SIDs are useful for troubleshooting issues with security audits, Windows server and domain migrations.
SID has format as follows: S-1-5-12-7623811015-3361044348-030300820-1013
Possible identifier authority values are:
|Local System, a service account that is used by the operating system.|
|NT Authority, Local Service|
|NT Authority, Network Service|
|A user account for the system administrator. By default, it is the only user account that is given full control over the system.|
|Guest user account for people who do not have individual accounts. This user account does not require a password. By default, the Guest account is disabled.|
|Domain Admins - a global group whose members are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. Domain Admins is the default owner of any object that is created by any member of the group.|
|Domain Guests - A global group that, by default, has only one member, the domain's built-in Guest account.|
Now the truth is that when the computers are joined into a domain (Active Directory or NT domain for instance), each computer has a unique Domain SID which is recomputed each time a computer enters a domain. Thus there are usually no real problems with Duplicated SIDs when the computers are members of a domain, especially if local user accounts are not used. If local user accounts are used, there is a potential security issue that is the same as the one described above when the computers are members of a Workgroup but that affects only the files and resources protected by local users, not by domain users.
In other words, duplicated SIDs are usually not a problem with Microsoft Windows systems. However Microsoft does provide a utility to change a machine SID: NewSID - Microsoft TechNet
But other programs that detect SID might have problems with their security.
|1) Divide the bytes into 3 sections:|
|2) Reverse the bytes of each section:|
|3) Convert each section into decimal:|
|4) Add the machine SID prefix:|
WIPO ASSIGNS PATENT TO ARMORLOG FOR "SYSTEM AND METHOD FOR IMPROVING SECURITY OF USER ACCOUNT ACCESS" (AUSTRALIAN INVENTOR)
Apr 27, 2011; GENEVA, April 27 -- Publication No. WO/2011/044630 was published on April 21. Title of the invention: "SYSTEM AND METHOD FOR...
WIPO ASSIGNS PATENT TO HUAWEI TECHNOLOGIES FOR "METHOD, DEVICE AND COMMUNICATION SYSTEM FOR SERVICE PROCESSING" (CHINESE INVENTORS)
May 18, 2011; GENEVA, May 18 -- Publication No. WO/2011/054147 was published on May 12. Title of the invention: "METHOD, DEVICE AND...
Publication No. WO/2010/061261 Published on June 3, Assigned to Nokia for Software Version Management Method, Apparatus, Computer Program Product (Finnish Inventors)
Jun 04, 2010; GENEVA, June 8 -- Janne Takala, Olli Pekka Juhani Muukka, Rauno Juhani Tamminen and Janne Johannes Jarvinen, all from Finland,...
US Patent Issued to Qpay Holdings on March 26 for "Transaction Authorisation System and Method" (Australian Inventor)
Mar 26, 2013; ALEXANDRIA, Va., March 26 -- United States Patent no. 8,407,112, issued on March 26, was assigned to Qpay Holdings Ltd....