Appendix G: Well-Known SIDs

Previous page
Table of content
Next page

Full SID details are available online at http://www.support.microsoft.com/default.aspx?scid=kb;EN-US;Q243330.

SID

NAME

DESCRIPTION

S-1-0

Null Authority

An identifier authority.

S-1-0-0

Nobody

No security principal.

S-1-1

World Authority

An identifier authority.

S-1-1-0

Everyone

A group that includes all users, even anonymous users and guests. Membership is controlled by the operating system.

S-1-2

Local Authority

An identifier authority.

S-1-3

Creator Authority

An identifier authority.

S-1-3-0

Creator Owner

A placeholder in an inheritable access control entry (ACE). When the ACE is inherited, the system replaces this SID with the SID for the object's creator.

S-1-3-1

Creator Group

A placeholder in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the primary group of the object's creator. The primary group is used only by the POSIX subsystem.

S-1-3-2

Creator Owner Server

This SID is not used in Windows 2000.

S-1-3-3

Creator Group Server

This SID is not used in Windows 2000.

S-1-4

Non-unique Authority

An identifier authority.

S-1-5

NT Authority

An identifier authority.

S-1-5-1

Dialup

A group that includes all users who have logged on through a dial-up connection. Membership is controlled by the operating system.

S-1-5-2

Network

A group that includes all users that have logged on through a network connection. Membership is controlled by the operating system.

S-1-5-3

Batch

A group that includes all users that have logged on through a batch queue facility. Membership is controlled by the operating system.

S-1-5-4

Interactive

A group that includes all users that have logged on interactively. Membership is controlled by the operating system.

S-1-5-5-X-Y

Logon Session

A logon session. The X and Y values for these SIDs are different for each session.

S-1-5-6

Service

A group that includes all security principals that have logged on as a service. Membership is controlled by the operating system.

S-1-5-7

Anonymous

A group that includes all users that have logged on anonymously. Membership is controlled by the operating system.

S-1-5-8

Proxy

This SID is not used in Windows 2000.

S-1-5-9

Enterprise Controllers

A group that includes all domain controllers in a forest that uses an Active Directory service. Membership is controlled by the operating system.

S-1-5-10

Principal Self

A placeholder in an inheritable ACE on an account object or group object in Active Directory. When the ACE is inherited, the system replaces this SID with the SID for the security principal who holds the account.

S-1-5-11

Authenticated Users

A group that includes all users whose identities were authenticated when they logged on. Membership is controlled by the operating system.

S-1-5-12

Restricted Code

This SID is reserved for future use.

S-1-5-13

Terminal Server Users

A group that includes all users that have logged on to a Terminal Services server. Membership is controlled by the operating system.

S-1-5-18

Local System

A service account that is used by the operating system.

S-1-5-19

NT Authority

Local service.

S-1-5-20

NT

Authority Network service.

S-1-5-domain-500

Administrator

A user account for the system administrator. domain-By default, it is the only user account given 500 full control over the system.

S-1-5-domain-501

Guest

A user account for people who do not have domainindividual accounts. This user account does 501 not require a password. By default, the Guest account is disabled.

S-1-5-domain-502

KRBTGT

A service account that is used by the Key domain-Distribution Center (KDC) service.

S-1-5-domain-512

Domain Admins

A global group whose members are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers.

S-1-5-domain-513

Domain Users

A global group that, by default, includes all user accounts in a domain. When you create a user account in a domain, it is added to this group by default.

S-1-5-domain-514

Domain Guests

A global group that, by default, has only one member, the domain's built-in Guestaccount.

S-1-5-domain-515

Domain Computers

A global group that includes all clients and servers that have joined the domain.

S-1-5-domain-516

Domain Controllers

A global group that includes all domain controllers in the domain. New domain controllers are added to this group by default.

