link334
asked on
SID creation
In Windows, what constitutes a SID?
For clarity, I understand the OS creates a SID for a security principle-computer, user or group, And the SID created is a unique number. However, in my ignorance is this number unique to each item or rather unique to the type of item. (E.g. Computer (regardles of type = 100), user (regrdles of name = 200) and group: admin = 500, domain admin = 501, users = 101, Everyone = 201.
The reason I ask for further understanding is a SID unigue to resources and users like Social Security numbers are, no to users, group or computers will have the same SID?
Thanks!
For clarity, I understand the OS creates a SID for a security principle-computer, user or group, And the SID created is a unique number. However, in my ignorance is this number unique to each item or rather unique to the type of item. (E.g. Computer (regardles of type = 100), user (regrdles of name = 200) and group: admin = 500, domain admin = 501, users = 101, Everyone = 201.
The reason I ask for further understanding is a SID unigue to resources and users like Social Security numbers are, no to users, group or computers will have the same SID?
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tolomir,
Does the OS natively and automatically create a "unique" SID for the user or does one have to use the "Newsid" program to accomplish this?
Does the OS natively and automatically create a "unique" SID for the user or does one have to use the "Newsid" program to accomplish this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Maybe you could provide us with some more information, why you need this SID information, the clonig rollout was a wild guess from me, so not complete. oBdA is right with the details.
Tolomir
Tolomir
ASKER
Thank you each for your VALUABLE input.
This is self study for deeper understanding of how the SID is generated and its implications on the OS and resources. What extra you both have shown me is that it can potentially cause problems (duplication) that were unknown to me as well as utilities to correct/prevent this. After reading the LINKs provided, I did not realize the DC was responsible for the SID creatiun in a domain nor logic for each SID in that Domain.
You both are talented!
This is self study for deeper understanding of how the SID is generated and its implications on the OS and resources. What extra you both have shown me is that it can potentially cause problems (duplication) that were unknown to me as well as utilities to correct/prevent this. After reading the LINKs provided, I did not realize the DC was responsible for the SID creatiun in a domain nor logic for each SID in that Domain.
You both are talented!
That SID identifier is giving a lot of users a "severe" headache, they used windows encrypted filesystem (efs) on some files, deleted those accounts / reinstalled windows by chance and are then trying to regain access to those now finally sealed documents.
Even if you create an account with the same name after a reinstallation, the SID is different, so you got no chance to recovery those files.
Just check http://search.experts-exchange.com/search.jsp?query=EFS+recovery&searchType=all&Submit.x=0&Submit.y=0 as reference.
Tolomir
Even if you create an account with the same name after a reinstallation, the SID is different, so you got no chance to recovery those files.
Just check http://search.experts-exchange.com/search.jsp?query=EFS+recovery&searchType=all&Submit.x=0&Submit.y=0 as reference.
Tolomir
ASKER
Awesome stuff. thanks for the help and direction.
LP
LP
Well-known security identifiers in Windows operating systems
http://support.microsoft.com/?kbid=243330