Overview
Windows grants or denies access and privileges to resources based on access control lists (ACLs), which use SIDs to uniquely identify users and their group memberships. When a user logs into a computer, an access token is generated that contains user and group SIDs and user privilege level. When a user requests access to a resource, the access token is checked against the ACL to permit or deny particular action on a particular object.
SIDs are useful for troubleshooting issues with security audits, Windows server and domain migrations.
The format of an SID can be illustrated using the following example: "S-1-5-21-3623811015-3361044348-30300820-1013";
| S | 1 | 5 | 21-3623811015-3361044348-30300820 | 1013 |
|---|---|---|---|---|
| The string is a SID. | The revision level (the version of the SID specification). | The identifier authority value. | Domain or local computer identifier | A Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1,000 or greater. |
Possible identifier authority values are:
- 0 - Null Authority
- 1 - World Authority
- 2 - Local Authority
- 3 - Creator Authority
- 4 - Non-unique Authority
- 5 - NT Authority
- 9 - Resource Manager Authority
Read more about this topic: Security Identifier