Overview#

Security Identifier (SID) is a unique value of variable length used to identify a trustee within Microsoft Windows.

Each account has a unique Security Identifier issued by an authority, such as a Microsoft Active Directory Domain Controller, and stored in a security database.

In Microsoft Active Directory the ObjectSID contains the value for the Security Identifier of the entry.

Each time a user logs on, the system retrieves the Security Identifier for that user from the database and places it in the access token for that user.

The system uses the Security Identifier in the access token to identify the user in all subsequent interactions with Windows security.

When a Security Identifier has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group.

Windows security uses Security Identifiers in the following security elements:

  • In security descriptors to identify the owner of an object and primary group
  • In Access Control Entries, to identify the trustee for whom access is allowed, denied, or audited
  • In access tokens, to identify the user and the groups to which the user belongs
  • In addition to the uniquely created, domain-specific SIDs assigned to specific users and groups, there are well-known SIDs that identify generic groups and generic users.

For example, the well-known SIDs, Everyone and World, identify a group that includes all users.

Most applications never need to work with SIDs.

Because the names of well-known SIDs can vary, you SHOULD use the functions to build the Security Identifier from predefined constants rather than using the name of the well-known SID.

For example, the U.S. English version of the Microsoft Windows has a well-known Security Identifier named "BUILTIN\Administrators" that might have a different name on international versions of the system.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-4) was last changed on 19-Aug-2016 12:43 by jim