• Home
  • News
  • Key Concepts
  • How To
  • Windows
  • Apple
  • Android
  • Best-Of
  • Reviews

IT4nextgen

Tech Tutorials and Reviews

IT4nextgen > Key Concepts > What is SID ( Security Identifier) in Windows OS

What is SID ( Security Identifier) in Windows OS

Last Updated August 4, 2018 By Subhash D Leave a Comment

SID is a term related to Windows security. SID refers to security identifier or security ID. Whenever you create a new object or an item like a user or a group, its unique security ID is created. Before understanding the SID fully, we have to know the basics of security Principal, Access control entry(ACE) and Access control List (ACL).

Security Principal

In simple terms, the security principal is an object that needs authentication to access a file or a folder on a system. The most common examples of a security principal are a user, a computer or a process. A user or computer, when added to a network asks for an access to files. Similarly, a process or a service running on a Windows computer might need an access to files on a system.

explanation of sid

So a security principal is applied to all the entities that need access to files. Furthermore, any object that is created in Active Directory in windows server will have a security principal applied to it. So basically windows OS assigns some identification name to the object. But what happens if the two or more objects have the same name. Here comes the role of SID.

SID

To understand SID better, take an example of a manufacturing unit that manufactures some equipment or a gadget. So every gadget has its own unique serial number and helps in many attributes associated with it. So in a similar way, SID is a unique number that is applied to any new entity created in a windows system. So now even if the two objects have the same name, windows can easily identify the different objects via its SID.

Examples of SID

S-1-5-18

S-1-5-19

S-1-5-21-1129136414-3157084160-1998405333-1001

S-1-5-21-1129136414-3157084160-1998405333-1003

Here, in the examples of SID above, you can see the shorter as well as longer security identifier numbers. The other thing to note is that all SIDs start with the letter S. The shorter Security IDs are generated for objects in a local computer while longer SIDs are for entities created in a domain.

To bring more clarity on SID, you can have a look at a real example of SID. So open windows registry by typing regedit in run window

open registry editor

Now Navigate to Hkey-Local-Machine>Software>Microsoft>WindowsNT>Current Version>Profile list

SID profile

The profile list contains all the users who log in to Windows OS. Here is the image, and you can see that there are five profiles created automatically. And once you click on the Sid number, in the profile image path you can see the name of the user.

How SIDs are beneficial

user-SID

To explain the usage of the SID, let’s take a case scenario where multiple users work in an organization. Say a user is created in the name of James Ashley and his SID is created say  “S-1-5-21-1129136414-3157084160-1998405333-1001“.

Now let’s assume that the James Ashley left the company and his user account is deleted. Now a new person with the same name joins the company. So a new user account with same name Pablo is created.

Now you can see that although the name of the employee is same, the SID is different from the earlier SID created for Pablo.

If another user with the same name is created in a domain, the windows will still assign a different SID to it.

So we see that whether on a local computer or a domain, the users with the same name will have different security IDs altogether.

When a user is created, its SID is assigned to files or folders as per the group policy. Now when you delete a user, the SID is also deleted and so are the permissions linked with that SID.

So the best way to manage the network users is to disable the user rather than deleting it. So when a new employee joins in place of the user who has left, you just need to enable the user and rename it. This way all the permissions and access to files and folders to this user account remains intact.

How SID works

Every document in a file server has an access control list (ACE) associated with it. The ACE has Access control entries which define which user has the access to this file. Normally or by default, you can say that ACE consists of an Administrator and System user accounts added to the ACL. In case you need to add a different or additional entity or a user with permissions you need to add its ACE to the ACL. The access is determined by the SID of a user in the access control entry. The access to the file is allowed only If the SID of a user matches with the SID in the access control List (ACL).

EXPLORE MORE

  • difference between wep wpa and wpa2
    WEP, WPA, and WPA2: What is the Difference and which…
  • permission-to-save-in-location
    You Don't have Permission to Save in this Location:…
  • UTM firewall
    What is UTM, and How can it Help You
  • cisco vpn
    Cisco VPN: Enabling Multi-Factor Security

Filed Under: Key Concepts

About Subhash D

A tech-enthusiast, Subhash is a Graduate Engineer and Microsoft Certified Systems Engineer. Founder of it4nextgen, he has spent more than 20 years in the IT industry.

Share Your Views: Cancel reply

Latest News

Apple SE phone

Upcoming iPhone SE 4: All You Need to Know

Gemini 2.0

Gemini 2.0: A New Era in AI with Flash, Pro, and Flash-Lite Models

apple-vision-pro

What’s so ‘Pro’ About Apple Vision Pro Headset

Tesla phone

Tesla Phone: Release Date, Price, Specs, and Latest Rumors for the Tesla Pi

android 15

Android 15: Top 7 New Features for Pixel Devices You Need to Know

  • About Us
  • Privacy Policy and Disclaimer
  • Contact Us
  • Advertise
  • Newsletter!
  • Facebook
  • LinkedIn
  • Twitter

Enjoy Free Tips & News

Copyright © 2025 IT4Nextgen.com