Email to friend
Your name: *
Your email: *
Friend's email: *
Comment:


What is Security Identifier (SID) and How to setup Array AAA to work with SID?

In the context of the Microsoft Windows NT line of operating systems, a Security Identifier (commonly abbreviated SID) is a unique name (an alphanumeric character string) which is assigned by a Windows Domain controller during the log on process that is used to identify a subject, such as a user or a group of users in a network of NT/2000 systems.

Windows grants or denies access and privileges to resources based on access control lists (ACLs), which use SIDs to uniquely identify users and their group memberships. When a user logs into a computer, an access token is generated that contains user and group SIDs and user privilege level. When a user requests access to a resource, the access token is checked against the ACL to permit or deny particular action on a particular object.

SIDs are useful for troubleshooting issues with security audits, Windows server and domain migrations.
SID has format as follows: S-1-5-21-7623811015-3361044348-030300820-1013
S - The string is a SID.
1 - The revision level (the version of the SID specification).
5 - The identifier authority value.
21-7623811015-3361044348-030300820 - domain or local computer identifier
1013 – a Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater.
Possible identifier authority values are:
  • 0 - Null Authority
  • 1 - World Authority
  • 2 - Local Authority
  • 3 - Creator Authority
  • 4 - Non-unique Authority
  • 5 - NT Authority
  • 9 - Resource Manager Authority

Setup Instruction:

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/User_SID_Based_Login.ppt

Understanding SID:

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/Security_Identifier.doc

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/Why_Understanding_SIDs_is_Important.doc

Tools:

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/Install-winMd5Sum.exe

http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/getsid.exe