Security Identifiers (SID)

Overview

A Security Identifier (SID) is a unique value of variable length used to identify a security principal (such as a user, group, or computer account) in Windows operating systems. SIDs are fundamental to the security model, enabling the OS to manage access control and audit information.

SID Structure

The binary representation of a SID consists of the following fields:

+-------------------+-------------------+-------------------+-------------------+
| Revision (1 byte) | SubAuthorityCount | IdentifierAuthority (6 bytes) |
+-------------------+-------------------+-------------------+-------------------+
| SubAuthority[0] (4 bytes) ... SubAuthority[n-1] (4 bytes) |
+-----------------------------------------------------------+

In string form, a SID appears as S-1-5-21-...-RID where:

  • Revision – Usually 1.
  • IdentifierAuthority – Typically 5 for NT Authority.
  • SubAuthority – A series of 32‑bit values that uniquely identify the domain and relative identifier (RID).

Related Functions

Common Windows API functions that work with SIDs include:

  • CreateWellKnownSid – Creates a SID for a well‑known principal.
  • ConvertStringSidToSid – Converts a string SID to a binary SID.
  • ConvertSidToStringSid – Converts a binary SID to a string.
  • IsValidSid – Validates a SID structure.
  • GetSidSubAuthority – Retrieves a specific sub‑authority value.

Code Examples

Example: Converting a string SID to a binary SID and back

#include <windows.h>
#include <stdio.h>

int main() {
    PSID pSid = NULL;
    LPCSTR szSidString = "S-1-5-32-544"; // Built‑in Administrators group

    if (!ConvertStringSidToSidA(szSidString, &pSid)) {
        printf("ConvertStringSidToSid failed: %lu\\n", GetLastError());
        return 1;
    }

    LPTSTR szSidText = NULL;
    if (!ConvertSidToStringSid(pSid, &szSidText)) {
        printf("ConvertSidToStringSid failed: %lu\\n", GetLastError());
        LocalFree(pSid);
        return 1;
    }

    printf("Original SID: %s\\nConverted SID: %s\\n", szSidString, szSidText);
    LocalFree(pSid);
    LocalFree(szSidText);
    return 0;
}

This program demonstrates how to move between the string and binary representations of a SID, which is useful when interacting with security APIs.

See Also