Security Identifiers

Thus far we have been skirting the issue of identifiers. I mentioned earlier that a security principal is an entity that can have a security identifier (SID), but I never defined security identifier. Simply put, a SID is a (mostly) numeric representation of a security principal. The SID is actually what is used internally by the operating system. When you grant a user, a group, a service, or some other security principal permissions to an object, the operating system writes the SID and the permissions to the object's Access Control List (ACL).

SID Components

A SID is composed of several required elements. Figure 1-8 shows the different components of a SID.

Figure 1-8. A SID has a defined structure with several required elements. ...

Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Server® 2008 Security Resource Kit by

Security Identifiers

SID Components

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly