SID (Security IDentifier) – это уникальный идентификатор, который присваивается пользователям, группам, компьютерам или другим объектам безопасности при их создании в Windows или Active Directory. Windows использует SID, а не имя пользователя для контроля доступа к различным ресурсам: сетевым папкам, ключам реестра, объектам файловой системы (NTFS разрешения), принтерам и т.д. В этой статье мы покажем несколько простых способов получить SID пользователя, группы или компьютера, и обратную процедуру – получить объект по известному SID.
Содержание:
- Что такое SID объекта в Windows?
- Как получить SID локального пользователя?
- Узнать SID пользователя или группы в домене Active Directory
- Получить SID компьютера
- Как узнать имя пользователя или группы по известному SID?
- Поиск объектов в Active Directory по SID
Что такое SID объекта в Windows?
Как мы уже сказали, SID (security identifier) позволяет уникально идентифицировать пользовали, группу или компьютер в пределах определенной области (домена или локального компьютера). SID представляет собой строку вида:
S-1-5-21-2927053466-1818515551-2824591131—1103.
В данном примере:
- 2927053466-1818515551-2824591131 – это уникальный идентификатор домена, выдавшего SID (у всего объекта в одном домене эта часть будет одинакова)
- 1103 – относительный идентификатор безопасности объекта (RID). Начинается с 1000 и увеличивается на 1 для каждого нового объекта. Выдается контроллером домена с FSMO ролью RID Master)
SIDы объектов Active Directory хранятся в базе ntds.dit, а SIDы локальных пользователей и групп в локальной базе диспетчера учетных записей Windows (SAM, Security Account Manager в ветке реестра HKEY_LOCAL_MACHINE\SAM\SAM).
В Windows есть так называемые известные идентификаторы безопасности (Well-known SID). Это SID встроенных (BuiltIn) пользователей и групп, которые есть на любых компьютерах Windows. Например:
-
S-1-5-32-544
– встроенная группу Administrators -
S-1-5-32-545
– локальные пользователи -
S-1-5-32-555
– группа Remote Desktop Users, которым разрешен вход по RDP -
S-1-5-domainID-500
– учетная запись встроенного администратора Windows - И т.д.
В Windows можно использовать различные средства для преобразования SID -> Name и Username -> SID: утилиту whoami, wmic, WMI, классы PowerShell или сторонние утилиты.
Как получить SID локального пользователя?
Чтобы получить SID локальной учетной записи, можно воспользоваться утилитой wmic, которая позволяет обратится к пространству имен WMI (Windows Management Instrumentation) компьютера.
wmic useraccount where name='test_user' get sid
Команда может вернуть ошибку, если репозиторий WMI поврежден. Воспользуйтесь этой инструкцией для восстановления WMI репозитория.
Команда вернула SID указанного пользователя —
S-1-5-21-1175651296-1316126944-203051354-1005
.
Чтобы вывести список SID всех локальных пользователей Windows, выполните:
wmic useraccount get name,sid.
Если нужно узнать SID текущего пользователя (под которым выполняется команда), используйте такую команду:
wmic useraccount where name='%username%' get sid
Можно обратится к WMI напрямую из PowerShell:
(Get-CimInstance -Class win32_userAccount -Filter "name='test_user' and domain='$env:computername'").SID
В новых версиях PowerShell Core 7.x вместо команды Get-WmiObject нужно использовать Get-CimInstance.
Но еще проще получить SID локального пользователя с помощью встроенного PowerShell модуля управления локальными пользователями и группами (Microsoft.PowerShell.LocalAccounts).
