Each of the Windows principals, such as computers, accounts, services, etc., has a security identifier (IDENTIFIER,SID); In general, a security identifier is a string of special strings that represents a security principal.
The security identifiers are composed of the following parts:
650) this.width=650; "height=" 164 "title=" image "style=" border:0px; "alt=" image "src=" http://img1.51cto.com/ Attachment/201405/9/907015_139965051858kn.png "border=" 0 "/>
(1) The security identifier begins with the capital letter S, indicating that it is a security identifier;
(2) revision level, usually 1;
(3) The issuer used to represent identifiers; The following is a common identifier issuer:
Identifier issuing agency |
Description |
0 |
Security_null_sid_authority, used when the authority is not known |
1 |
Security_local_sid_authority, which is used to create a security identifier that represents all users. For example, the security identifier for all user groups is s-1-1-0, which is a combination of common identifier 0 and the issuing authority, which represents all users of the organization; |
2 |
Security_local_sid_authority, which is used to create a security identifier for the login user representing the local terminal; |
3 |
Security_creator_sid_authority, which is used to create a security identifier that represents the creator or owner of an object. For example, the security identifier of the file owner is s-1-3-0, which is actually composed of the relative identifier 0 and the issuing authority of the creator or owner. S-1-3-0 is used in an inheritable access control list, which is replaced by the owner's security identifier in the child object that inherits the list. S-1-3-1 is the security identifier of the file owner, and it has the same effect, but its security identifiers come from the creator's primary group; |
5 |
Security_nt_authority, which represents a part of the operating system itself. Security identifiers that start with S-1-5 are published by a computer or domain, and almost all of these security identifiers come with s-1-5 |
(4) The first sub-authority is generally a commonly used authority; the other sub-authorities combine to represent the domain or computer where the identifier is published.
The commonly used sub-authorities are as follows:
Sub-Authorities |
Description |
5 |
This security identifier is published to the logged-on session, allowing permissions to be granted to applications running under a specific logon session. The first sub-authority of these security identifiers is 5, the basic format s-1-5-5-x-y; |
6 |
When a process logs on as a service, it has a special security identifier in its token. The Sub-authority of the security identifier is 6, the basic format is s-1-5-6; |
21st |
Security_nt_non_unique, which indicates that the security identifier of the user or computer is not unique; |
32 |
A security_builtin_domain_rid that represents the built-in security identifier. For example, the well-known security identifier for the built-in Administrators group is s-1-5-21-544; |
80 |
Security_service_id_base_rid, which represents the security identifier of the service; |
(5) A relative identifier used to represent a user or computer;
Relative identifiers for common domains:
Relative identifiers |
Description |
500 |
Administrator |
501 |
Guests |
502 |
Service account for Key Distribution Center service |
512 |
Domain Admins |
513 |
Domain user |
514 |
Domain Guest |
515 |
Domain Computers |
516 |
Domain Controller |
544 |
Built-in Administrators |
545 546 |
Built-in users Built-in Guest
|
This article is from the "Step by Step" blog, so be sure to keep this source http://281816327.blog.51cto.com/907015/1409081