http://msdn.microsoft.com/en-us/library/cc223144.aspx
http://support.microsoft.com/kb/243330
http://msdn.microsoft.com/en-us/library/cc980032.aspx
For example, given a SID defined in the table below as S-1-5-21--513, and the actual instance of the domain having the three sub authority values of 1, 2, and 3:
S-1: Indicates a revision or version 1 SID.
5: SECURITY_NT_AUTHORITY, indicates it's a Windows specific SID.
21: SECURITY_NT_NON_UNIQUE, indicates a domain id will follow.
1-2-3: The next three SubAuthority arrays contain 32-bit random numbers to uniquely identify the domain.
RID: Indicates a unique object ID within the domain.
The actual constructed SID would be S-1-5-21-1-2-3-513.
[Note] $ wmic useraccount get name,sid
[Note] $ wmic group get [name,sid]
No comments:
Post a Comment