No announcement yet.

Enumeration - Windows Security Identifiers

  • Filter
  • Time
  • Show
Clear All
new posts

  • Enumeration - Windows Security Identifiers

    Each user account in Windows has what is called a Security Identifier (SID), which is a combination of characters that looks like the following:

    The SID is a construct of the following
    • S - The string is a SID
    • 1 - The revision level (the version of the SID specification)
    • 5 - The identifier authority value.
    • 21-3623811015-3361044348-30300820 - Domain or local computer identifier
    • 1013 - A Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater

    Possible identifier authority values are
    • 0 - Null Authority
    • 1 - World Authority
    • 2 - Local Authority
    • 3 - Creator Authority
    • 4 - Non-unique Authority
    • 5 - NT Authority
    • 9 - Resource Manager Authority

    Even though you use a username to access a resource, Windows identifies each user, group, or object by the SID of that object. Windows uses the SID to look up a user account to verify it the password of that user is a match. A SID is also in play in every situation in which permissions need to be verified - for example, when a user attempts to access a folder or another shared resource.
    Certified Security Geek