by Barry Dysert
(last updated September 18, 2017)
Every user account on your system has a Windows SID (Security Identifier) automatically assigned to it. SIDs are used for all entities used within the computer system, i.e., a SID is assigned to the machine, domain accounts, users, and security groups. The human-readable names that correspond to SIDs are there to make things easier when it comes to system administration. For example, you can change a user's name, but the SID doesn't change. Therefore you don't have to worry about going through the various access control lists to update them for the new name, as the underlying SID hasn't changed.
SIDs are numeric values of varying lengths. They consist of a structure revision number, an identifier authority value, and a variable number of subauthority values. The subauthority values provide the means whereby Windows can create unique SIDs based on a common base SID.
There is a nice free tool from Sysinternals called PsGetSid, which can be obtained from this site:
When you run PsGetSid with no parameters you'll get the SID of the current computer:
C:\>PsGetSid PsGetSid v1.44 - Translates SIDs to names and vice versa Copyright (C) 1999-2008 Mark Russinovich Sysinternals - www.sysinternals.com SID for \\DYSERT-PC: S-1-5-21-205299875-3125232665-432278398
From the number displayed you can determine the various parts of the SID; they are separated by dashes. In this case, the SID begins with "S-1-5", which indicates the structure revision number (1) and the identifier authority value (5). The remaining numbers—again, each separated by dashes—are the subauthority values.
Windows ships with some built-in accounts, so these have SIDs already assigned to them before a user account is ever added. Among the built-in accounts are those for Administrator and Guest. Running PsGetSid against each of these reveals the following assignments:
C:\>PsGetSid Administrator PsGetSid v1.44 - Translates SIDs to names and vice versa Copyright (C) 1999-2008 Mark Russinovich Sysinternals - www.sysinternals.com SID for Dysert-PC\Administrator: S-1-5-21-205299875-3125232665-432278398-500 C:\>PsGetSid Guest PsGetSid v1.44 - Translates SIDs to names and vice versa Copyright (C) 1999-2008 Mark Russinovich Sysinternals - www.sysinternals.com SID for Dysert-PC\Guest: S-1-5-21-205299875-3125232665-432278398-501
As you can see, Windows appended a number to each of the account's SIDs (500 and 501) to ensure their uniqueness. These unique suffixes are called Relative Identifiers (RIDs). As new accounts are added, the RIDs start at 1000 and are incremented as needed. So running PsGetSid on the "Dysert" account yields this:
C:\>PsGetSid Dysert PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich Sysinternals - www.sysinternals.com SID for Dysert-PC\Dysert: S-1-5-21-205299875-3125232665-432278398-1000
To verify that this SID is associated with my logon, I can use another Sysinternals tool called LogonSession, available here:
Here is the output produced by the tool:
C:\LogonSessions Logonsesions v1.21 Copyright (C) 2004-2010 Bryce Cogswell and Mark Russinovich Sysinternals - wwww.sysinternals.com  Logon session 00000000:00468835: User name: Dysert-PC\Dysert Auth package: NTLM Logon type: Interactive Session: 1 Sid: S-1-5-21-205299875-3125232665-432278398-1000 Logon time: 4/11/2014 3:20:29 AM Logon server: DYSERT-PC DNS Domain: UPN:
SIDs are also assigned to groups. The SID assigned to the Administrators group can be obtained in this manner:
C:\>PsGetSid \Administrators PsGetSid v1.44 - Translates SIDs to names and vice versa Copyright (C) 1999-2008 Mark Russinovich Sysinternals - www.sysinternals.com SID for \Administrators: S-1-5-32-544
If, for some reason, you don't want to use the PsGetSid tool, you can still get SID information from the built-in utility, wmic. From the command line, type "wmic useraccount get name,sid" (without the quotes). The following output will appear:
C:\wmic useraccount get name,sid Name SID Administrator S-1-5-21-205299875-3125232665-432278398-500 ASPNET S-1-5-21-205299875-3125232665-432278398-1003 Dysert S-1-5-21-205299875-3125232665-432278398-1000 Guest S-1-5-21-205299875-3125232665-432278398-501 SQLDebugger S-1-5-21-205299875-3125232665-432278398-1007
This tip (13106) applies to Windows 7, 8, and 10.
In Windows 10, you can choose to login using your local account or by using your Microsoft credentials. How to switch ...Discover More
Action Center provides you with a quick overview of security and maintenance issues and allows you to drill down to the ...Discover More
Windows has many malware-prevention features. One of these is Data Execution Prevention. This tip provides an explanation ...Discover More