SID stands for Security Identifier. For Windows 10, a security identifier is used to unique represent any security identity of the operating system, such as a user account, thread, process, group, computer account, etc. Any process or account, that contributes to the security aspect of the operating system is assigned a unique ID. This ID is called Security Identifier.
The security identifiers or SIDs are assigned by Windows Domain Controller. The SID is stored in a security database. Whenever a new account, a new group, a new process or a new security context is created, it is assigned an SID that very moment. The number is unique and cannot be used for any other entity. When a user logs in to the system, Windows 10 creates an access token for the user. The access token consists of a lot of information, such as, user rights, user SID, etc. The token provides security related context of the concerned entities. Domain specific SIDs are also there, whose function is to represent the security context of generic users and groups.
Security Identifier (SID) Architecture
Revision | This represents the version of the SID structure, that has been used in this particular SID. |
Identifier authority | Identifies the highest level of authority that can issue SIDs for a particular type of security principal. For example, the identifier authority value in the SID for the Everyone group is 1 (World Authority). The identifier authority value in the SID for a specific Windows Server account or group is 5 (NT Authority). |
Subauthorities | >Holds the most important information in a SID, which is contained in a series of one or more subauthority values. All values up to, but not including, the last value in the series collectively identify a domain in an enterprise. This part of the series is called the domain identifier. The last value in the series, which is called the relative identifier (RID), identifies a particular account or group relative to a domain. |
Steps To Find User Security Identifier (SID) On Windows 10
1. Using “WhoAmI” command on Command Prompt
Open Command Prompt, copy and paste whoami /user and hit Enter after that.
2. Using “wmic useraccount” command on Command Prompt (For Current User)
Open Command Prompt, copy and paste wmic useraccount where name=’%username%’ get domain,name,sid and hit Enter after that.
3. Using “wmic useraccount” command on Command Prompt (For All Users)
wmic useraccount get domain,name,sid
4. To Find User Name for SID using “wmic useraccount” command
Copy and paste the following command. Hit Enter after that.
wmic useraccount where sid='<sid>’ get domain,name
That’s all!