Understanding Windows SIDs

Written by Barry Dysert (last updated September 18, 2017)

Every user account on your system has a Windows SID (Security Identifier) automatically assigned to it. SIDs are used for all entities used within the computer system, i.e., a SID is assigned to the machine, domain accounts, users, and security groups. The human-readable names that correspond to SIDs are there to make things easier when it comes to system administration. For example, you can change a user's name, but the SID doesn't change. Therefore you don't have to worry about going through the various access control lists to update them for the new name, as the underlying SID hasn't changed.

SIDs are numeric values of varying lengths. They consist of a structure revision number, an identifier authority value, and a variable number of subauthority values. The subauthority values provide the means whereby Windows can create unique SIDs based on a common base SID.

There is a nice free tool from Sysinternals called PsGetSid, which can be obtained from this site:

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

When you run PsGetSid with no parameters you'll get the SID of the current computer:

C:\>PsGetSid

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for \\DYSERT-PC:
S-1-5-21-205299875-3125232665-432278398

From the number displayed you can determine the various parts of the SID; they are separated by dashes. In this case, the SID begins with "S-1-5", which indicates the structure revision number (1) and the identifier authority value (5). The remaining numbers—again, each separated by dashes—are the subauthority values.

Windows ships with some built-in accounts, so these have SIDs already assigned to them before a user account is ever added. Among the built-in accounts are those for Administrator and Guest. Running PsGetSid against each of these reveals the following assignments:

C:\>PsGetSid Administrator

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for Dysert-PC\Administrator:
S-1-5-21-205299875-3125232665-432278398-500

C:\>PsGetSid Guest

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for Dysert-PC\Guest:
S-1-5-21-205299875-3125232665-432278398-501

As you can see, Windows appended a number to each of the account's SIDs (500 and 501) to ensure their uniqueness. These unique suffixes are called Relative Identifiers (RIDs). As new accounts are added, the RIDs start at 1000 and are incremented as needed. So running PsGetSid on the "Dysert" account yields this:

C:\>PsGetSid Dysert

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for Dysert-PC\Dysert:
S-1-5-21-205299875-3125232665-432278398-1000

To verify that this SID is associated with my logon, I can use another Sysinternals tool called LogonSession, available here:

http://technet.microsoft.com/en-us/sysinternals/bb896769.aspx

Here is the output produced by the tool:

C:\LogonSessions

Logonsesions v1.21
Copyright (C) 2004-2010 Bryce Cogswell and Mark Russinovich
Sysinternals - wwww.sysinternals.com

[6] Logon session 00000000:00468835:
    User name:    Dysert-PC\Dysert
    Auth package: NTLM
    Logon type:   Interactive
    Session:      1
    Sid:          S-1-5-21-205299875-3125232665-432278398-1000
    Logon time:   4/11/2014 3:20:29 AM
    Logon server: DYSERT-PC
    DNS Domain:
    UPN:

SIDs are also assigned to groups. The SID assigned to the Administrators group can be obtained in this manner:

C:\>PsGetSid \Administrators

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for \Administrators:
S-1-5-32-544

If, for some reason, you don't want to use the PsGetSid tool, you can still get SID information from the built-in utility, wmic. From the command line, type "wmic useraccount get name,sid" (without the quotes). The following output will appear:

C:\wmic useraccount get name,sid
Name           SID
Administrator  S-1-5-21-205299875-3125232665-432278398-500
ASPNET         S-1-5-21-205299875-3125232665-432278398-1003
Dysert         S-1-5-21-205299875-3125232665-432278398-1000
Guest          S-1-5-21-205299875-3125232665-432278398-501
SQLDebugger    S-1-5-21-205299875-3125232665-432278398-1007

 This tip (13106) applies to Windows 7, 8, and 10.

Author Bio

Barry Dysert

Barry has been a computer professional for over 35 years, working in different positions such as technical team leader, project manager, and software developer. He is currently a software engineer with an emphasis on developing custom applications under Microsoft Windows. When not working with Windows or writing Tips, Barry is an amateur writer. His first non-fiction book is titled "A Chronological Commentary of Revelation." ...

MORE FROM BARRY

How to Encrypt a File or Folder via NTFS

Windows 10 provides two ways to password protect files and folders. One way is to use the Zip utility, as discussed in a ...

Discover More

Creating a Desktop Shortcut for a Favorite Web Page

If you visit a certain Web page frequently, you may wish to create a desktop shortcut to take you there. This tip tells ...

Discover More

Launchy

Launchy is a small utility that packs a powerful punch. It allows you to instantly find files and launch them without ...

Discover More
More WindowsTips

Changing User Permissions for an Entire Drive

All objects on your computer (e.g., disk drives) have permissions that allow or deny various types of access. This tip ...

Discover More

Limiting the Number of Login Attempts

You probably don't want to allow someone to continually attempt to login to your system until they finally guess your ...

Discover More

Camera Privacy Settings

Using a web camera with your computer opens all sorts of opportunities. Set your computer's Camera Privacy Settings to ...

Discover More
Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] (all 7 characters, in the sequence shown) in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is 2 + 2?

There are currently no comments for this tip. (Be the first to leave your comment—just use the simple form above!)


Newest Tips