Security Identifier (SID)
In Windows, a SID (Security Identifier) is a unique alphanumeric identifier assigned to each security principal, such as a user, group, or computer. SIDs are an integral part of the Windows security model and are used to control access to securable objects and resources within the Windows operating system.
Here's a breakdown of the components of a SID:
Prefix: The SID begins with a prefix that indicates the authority responsible for issuing the SID. For example:
S-1: Indicates a SID issued by a Windows authority.
S-2: Indicates a SID issued by a network authority.
S-3: Reserved for future use.
Revision Level: The revision level indicates the version of the SID format. This is typically "1" for SIDs used in Windows.
Identifier Authority: This is a 48-bit identifier that uniquely identifies the authority responsible for issuing the SID. For example:
0: Null authority (a placeholder).
5: NT Authority, which is used for SIDs issued by Windows.
Subauthorities: These are variable-length components that further define the security principal. They are typically composed of relative identifiers (RIDs) that uniquely identify users, groups, or computers within a domain or local system. The number of subauthorities can vary depending on the type of security principal:
Users: The RID represents the user account.
Groups: The RID represents the group account.
Computers: The RID represents the machine account.
For example, a complete SID might look like this: S-1-5-21-3623811015-3361044348-30300820-1013.
S: Indicates a SID.
1: Revision level.
5: Identifier authority (NT Authority).
21-3623811015-3361044348-30300820-1013: Subauthorities.
SIDs are used extensively in Windows for access control lists (ACLs), user authentication, group membership, and auditing. They provide a unique and consistent way to identify security principals across Windows domains and systems, enabling centralized management of security permissions and policies.
Last updated