May 13, 2018

Windows SID(Security IDentifier)

SID(Security IDentifier)

❑ SID(Security ID) : The ID assigned to an account or group for identifying in a Windows NT-based operating system. It is used to grant access to system resources.

❑ How to check SID : C:\> wmic useraccount get name, sid

❑ SID components : [S]-[R]-[I]-[A]-[DID]-[RID]

e.g. S-1-5-21-2411111110-171111108-1611111167-1000

ValueDescription
S(SID)The character indicating that it is SID string.
R(Revision level)The SID version number.
I(Identifier authority)0 : Null
1 : World(Everyone)
2 : Local
3 : Creator
4 : Non-unique ID
5 : NT authority
S(Sub authority)0 : Null
1 : Dial up
2 : Network
3 : Batch
4 : Interactive
5 : Login
6 : Service
7 : Anonymous Logon
8 : Proxy
21 : NT Non-builtin ID
32 : NT built-in ID
DID(Domain ID)Domain Identifier that creates SID.
RID(Relative ID)Account or group Identifier.
500 : Administrator.
501 : Guest.
1000 ↑ : Ordinary user.

※ There are well-known SIDs that can help to solve security problems.