Security Identifier

Security Identifier

In the context of the Microsoft Windows NT line of operating systems, a Security Identifier (commonly abbreviated SID) is a unique name (an alphanumeric character string) which is assigned by a Windows Domain controller during the log on process that is used to identify an object, such as a user or a group of users in a network of NT/2000 systems.

Overview

Windows grants or denies access and privileges to resources based on access control lists (ACLs), which use SIDs to uniquely identify users and their group memberships. When a user logs into a computer, an access token is generated that contains user and group SIDs and user privilege level. When a user requests access to a resource, the access token is checked by the ACL to permit or deny particular action on a particular object.

SIDs are useful for troubleshooting issues with security audits, Windows server and domain migrations.

SID has format as follows:S-1-5-12-7623811015-3361044348-030300820-1013:S - The string is a SID.:1 - The revision level.:5 - The identifier authority value.:12-7623811015-3361044348-030300820 - domain or local computer identifier:1013 – a Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater.

Possible identifier authority values are:
*0 - Null Authority
*1 - World Authority
*2 - Local Authority
*3 - Creator Authority
*4 - Non-unique Authority
*5 - NT Authority

Well-known security identifiers

A number of "well-known" security identifiers are defined by the operating system so as to ensure that specific system accounts can always be found. Microsoft maintains a complete list of these identifiers in a knowledge base article. [

See also

* Access control
* Access Control Matrix
* Discretionary Access Control (DAC)
* Globally Unique Identifier (GUID)
* Mandatory Access Control (MAC)
* Role-Based Access Control (RBAC)
* Capability-based security
* Post-cloning operations

References

External links

* [http://support.microsoft.com/kb/154599 How to Associate a Username with a Security Identifier]
* [http://www.microsoft.com/technet/sysinternals/utilities/newsid.mspx NewSID - How to change SID on cloned system]
* [http://servermigrator.blogspot.com/2006/02/why-understanding-sids-is-important.html Why Understanding SIDs is Important]
* [http://www.microsoft.com/downloads/details.aspx?familyid=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en Support tools for Windows Server 2003 and Windows XP]
* [http://www.serveractual.com/?p=46 How to check SID in windows 2003 the easy way]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Security IDentifier — Au lieu d’utiliser des noms (non unique), Windows utilise des SID pour identifier les entités effectuant des actions. Ce sont des identifiants uniques de sécurité alphanumériques assigné par un contrôleur de domaine qui identifient chaque système …   Wikipédia en Français

  • Security Identifier — Au lieu d’utiliser des noms (non unique), le système d’exploitation Windows utilise des SID (Security Identifiers) pour identifier les entités effectuant des actions. Ce sont des identifiants uniques de sécurité alphanumériques assignés par un… …   Wikipédia en Français

  • Security Identifier — Ein Security Identifier, kurz SID, ist ein Sicherheits Identifikator, den Microsoft Windows NT automatisch vergibt, um jedes System, jeden Benutzer und jede Gruppe dauerhaft zu identifizieren. Inhaltsverzeichnis 1 Zweck 2 Vergabe 3 Aufbau 4 …   Deutsch Wikipedia

  • security identifier —    Abbreviated security ID or SID. In Microsoft Windows NT, a unique name that identifies a logged on user to the internal security system.    A SID contains a complete set of permissions and can apply to a single user or to a group.    See also… …   Dictionary of networking

  • Security and safety features new to Windows Vista — There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.Beginning in early 2002 with Microsoft s announcement of their Trustworthy Computing… …   Wikipedia

  • security balance — It is the level at which positioning will occur. In other words, the security balance records several attributes ( i.e. security identifier, balance type, registration forms and sub balance pool identifier) in order to identify the assets held.… …   Financial and business terms

  • security balance — It is the level at which positioning will occur. In other words, the security balance records several attributes (i.e. security identifier, balance type, registration forms and sub balance pool identifier) in order to identify the assets held …   Euroclear glossary

  • Security Accounts Manager —    Abbreviated SAM. In Microsoft Windows NT, the security system that manages and provides access to the account or SAM database. SAM authenticates a user name and password against information contained in the database and creates an access token …   Dictionary of networking

  • security ID —    See security identifier …   Dictionary of networking

  • Security Assertion Markup Language — (SAML) is an XML based standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML is a product… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”