|
In the context of the Microsoft Windows NT line of operating systems, a Security Identifier (commonly abbreviated SID) is a unique, immutable identifier of a user, user group, or other security principal. A security principal has a single SID for life, and all properties of the principal, including its name, are associated with the SID. This design allows a principal to be renamed (for example, from "John" to "Jane") without affecting the security attributes of objects that refer to the principal. ==Overview== Windows grants or denies access and privileges to resources based on access control lists (ACLs), which use SIDs to uniquely identify users and their group memberships. When a user logs into a computer, an access token is generated that contains user and group SIDs and user privilege level. When a user requests access to a resource, the access token is checked against the ACL to permit or deny particular action on a particular object. SIDs are useful for troubleshooting issues with security audits, Windows server and domain migrations. The format of an SID can be illustrated using the following example: "S-1-5-21-3623811015-3361044348-30300820-1013"; Possible identifier authority values are: *0 - Null Authority *1 - World Authority *2 - Local Authority *3 - Creator Authority *4 - Non-unique Authority *5 - NT Authority *9 - Resource Manager Authority〔See "Custom Principals" section on https://msdn.microsoft.com/en-us/library/aa480244.aspx〕〔http://blogs.msdn.com/larryosterman/archive/2004/09/01/224051.aspx〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Security Identifier」の詳細全文を読む スポンサード リンク
|