Tweet
Each user account in Windows has what is called a Security Identifier (SID), which is a combination of characters that looks like the following:
The SID is a construct of the following
Possible identifier authority values are
Even though you use a username to access a resource, Windows identifies each user, group, or object by the SID of that object. Windows uses the SID to look up a user account to verify it the password of that user is a match. A SID is also in play in every situation in which permissions need to be verified - for example, when a user attempts to access a folder or another shared resource.
S-1-5-21-3623811015-3361044348-30300820-1013
- S - The string is a SID
- 1 - The revision level (the version of the SID specification)
- 5 - The identifier authority value.
- 21-3623811015-3361044348-30300820 - Domain or local computer identifier
- 1013 - A Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater
Possible identifier authority values are
- 0 - Null Authority
- 1 - World Authority
- 2 - Local Authority
- 3 - Creator Authority
- 4 - Non-unique Authority
- 5 - NT Authority
- 9 - Resource Manager Authority
Even though you use a username to access a resource, Windows identifies each user, group, or object by the SID of that object. Windows uses the SID to look up a user account to verify it the password of that user is a match. A SID is also in play in every situation in which permissions need to be verified - for example, when a user attempts to access a folder or another shared resource.