| Security Identifier |
Article Index for Security |
Website Links For Security |
Information AboutSecurity Identifier |
| CATEGORIES ABOUT SECURITY IDENTIFIER | |
| operating system security | |
| windows nt | |
|
Windows grants or denies access and privileges to resources based on Access Control List s (ACLs), which use SIDs to uniquely identify users and their group memberships. When a user logs into a computer, an Access Token is generated that contains user and group SIDs and user privilege level. When a user requests access to a resource, the Access Token is checked by the ACL to permit or deny particular action on a particular object. SIDs are useful for troubleshooting issues with security audits, Windows server and domain migrations. SID has format as follows: S-1-5-12-7623811015-3361044348-030300820-1013 :S - The string is a SID. :1 - The revision level. :5 - The identifier authority value. :12-7623811015-3361044348-030300820 - domain or local computer identifier :1013 – a Relative ID (RID) Any group or user that is not created by default will have a Relative ID of 1000 or greater. WELL KNOWN SIDS
Local System. A service account that is used by the operating system.
NT Authority. Local Service.
NT Authority. Network Service.
A user account for the system administrator. By default, it is the only user account that is given full control over the system.
Guest user account for people who do not have individual accounts. This user account does not require a password. By default, the Guest account is disabled.
Domain Admins - a global group whose members are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. Domain Admins is the default owner of any object that is created by any member of the group.
Domain Guests - A global group that, by default, has only one member, the domain's built-in Guest account. SEE ALSO
EXTERNAL LINKS
|
|
|