Understanding Windows SIDs

Written by Barry Dysert (last updated September 18, 2017)

Every user account on your system has a Windows SID (Security Identifier) automatically assigned to it. SIDs are used for all entities used within the computer system, i.e., a SID is assigned to the machine, domain accounts, users, and security groups. The human-readable names that correspond to SIDs are there to make things easier when it comes to system administration. For example, you can change a user's name, but the SID doesn't change. Therefore you don't have to worry about going through the various access control lists to update them for the new name, as the underlying SID hasn't changed.

SIDs are numeric values of varying lengths. They consist of a structure revision number, an identifier authority value, and a variable number of subauthority values. The subauthority values provide the means whereby Windows can create unique SIDs based on a common base SID.

There is a nice free tool from Sysinternals called PsGetSid, which can be obtained from this site:

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

When you run PsGetSid with no parameters you'll get the SID of the current computer:

C:\>PsGetSid

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for \\DYSERT-PC:
S-1-5-21-205299875-3125232665-432278398

From the number displayed you can determine the various parts of the SID; they are separated by dashes. In this case, the SID begins with "S-1-5", which indicates the structure revision number (1) and the identifier authority value (5). The remaining numbers—again, each separated by dashes—are the subauthority values.

Windows ships with some built-in accounts, so these have SIDs already assigned to them before a user account is ever added. Among the built-in accounts are those for Administrator and Guest. Running PsGetSid against each of these reveals the following assignments:

C:\>PsGetSid Administrator

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for Dysert-PC\Administrator:
S-1-5-21-205299875-3125232665-432278398-500

C:\>PsGetSid Guest

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for Dysert-PC\Guest:
S-1-5-21-205299875-3125232665-432278398-501

As you can see, Windows appended a number to each of the account's SIDs (500 and 501) to ensure their uniqueness. These unique suffixes are called Relative Identifiers (RIDs). As new accounts are added, the RIDs start at 1000 and are incremented as needed. So running PsGetSid on the "Dysert" account yields this:

C:\>PsGetSid Dysert

PsGetSid v1.44 - Translates SIDs to names and vice versa

Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for Dysert-PC\Dysert:
S-1-5-21-205299875-3125232665-432278398-1000

To verify that this SID is associated with my logon, I can use another Sysinternals tool called LogonSession, available here:

http://technet.microsoft.com/en-us/sysinternals/bb896769.aspx

Here is the output produced by the tool:

C:\LogonSessions

Logonsesions v1.21
Copyright (C) 2004-2010 Bryce Cogswell and Mark Russinovich
Sysinternals - wwww.sysinternals.com

[6] Logon session 00000000:00468835:
    User name:    Dysert-PC\Dysert
    Auth package: NTLM
    Logon type:   Interactive
    Session:      1
    Sid:          S-1-5-21-205299875-3125232665-432278398-1000
    Logon time:   4/11/2014 3:20:29 AM
    Logon server: DYSERT-PC
    DNS Domain:
    UPN:

SIDs are also assigned to groups. The SID assigned to the Administrators group can be obtained in this manner:

C:\>PsGetSid \Administrators

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

SID for \Administrators:
S-1-5-32-544

If, for some reason, you don't want to use the PsGetSid tool, you can still get SID information from the built-in utility, wmic. From the command line, type "wmic useraccount get name,sid" (without the quotes). The following output will appear:

C:\wmic useraccount get name,sid
Name           SID
Administrator  S-1-5-21-205299875-3125232665-432278398-500
ASPNET         S-1-5-21-205299875-3125232665-432278398-1003
Dysert         S-1-5-21-205299875-3125232665-432278398-1000
Guest          S-1-5-21-205299875-3125232665-432278398-501
SQLDebugger    S-1-5-21-205299875-3125232665-432278398-1007

This tip (13106) applies to Windows 7, 8, and 10.

Author Bio

Barry Dysert

Barry has been a computer professional for over 35 years, working in different positions such as technical team leader, project manager, and software developer. He is currently a software engineer with an emphasis on developing custom applications under Microsoft Windows. When not working with Windows or writing Tips, Barry is an amateur writer. His first non-fiction book is titled "A Chronological Commentary of Revelation." Learn more about Barry...

MORE FROM BARRY

Logging In with Local vs. Microsoft Credentials

In Windows 10, you can choose to login using your local account or by using your Microsoft credentials. How to switch ...

Discover More

Differences between Hibernate and Sleep

If you want to conserve energy or preserve your laptop's battery life, you should know about hibernate and sleep. There ...

Discover More

Specifying a Copy Schedule in Robocopy

There are a few ways to set up a copy schedule in Robocopy by using its options. This tip explains how.

Discover More

More WindowsTips

Logging In with Local vs. Microsoft Credentials

In Windows 10, you can choose to login using your local account or by using your Microsoft credentials. How to switch ...

Discover More

Modifying How Windows Notifies You of Impending Changes

Part of the security system built into Windows involves notifying you when changes are about to occur to your system. ...

Discover More

Camera Privacy Settings

Using a web camera with your computer opens all sorts of opportunities. Set your computer's Camera Privacy Settings to ...

Discover More

Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] (all 7 characters, in the sequence shown) in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

Notify me about new comments ONLY FOR THIS TIP

Notify me about new comments ANYWHERE ON THIS SITE

Hide my email address

What is two more than 7?

There are currently no comments for this tip. (Be the first to leave your comment—just use the simple form above!)

Understanding Windows SIDs

Author Bio

MORE FROM BARRY

More WindowsTips

Comments

Newest Tips

Links and Sharing

OUR COMPANY

OUR PRODUCTS

OUR SITES