Get-LocalUser -Name 'test_user' | Select-Object Name, SID
По аналогии можно получить SID локальной группы:
Get-LocalGroup -Name tstGroup1 | Select-Object Name, SID
Также вы можете использовать.NET классы System.Security.Principal.SecurityIdentifier и System.Security.Principal.NTAccount для получения SID пользователя с помощью PowerShell:
$objUser = New-Object System.Security.Principal.NTAccount("LOCAL_USER_NAME")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value
Узнать SID пользователя или группы в домене Active Directory
Вы можете узнать SID своей доменной учетной записи командой:
whoami /user
Получить SID пользователя домена Active Directory можно с помощью WMIC. В этом случае в команде нужно указать имя домена:
wmic useraccount where (name='jjsmith' and domain=′corp.winitpro.ru′) get sid
Для получения SID доменного пользователя можно воспользоваться командлетом Get-ADUser, входящего в состав модуля Active Directory Module для Windows PowerShell. Получим SID для доменного пользователя jjsmith:
Get-ADUser -Identity 'jjsmith' | select SID
Вы можете получить SID группы AD с помощью командлета Get-ADGroup:
Get-ADGroup -Filter {Name -like "msk-admin*"} | Select SID
Если на вашем компьютере не установлен модуль AD для PowerShell, вы можете получить SID пользователя с помощью классов .Net:
$objUser = New-Object System.Security.Principal.NTAccount("corp.wintpro.ru","jjsmith")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value
Эта же команда PowerShell в одну строку:
(new-object security.principal.ntaccount “jjsmith").translate([security.principal.securityidentifier])
Получить SID компьютера
Если компьютер с Windows добавлен в домен Active Directory, у него будет два разных SID. Первый SID – идентификатор локального компьютера (Machine SID), а второе – уникальный идентификатор компьютера в AD.
SID компьютера в домене Active Directory можно получить с помощью команды:
Get-ADComputer srv-rds1 -properties sid|select name,sid
SID локального компьютера (Machine SID) можно получить с помощью бесплатной утилиты PsGetsid (https://docs.microsoft.com/en-us/sysinternals/downloads/psgetsid): Но ее придется скачивать и устанавливать на каждый компьютер вручную.
.\PsGetsid64.exe
Или просто, обрезав последние 4 символа RID и SID любого локального пользователя:
$user=(Get-LocalUser Administrator).sid
$user -replace ".{4}$"
Важно, чтобы у каждого компьютера в домене был уникальный локальный SID. Если вы клонируете компьютеры или виртуальные машины, или создаете их из одного шаблона, то перед тем как добавить их в домен нужно выполнить команду sysprep. Эта утилита сбрасывает локальный Machine SID. Это избавит вас от частых ошибок “Не удалось восстановить доверительные отношения между рабочей станцией и доменом”.
Как узнать имя пользователя или группы по известному SID?
Чтобы узнать имя учетной записи пользователя по SID (обратная процедура), можно воспользоваться одной из следующих команд:
wmic useraccount where sid='S-1-3-12-12452343106-3544442455-30354867-1434' get name
Для поиска имени доменного пользователя по SID используйте командлеты из модуля
RSAT-AD-PowerShell
:
Get-ADUser -Identity S-1-5-21-247647651-3952524288-2944781117-23711116
Чтобы определить имя группы по известному SID, используйте команду:
Get-ADGroup -Identity S-1-5-21-247647651-3952524288-2944781117-23711116
Также можно узнать получить SID группы и пользователя с помощью встроенных классов PowerShell (без использования дополнительных модулей):
$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-21-2470456651-3958312488-29145117-23345716")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value
Поиск объектов в Active Directory по SID
Если вы не знаете к какому типу объекта AD относится SID и какой точно командлет нужно использовать для его поиска (Get-AdUser, Get-ADComputer или Get-ADGroup), вы можете использовать универсальный метод поиска объектов в Active Directory по SID с помощью командлета Get-ADObject
$sid = ‘S-1-5-21-2470146651-3951111111-2989411117-11119501’
Get-ADObject –IncludeDeletedObjects -Filter "objectSid -eq '$sid'" | Select-Object name, objectClass
В нашем случае объект AD, который имеет данный SID, является компьютером (objectClass=computer).
183
183 people found this article helpful
Find a user’s SID with WMIC or in the registry
Updated on January 15, 2022
What to Know
- In Command Prompt, type wmic useraccount get name,sid and press Enter.
