❑ SID(Security ID) : The ID assigned to an account or group for identifying in a Windows NT-based operating system. It is used to grant access to system resources.
❑ How to check SID : C:\> wmic useraccount get name, sid
❑ SID components : [S]-[R]-[I]-[A]-[DID]-[RID]
e.g. S-1-5-21-2411111110-171111108-1611111167-1000
Value | Description |
S(SID) | The character indicating that it is SID string. |
R(Revision level) | The SID version number. |
I(Identifier authority) | 0 : Null 1 : World(Everyone) 2 : Local 3 : Creator 4 : Non-unique ID 5 : NT authority |
S(Sub authority) | 0 : Null 1 : Dial up 2 : Network 3 : Batch 4 : Interactive 5 : Login 6 : Service 7 : Anonymous Logon 8 : Proxy 21 : NT Non-builtin ID 32 : NT built-in ID |
DID(Domain ID) | Domain Identifier that creates SID. |
RID(Relative ID) | Account or group Identifier. 500 : Administrator. 501 : Guest. 1000 ↑ : Ordinary user. |
※ There are well-known SIDs that can help to solve security problems.