Security Identifier
Security Identifier Definition
A security identifier (also known as a SID or security ID) is a unique, long string of numbers assigned to users and groups on a Windows-based network. It’s used to identify users as well as manage and enforce permissions, so that only authorized people can access certain files or resources. SIDs are also crucial in security auditing, as they allow admins to trace user actions and link them with specific permissions or access levels.
How a Security Identifier Works
When you first set up a computer, the operating system gives it a local SID. If that computer then joins a domain, it also receives a domain SID. This helps the network identify the device and the user.
In addition to individual SIDs, Windows also assigns group SIDs to manage shared permissions. For example, an organization may have an “All Users” or an “Everyone” SID. This enables networks to use access control lists (ACLs) to manage permissions for users and groups.
How Is an SID Structured?
- Revision level: The version number of the SID format. Currently, this is almost always “1.”
- Identifier authority: A 48-bit string of numbers that identifies who created the SID, for example, the domain itself or the NT AUTHORITY (a system for managing processes on a network).
- Sub-authority: Typically, a 32-bit value string that identifies the domain.
- Relative identifier (RID): The final part of a SID that identifies a specific user or group.
Common Types of SIDs
- Well-known SIDs: Used by Windows to identify users and groups. For example, “World” (S-1-0-0) is a group containing all members. “Console Logon” (S-1-2-1) is for users who are connecting to the physical console.
- User SIDs: Identify a specific user within a domain or local machine.
- Group SIDs: Associate multiple user accounts under one group, for example, “Sales Team” or “Administrators.”
- Computer SIDs: Assign a unique identifier to a specific computer on a network.
- Built-in SIDs: Refer to accounts predefined by Windows, such as “Guest” or “System.”
- Domain SIDs: Represent the entire domain. Every account within that domain shares this SID prefix.
- Virtual account SIDs: Help manage permissions for users and groups on a domain.
- Logon SIDs: Track a specific sign-in session using a temporary identifier assigned to you when you log in.
- Security Account Manager (SAM) SIDs: Store local account credentials and the corresponding SIDs in a Windows database.
Read More
FAQ
You can find the security identifier in the Windows Registry. Open the Command Prompt and enter whoami /user. Then type in wmic useraccount get name,sid. This will display all of your SIDs.
To get your user SID, enter whoami /user. For group SIDs, enter wmic useraccount get name,sid. These will work in a Command Prompt or in Windows Terminal. However, if you don’t have admin rights, you may not be able to see group SIDs. These commands will work on Windows 10 and later. If this fails on older versions of Windows, use PowerShell with Get-LocalUser | Select Name, SID.
SIDs identify users, groups, and computer accounts on Windows networks. They also manage permissions for files, folders, and other resources. IT admins use SIDs to manage users, groups, and devices on all Windows networks. They assign permissions to users with their SIDs rather than usernames. They are used globally in home networks, businesses, schools, and public buildings.
An example of a SID is S-1-5-21-4221730962-5568923189-20200810-1015. Each part of a SID represents different information. The first part reveals what type of SID it is, the larger middle section identifies who created the SID, and the last part, 1015, is the RID (relative identifier). This identifies the specific user or device the SID belongs to.
45-Day Money-Back Guarantee