Sidwalk Overview

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Sidwalk.exe: Security ID Administration

This command-line tool takes a mapping file as input and scans all the Access Control Lists (ACLs) in the registry, file system, file and print shares, and local group membership. SIDWalk uses the mapping information in the mapping file to either delete or replace every occurrence of an old security identifier (SID) with the corresponding new SID. The same mapping file can be used for SIDWalk conversion on multiple computers.

Note

Corresponding UI

There is no corresponding user interface for this tool.

Concepts

Access control is implemented by access control lists (ACLs). Every file in the NTFS file system and every registry key has a unique ACL, granting access rights to file resources to users and groups, and defining what specific access rights each is granted. Each user and group is identified in the ACL by a security identifier (SID).

System Requirements

SIDWalk can be run as scheduled batch jobs. It must be run locally on the computer where the access permissions are to be changed. SIDWalk uses Windows NT security APIs (supported on Windows NT 4.0, Windows 2000, and Windows XP) to examine every ACL on every object on the system. It is a CPU and I/O intensive program; plan to run it when system use is otherwise very light and expect significant resource use.

Files Required

  • Sidwalk.exe

  • Msvcrt50.dll (found in the \System32 directory)

See Also

Concepts

Sidwalk Syntax
Alphabetical List of Tools
Xcacls Overview
Sidwkr.dll
Sidwalker Security Administration Tools
Sidwalk Overview
Showaccs Overview
Sdcheck Overview
Ktpass Overview
Ksetup Overview
Getsid Overview
Addiag.exe