Overview#Security Identifier (SID) is a unique value of variable length used to identify a trustee within Microsoft Windows.
Each time a user logs on, the system retrieves the Security Identifier for that user from the database and places it in the access token for that user.
The system uses the Security Identifier in the access token to identify the user in all subsequent interactions with Windows security.
When a Security Identifier has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group.
Windows security uses Security Identifiers in the following security elements:
- In security descriptors to identify the owner of an object and primary group
- In Access Control Entries, to identify the trustee for whom access is allowed, denied, or audited
- In access tokens, to identify the user and the groups to which the user belongs
- In addition to the uniquely created, domain-specific SIDs assigned to specific users and groups, there are well-known SIDs that identify generic groups and generic users.
For example, the well-known SIDs, Everyone and World, identify a group that includes all users.
Most applications never need to work with SIDs.
For example, the U.S. English version of the Microsoft Windows has a well-known Security Identifier named "BUILTIN\Administrators" that might have a different name on international versions of the system.