What is Security Identifier (SID) and How to setup Array AAA to work with SID?

In the context of the Microsoft Windows NT line of operating systems, a Security Identifier (commonly abbreviated SID) is a unique name (an alphanumeric character string) which is assigned by a Windows Domain controller during the log on process that is used to identify a subject, such as a user or a group of users in a network of NT/2000 systems.

Windows grants or denies access and privileges to resources based on access control lists (ACLs), which use SIDs to uniquely identify users and their group memberships. When a user logs into a computer, an access token is generated that contains user and group SIDs and user privilege level. When a user requests access to a resource, the access token is checked against the ACL to permit or deny particular action on a particular object.

SIDs are useful for troubleshooting issues with security audits, Windows server and domain migrations.

SID has format as follows: S-1-5-21-7623811015-3361044348-030300820-1013

S - The string is a SID.

1 - The revision level (the version of the SID specification).

5 - The identifier authority value.

21-7623811015-3361044348-030300820 - domain or local computer identifier

1013 – a Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater.

Possible identifier authority values are:

0 - Null Authority
1 - World Authority
2 - Local Authority
3 - Creator Authority
4 - Non-unique Authority
5 - NT Authority
9 - Resource Manager Authority

Setup Instruction:

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/User_SID_Based_Login.ppt

Understanding SID:

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/Security_Identifier.doc

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/Why_Understanding_SIDs_is_Important.doc

Tools:

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/Install-winMd5Sum.exe

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/getsid.exe