All About Security Identifier | Full & Detailed Guide

What Is Security Identifier

A security identifier, also known as a security ID or SID, is a unique value that identifies users, groups, and computer accounts. Each initially created account or group receives a unique SID issued by an issuing authority, such as a Windows domain controller. A SID is a special string of characters that is normally stored in the security database and is not accessible to users.

While users create a new account or group, the system also generates a new SID. If a SID has been used as a unique identifier for that account, that SID can never be used again to identify other users or groups. In other words, when a user deletes an account or group and then creates a new user with the same username, the new account is completely not the same as the old account, the difference being that the system associates separate security identifiers to them.

The Role of Security Identifier

After the user passes authentication, the login process gives the user an access token, which is equivalent to a ticket for accessing system resources. The access token contains the user and groups' SID, and the user's privileges. When a user attempts to access a system resource, the access token is provided to Windows, which then checks the access control list on the object the user tries to access. Once a user is permitted to access the target, Windows will assign the user the appropriate access privileges.

The security identifier is one of the basic building blocks of the Windows security model and needs to work with specific components of the security infrastructure of the Windows Server operating system. With the help of SIDs, the system can protect access to network resources and secure the system environment.

Where Is Security Identifier

The SID is stored in the Windows registry, and you can find the user's SID by opening a command prompt and entering the correct command exactly as instructed below.

If you only want to get the SID of a specific user, enter this command:

How Does SID Work

SID maintains the security of Windows, and it helps the system authenticate. Since each SID marks a unique account or group, Windows can easily identify every account. Even if the account name of that user changes, the SID never changes.

The domain controller also gives the computer a SID when it enters the domain, which is also used for authentication. This also means that SIDs generated in one domain will never match those generated in others.

The Structure of Security Identifier

The security identifier is structured as data in binary format and in a string format for easy reading, which contains a variable number of values. The logical structure of the SID composition is shown in the following figure:

• Revision is the version of the structure used by the particular SID and needs to be initialized to 0x01.
• IdentifierAuthority is the highest authority level given to the SID by a specific subject.
• SubAuthority is a component of the SID domain that holds the most important information. Subauthorities of the SID are identified by a 32-bit subauthority value, but each SID can contain up to 15 subauthorities.
• SubAuthorityCount is the number of sub-authorities in the SID.

And the basic syntax rules for SIDs are as follows:

• SID is a string consisting of a number and a hyphen
• All SID strings start with the letter S
• SID consists of four parts: revision level, identifier authority, domain identifier, relative identifier
• Each part of the SID is separated by a hyphen

Conclusion

Although a security identifier is just a string starting with the letter S, it is an integral part of securing your Windows system environment. After reading this post, you can have your own understanding of what a security identifier is. 

To learn more about the computer system, you can read the following posts: