{
	"id": "84757326-a1d9-41d3-b918-9f380488ec1b",
	"created_at": "2026-04-06T00:15:32.266031Z",
	"updated_at": "2026-04-10T13:12:32.661727Z",
	"deleted_at": null,
	"sha1_hash": "4a6aacd3b45b9f924b444c41251d313eb087b6f5",
	"title": "Security Identifiers - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44507,
	"plain_text": "Security Identifiers - Win32 apps\r\nBy GrantMeStrength\r\nArchived: 2026-04-05 18:51:07 UTC\r\nA security identifier (SID) is a unique value of variable length used to identify a trustee. Each account has a\r\nunique SID issued by an authority, such as a Windows domain controller, and stored in a security database. Each\r\ntime a user logs on, the system retrieves the SID for that user from the database and places it in the access token\r\nfor that user. The system uses the SID in the access token to identify the user in all subsequent interactions with\r\nWindows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used\r\nagain to identify another user or group.\r\nWindows security uses SIDs in the following security elements:\r\nIn security descriptors to identify the owner of an object and primary group\r\nIn access control entries, to identify the trustee for whom access is allowed, denied, or audited\r\nIn access tokens, to identify the user and the groups to which the user belongs\r\nIn addition to the uniquely created, domain-specific SIDs assigned to specific users and groups, there are well-known SIDs that identify generic groups and generic users. For example, the well-known SIDs, Everyone and\r\nWorld, identify a group that includes all users.\r\nWorking with SIDs\r\nMost applications never need to work with SIDs. Because the names of well-known SIDs can vary, you should use\r\nthe functions to build the SID from predefined constants rather than using the name of the well-known SID. For\r\nexample, the U.S. English version of the Windows operating system has a well-known SID named\r\n\"BUILTIN\\Administrators\" that might have a different name on international versions of the system. For an\r\nexample that builds a well-known SID, see Searching for a SID in an Access Token in C++.\r\nIf you do need to work with SIDs, do not manipulate them directly. Instead, use the following functions:\r\nFunction Description\r\nAllocateAndInitializeSid Allocates and initializes a SID with the specified number of subauthorities.\r\nConvertSidToStringSid Converts a SID to a string format suitable for display, storage, or transport.\r\nConvertStringSidToSid Converts a string-format SID to a valid, functional SID.\r\nCopySid Copies a source SID to a buffer.\r\nEqualPrefixSid\r\nTests two SID prefix values for equality. A SID prefix is the entire SID except\r\nfor the last subauthority value.\r\nhttps://msdn.microsoft.com/library/windows/desktop/aa379571.aspx\r\nPage 1 of 2\n\nFunction Description\r\nEqualSid Tests two SIDs for equality. They must match exactly to be considered equal.\r\nFreeSid\r\nFrees a previously allocated SID by using the AllocateAndInitializeSid\r\nfunction.\r\nGetLengthSid Retrieves the length of a SID.\r\nGetSidIdentifierAuthority Retrieves a pointer to the identifier authority for a SID.\r\nGetSidLengthRequired\r\nRetrieves the size of the buffer required to store a SID with a specified number\r\nof subauthorities.\r\nGetSidSubAuthority Retrieves a pointer to a specified subauthority in a SID.\r\nGetSidSubAuthorityCount Retrieves the number of subauthorities in a SID.\r\nInitializeSid Initializes a SID structure.\r\nIsValidSid\r\nTests the validity of a SID by verifying that the revision number is within a\r\nknown range and that the number of subauthorities is less than the maximum.\r\nLookupAccountName Retrieves the SID that corresponds to a specified account name.\r\nLookupAccountSid Retrieves the account name that corresponds to a specified SID.\r\nRelated content\r\nWell-known SIDs\r\nSearching for a SID in an Access Token in C++\r\nSource: https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx\r\nhttps://msdn.microsoft.com/library/windows/desktop/aa379571.aspx\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx"
	],
	"report_names": [
		"aa379571.aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775434532,
	"ts_updated_at": 1775826752,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4a6aacd3b45b9f924b444c41251d313eb087b6f5.pdf",
		"text": "https://archive.orkl.eu/4a6aacd3b45b9f924b444c41251d313eb087b6f5.txt",
		"img": "https://archive.orkl.eu/4a6aacd3b45b9f924b444c41251d313eb087b6f5.jpg"
	}
}