Security identifier (SID) definition
SID, or security identifier, is a long string of numbers in the form of “S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxx,” assigned to user accounts, groups, and computer objects on Windows networks. The first part demonstrates that it is a security identifier. The second part identifies the revision level of the SID format. The three final parts identify the security authority, the domain or local computer, and the object’s relative identifier (RID). Operating systems also use SIDs to access folders, printers, and files and control system privileges and permissions. The token provides security for any action the user performs on the device.
Types of security identifiers
- Well-known SIDs. Windows predefines these SIDs with specific meanings. For example, the “Administrators” SID represents users with administrative privileges, while the “Everyone“ SID refers to all users and groups.
- Relative identifier (RID) SIDs. These SIDs form the unique identifier when appended to the domain or computer SID.
- Security Account Manager (SAM) SIDs. These SIDs have the SAM SID as the root SID of the domain and use it as a base for generating the unique identifier.
- Active Directory (AD) SIDs. These SIDs are based on the domain SID and a unique identifier for the object.
- Virtual account SIDs. Windows uses these SIDs to create virtual accounts for services, running a service in a security context that differs from the computer's default security context.