S-1-5-domain-517

Cert Publishers

A global group that includes all computers that are running an enterprise certification authority. Cert Publishers are authorized to publish certificates for User objects in Active Directory.

S-1-5-root domain-518

Schema Admins

A universal group in a native-mode domain; a global group in a mixed-mode domain. The group is authorized to make schema changes in Active Directory.

S-1-5-root domain-519

Enterprise Admins

A universal group in a native-mode domain; a global group in a mixed-mode domain. The group is authorized to make forest-wide changes in Active Directory, such as adding child domains.

S-1-5-domain-520

Group Policy Creator Owners

A global group that is authorized to create new Group Policy objects in Active Directory. By default, the only member of the group is Administrator.

S-1-5-domain-533

RAS and IAS Servers

A domain local group. By default, this group has no members. Servers in this group have Read Account Restrictions and Read Logon Information access to User objects in the Active Directory domain local group.

S-1-5-32-544

Administrators

A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Administrators'group is added to the Administrators group.

S-1-5-32-545

Users

A built-in group. After the initial installation of the operating system, the only member is the Authenticated Users group. When a computer joins a domain, the Domain Users group is added to the Users group on the computer.

S-1-5-32-546

Guests

A built-in group. By default, the only member is the Guest account. The Guests group allows occasional or one-time users to log on with limited privileges to a computer's built-in Guest account.

S-1-5-32-547

Power Users

A built-in group. By default, the group has no members. Power users can create local users and groups; modify and delete accounts that they have created; and remove users from the Power Users, Users, and Guests groups.

S-1-5-32-548

Account Operators

A built-in group that exists only on domain controllers. By default, the group has no members.

S-1-5-32-549

Server Operators

A built-in group that exists only on domain controllers. By default, the group has no members.

S-1-5-32-550

Print Operators

A built-in group that exists only on domain controllers. By default, the only member is the Domain Users group. Print Operators can manage printers and document queues.

S-1-5-32-551

Backup Operators

A built-in group. By default, the group has no members. Backup Operators can back up and restore all files on a computer, regardless of the permissions that protect those files.

S-1-5-32-552

Replicators

A built-in group that is used by the File Replication service on domain controllers. By default, the group has no members. Do not add users to this group.

S-1-5-32-554

BUILTIN\Pre-Windows 2000 Compatible Access

An alias added by Windows 2000. A backward compatibility group which allows read access on all users and groups in the domain.

S-1-5-32-555

BUILTIN\Remote Desktop Users

An alias. Members in this group are granted the right to logon remotely.

S-1-5-32-556

BUILTIN\Network Configuration Operators

An alias. Members in this group can have some administrative privileges to manage configuration of networking features.

S-1-5-32-557

BUILTIN\Incoming Forest Trust Builders

An alias. Members of this group can create incoming, one-way trusts to this forest.

S-1-5-32-557

BUILTIN\Incoming Forest Trust Builders

An alias. Members of this group can create incoming, one-way trusts to this forest.

S-1-5-32-558

BUILTIN\Performance Monitor Users

An alias. Members of this group have remote access to monitor this computer.

S-1-5-32-559

BUILTIN\Performance Log Users

An alias. Members of this group have remote access to schedule logging of performance counters on this computer.

S-1-5-32-560

BUILTIN\Windows Authorization Access Group

An alias. Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects.

S-1-5-32-561

BUILTIN\Terminal Server License Servers

An alias. A group for Terminal Server License Servers.


Previous page
Table of content
Next page
Windows Forensics. The Field Guide for Corporate Computer Investigations
Windows Forensics: The Field Guide for Corporate Computer Investigations
ISBN: 0470038624
EAN: 2147483647
Year: 2006
Pages: 71
Authors: Chad Steel
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
High-Speed Signal Propagation[c] Advanced Black Magic
The CISSP and CAP Prep Guide: Platinum Edition
Postfix: The Definitive Guide
Information Dashboard Design: The Effective Visual Communication of Data
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy