Computer accounts, user accounts, groups, and other security-related objects are security principles. Security Identifiers (SIDs) uniquely identify security principles. Each time Windows and Active Directory create a security principle, they generate a SID for it. The Windows Local Security Authority (LSA) generates SIDs for local security principles and then stores them in the local security database.
An example of a SID is S-1-5-21-2857422465-1465058494-1690550294-500. A SID always begins with S-. The next number identifies the SID's version—in this case, version 1. The next number indicates the identifier authority and is usually 5, which is NT Authority. The string of numbers up to 500 is the domain identifier, and the rest of the SID is a relative identifier, which is the account or group. This is a very rough overview of the SID format, which is much more complex than this brief example characterizes. If you want to learn more about SIDs, see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_identifiers.asp.
No comments:
Post a Comment