Security Identifiers Technical Reference

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security Identifiers Technical Reference

A security identifier (SID) is a unique name (alphanumeric value) that identifies an object — such as a user, group, or computer account — on a network. Each account or group is issued a unique SID when it is first created.

During the authentication process, a user is identified to the local or trusted domain by presentation of credentials, usually in the form of a user name and password. Assuming these credentials are acceptable, the system creates an access token for the user that contains the SID of the user (the primary SID) and the SIDs of all the domain groups of which the user is a member. The system uses this access token to determine whether to grant the user access to system resources.

SIDs are a fundamental building block of the Microsoft Windows Server 2003 security model, which controls the use of network resources through the interrelated mechanisms of authentication and authorization. The authorization and access control technologies in Windows Server 2003 use SIDS, along with other security features and components (such as access tokens, security descriptors, and access control lists), to help determine if an authenticated user has the correct authorization to access a resource.

In this subject

• What Are Security Identifiers?

• How Security Identifiers Work

• Security Identifiers Tools