| Glossary |
There are several SIDs reserved for NT.
link back to sec page
sec
S-1-5-21-646518322-1873620750-619646970-1110
S for security id
1 Revision level
5 Identifier Authority (48 bit) 5 = logon id
21 Sub-authority (21 = nt non unique)
646518322 SA
1873620750 SA domain id
619646970 SA
1110 user id
| S-1-5-32-544 | Local admin. |
| S-1-1-0 | World (everybody) |
| S-1-5-21 | NT non-unique ids |
Identifier Authorities
| Identifier Authority | Abbr. |
|---|---|
| Null SID | S-1-0 |
| World SID | S-1-1 |
| Local SID | S-1-2 |
| Creator SID | S-1-3 |
| Non-unique | S-1-4 |
| NT SID | S-1-5 |
Relative Identifiers (RIDs)
These relative identifiers (RIDs) are used with the above identifier
authorities to make up universal well-known SIDs.
Note: The relative identifier (RID) refers to the portion of a SID, which
identifies a user or group in relation to the authority that issued the SID.
For example, the universal well-known SID Creator Owner ID (S-1-3-0) is
made up of the identifier authority SECURITY_CREATOR_SID_AUTHORITY (3) and
the relative identifier SECURITY_CREATOR_OWNER_RID (0).
Relative Identifiers
| Relative Identifier | Code | SID |
|---|---|---|
| Null | 0 | S-1-0-0 |
| World | 0 | S-1-1-0 |
| Local | 0 | S-1-2-0 |
| Creator Owner | 0 | S-1-3-0 |
| Creator Group | 1 | S-1-3-1 |
| Creator Owner Server | 2 | S-1-3-2 |
| Creator Group Server | 3 | S-1-3-3 |
| Dialup | 1 | S-1-5-1 |
| Network | 2 | S-1-5-2 |
| Batch | 3 | S-1-5-3 |
| Interactive | 4 | S-1-5-4 |
| Logon Ids | 5 | S-1-5-5-X-Y |
| Service | 6 | S-1-5-6 |
| Anonymous Logon | 7 | S-1-5-7 |
| Proxy | 8 | S-1-5-8 |
| Enterprise Controllers | 9 | S-1-5-9 |
| Server Logon | 9 | S-1-5-9 |
| Principal Self | 10 | S-1-5-10 |
| Authenticated User | 11 | S-1-5-11 |
| Restricted Code | 12 | S-1-5-12 |
| Terminal Server | 13 | S-1-5-13 |
| Local System | 18 | S-1-5-18 |
| NT Non-unique | 21 | S-1-5-21 |
| Builtin Domain | 32 | S-1-5-32 |
Well-known domain relative sub-authority values (RIDs).
Domain Users
| Domain User | Code |
|---|---|
| Admin | 500 |
| Guest | 501 |
| Kerberos Target | 502 |
Domain Groups
| Domain Group | Code |
|---|---|
| Admins | 512 |
| Users | 513 |
| Guests | 514 |
| Computers | 515 |
| Controllers | 516 |
| Cert Admins | 517 |
| Schema Admins | 518 |
| Enterprise Admins | 519 |
| Policy Admins | 520 |
Domain Aliases
| Domain Alias | Code |
|---|---|
| Admins | 544 |
| Users | 545 |
| Guests | 546 |
| Power Users | 547 |
| Account Ops | 548 |
| System Ops | 549 |
| Print Ops | 550 |
| Backup Ops | 551 |
| Replicator | 552 |
| RAS Servers | 553 |
| Pre W2K Comp Access | 554 |
Universal well-known SIDs
| SID | Abbr. |
|---|---|
| Null | S-1-0-0 |
| World | S-1-1-0 |
| Local | S-1-2-0 |
| Creator Owner | S-1-3-0 |
| Creator Group | S-1-3-1 |
| Creator Owner Server | S-1-3-2 |
| Creator Group Server | S-1-3-3 |
| Non-unique IDs | S-1-4 |
NT well-known SIDs
| SID | Abbr. |
|---|---|
| NT Authority | S-1-5 |
| Dialup | S-1-5-1 |
| Network | S-1-5-2 |
| Batch | S-1-5-3 |
| Interactive | S-1-5-4 |
| Service | S-1-5-6 |
| Anonymous Logon (Null Logon) | S-1-5-7 |
| Proxy | S-1-5-8 |
| Server Logon (Domain Controller) | S-1-5-9 |
| Self | S-1-5-10 |
| Authenticated User | S-1-5-11 |
| Restricted Code | S-1-5-12 |
| Terminal Server | S-1-5-13 |
| Logon IDs | S-1-5-5-X-Y |
| NT Non-unique IDs | S-1-5-21-... |
| Built-in Domain | S-1-5-32 |