Windows security Identifiers (SIDs) overview

Source: Internet
Author: User

Each of the Windows principals, such as computers, accounts, services, etc., has a security identifier (IDENTIFIER,SID); In general, a security identifier is a string of special strings that represents a security principal.

The security identifiers are composed of the following parts:

650) this.width=650; "height=" 164 "title=" image "style=" border:0px; "alt=" image "src=" http://img1.51cto.com/ Attachment/201405/9/907015_139965051858kn.png "border=" 0 "/>

(1) The security identifier begins with the capital letter S, indicating that it is a security identifier;

(2) revision level, usually 1;

(3) The issuer used to represent identifiers; The following is a common identifier issuer:

Identifier issuing agency Description

0

Security_null_sid_authority, used when the authority is not known

1

Security_local_sid_authority, which is used to create a security identifier that represents all users. For example, the security identifier for all user groups is s-1-1-0, which is a combination of common identifier 0 and the issuing authority, which represents all users of the organization;

2

Security_local_sid_authority, which is used to create a security identifier for the login user representing the local terminal;

3

Security_creator_sid_authority, which is used to create a security identifier that represents the creator or owner of an object. For example, the security identifier of the file owner is s-1-3-0, which is actually composed of the relative identifier 0 and the issuing authority of the creator or owner. S-1-3-0 is used in an inheritable access control list, which is replaced by the owner's security identifier in the child object that inherits the list. S-1-3-1 is the security identifier of the file owner, and it has the same effect, but its security identifiers come from the creator's primary group;

5

Security_nt_authority, which represents a part of the operating system itself. Security identifiers that start with S-1-5 are published by a computer or domain, and almost all of these security identifiers come with s-1-5


(4) The first sub-authority is generally a commonly used authority; the other sub-authorities combine to represent the domain or computer where the identifier is published.

The commonly used sub-authorities are as follows:

Sub-Authorities Description

5

This security identifier is published to the logged-on session, allowing permissions to be granted to applications running under a specific logon session. The first sub-authority of these security identifiers is 5, the basic format s-1-5-5-x-y;

6

When a process logs on as a service, it has a special security identifier in its token. The Sub-authority of the security identifier is 6, the basic format is s-1-5-6;

21st

Security_nt_non_unique, which indicates that the security identifier of the user or computer is not unique;

32

A security_builtin_domain_rid that represents the built-in security identifier. For example, the well-known security identifier for the built-in Administrators group is s-1-5-21-544;

80

Security_service_id_base_rid, which represents the security identifier of the service;

(5) A relative identifier used to represent a user or computer;

Relative identifiers for common domains:

Relative identifiers Description
500 Administrator
501 Guests
502 Service account for Key Distribution Center service
512 Domain Admins
513 Domain user
514 Domain Guest
515 Domain Computers
516 Domain Controller
544 Built-in Administrators
545
546
Built-in users
Built-in Guest

This article is from the "Step by Step" blog, so be sure to keep this source http://281816327.blog.51cto.com/907015/1409081

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.