Security Identifier
A security identifier, SID short, is a unique security identifier that the Microsoft Windows NT automatically assigns to identify each system, each user and group permanently.
Purpose
At the SID specified in the Access Control Lists Access rights are attached. If the names of systems, users or groups to be changed, the SID will remain unchanged. Therefore, retained them all access rights. SID thus allowing to change the naming problems.
Award
During the installation of the operating system, the system itself gets its SID by a random number generator. This is required so that a unique identifier is guaranteed on the network. Then so-called well-known SID will be awarded, which are the same on every system. For example, for the Administrators group.
The SID of a user is created automatically when it is created. The SID of a locally defined user based on the SID of the system. The SID of an applied in a domain user changes when it is moved from one domain to another, as in the SID and the domain of the user is stored.
Construction
Example:
Explanation:
Allowed values of 'Identifier Authority ':
Problems
If you create a system fully installed a memory image of the hard disk, the SID will it be saved. If you loaded other computers with this image, several systems have identical SID. Of this was strongly discouraged in the past, otherwise you might encounter problems. Microsoft warns in particular against that otherwise may be able to access to removable media, which should be explicitly denied. Meanwhile, this view was, however, offset by a Microsoft employee.
Microsoft supports such uses memory dumps only if the Sysprep tool is applied. It causes the next boot the setup without re- installation is run through again and, inter alia, new SID will be awarded.
Developed by Winternals PsGetSid program allows to read the SID locally or over the network. By November 2009, was offered with NewSID a program with which the SID of a system to a random SID could be changed. The retreat of the program was based on the double assignment of SIDs for different computers are not as problematic as anticipated and a program like NewSID unnecessary.
By deleting users or uninstalling systems lost SID can only be restored with high administrative costs because you can create a new object with the same name leads to another SID. However, changing a SID is possible via ADSIEdit. Also support domain controllers running Windows 2008 Restore AD objects from a Shadow Copy.