ve been able to find deal with how to implement NT security, but I want to know how it actually works. For example:

  • What, exactly, is in the token the user gets when he logs on?
  • What is the LSA actually doing when I try to access a file? How does it determine what access I have?

Low level stuff. Like I said, most of what I’ve found so far has been “best practices” type of info which doesn’t really help me.