How To Find a User's Security Identifier (SID) in Windows

How To Find a User's Security Identifier (SID) in Windows

7:44:00 PM
Description:-
SID stands for Security Identifier and is used within NT/2000 as a value to uniquely identify an object such as a user or a group. The SID assigned to a user becomes part of the access token, which is then attached to any action attempted or process executed by that user or group.

In Windows environment, each user is assigned a unique identifier called Security ID or SID, which is used to control access to various resources like Files, Registry keys, network shares etc. We can obtain SID of a user through WMIC USERACCOUNT command.

It is possible for cloned machines to have the same SID, which would be seen by the authentication mechanism as the same machine. The SID under normal operation will be unique and will identify an individual object such as a user, group or a machine.

A SID contains:

User and group security descriptors
48-bit ID authority
Revision level
Variable sub-authority values

For example: S-1-5-21-917267712-1342860078-1792151419-500

Open Command Prompt.
Once Command Prompt is open, type the following command exactly as shown here, including spaces or lack thereof:

wmic useraccount get name,sid and then press Enter.

You should see a table, similar to the following, displayed in the Command Prompt window:
   
Name                SID
Administrator   S-1-5-21-1180699209-877415012-3182924384-581
Guest                S-1-5-21-1180699209-877415012-3182924384-604

This is a list of each user account in Windows, listed by user name, followed by the account's corresponding SID.

How to Find User's SIDs in the Registry:

You can also determine a user's SID by looking through the ProfileImagePath values in each S-1-5-21 prefixed SID listed under theHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList key.

The ProfileImagePath value within each SID-named registry key lists the profile directory, which includes the user name.

For example, the ProfileImagePath value under the S-1-5-21-1180699209-877415012-3182924384-1004 key on my computer is C:\Users\test so I know that the SID for the user "Tim" is "S-1-5-21-1180699209-877415012-3182924384-1974".
Umesh Patel

Related Posts

Next
« Prev Post
Previous
Next Post »

Thanks for comments.....