- You can also determine a user’s SID by looking through the ProfileImagePath values in each S-1-5-21 prefixed SID listed under:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
A common reason why you might want to find the security identifier (SID) for a user’s account in Windows is to determine which key under HKEY_USERS in the Windows Registry to look for user-specific registry data. Matching SIDs to usernames is easy with the wmic command—available from the Command Prompt in most versions of Windows.
How to Find a User’s SID With WMIC
Follow these easy steps to display a table of usernames and their corresponding SIDs. It’ll probably only take a minute, maybe less, to find a user’s SID in Windows via WMIC:
See How to Find a User’s SID in the Registry further down the page for instructions on matching a username to an SID via information in the Windows Registry, an alternative method to using WMIC. The wmic command didn’t exist before Windows XP, so you’ll have to use the registry method in those older versions of Windows.
-
Open Terminal (Windows 11), or open Command Prompt in older Windows versions.
If you’re using a keyboard and mouse in Windows 11/10/8, the fastest way is through the Power User Menu, accessible with the WIN+X shortcut.
If you don’t see Command Prompt there, type cmd into the search bar in the Start menu, and select Command Prompt when you see it.
You don’t have to open an elevated Command Prompt for this to work. Some Windows commands require it, but in the WMIC command example below, you can open a regular, non-administrative Command Prompt.
-
Type the following command into Command Prompt exactly as it’s shown here, including spaces or lack thereof:
wmic useraccount get name,sid…and then press Enter.
If you know the username and would like to grab only that one user’s SID, enter this command but replace USER with the username (keep the quotes):
wmic useraccount where name="USER" get sidIf you get an error that the wmic command isn’t recognized, change the working directory to be C:\Windows\System32\wbem\ and try again. You can do that with the cd (change directory) command.
-
You should see a table displayed in Command Prompt. This is a list of each user account in Windows, listed by username, followed by the account’s corresponding SID.
Now that you’re confident a particular user name corresponds to a particular SID, you can make whatever changes you need to in the registry or do whatever else you needed this information for.
Lifewire / Emily Mendoza
Finding the Username Using the SID
If you happen to have a case where you need to find the user name but all you have is the security identifier, you can «reverse» the command like this (just replace this SID with the one in question):
wmic useraccount where sid="S-1-5-21-992878714-4041223874-2616370337-1001" get name
…to get a result like this:
Namejonfi
How to Find a User’s SID in the Registry
You can also determine a user’s SID by looking through the ProfileImagePath values in each S-1-5-21 prefixed SID listed under this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
The ProfileImagePath value within each SID-named registry key lists the profile directory, which includes the username.
For example, the value under the S-1-5-21-992878714-4041223874-2616370337-1001 key on the computer you see above is C:\Users\jonfi, so we know that’s the SID for that user.
This method of matching users to SIDs will only show those users who are logged in or have logged in and switched users. To continue to use the registry method for determining other user’s SIDs, you’ll need to log in as each user on the system and repeat these steps. This is a big drawback; assuming you’re able, you’re much better off using the wmic command method above.
FAQ
-
Open the Command Prompt by pressing Windows key+R. Then, enter the following command and press Enter: whoami /user.
-
To create a new user account in Windows, go to Start > Settings > Accounts > Family & others users. Under Other users > Add other user, select Add account. Enter the user’s information and follow the prompts.
Thanks for letting us know!
Get the Latest Tech News Delivered Every Day
Subscribe
Загрузить PDF
Загрузить PDF
Из этой статьи вы узнаете, как в Windows выяснить идентификатор безопасности (SID) другого пользователя.
-
В левом нижнем углу откроется меню «Опытный пользователь».
-
Откроется новое окно.
-
Откроется окно командной строки.
-
Это команда для отображения идентификаторов безопасности всех пользователей системы.
- Если вы знаете имя пользователя, введите следующую команду: wmic useraccount where name="USER" get sid (вместо «USER» подставьте имя пользователя).[1]
- Если вы знаете имя пользователя, введите следующую команду: wmic useraccount where name="USER" get sid (вместо «USER» подставьте имя пользователя).[1]
-
Идентификатор безопасности — это длинная цепочка чисел, которая отобразится справа от каждого имени пользователя.
Реклама
Об этой статье
Эту страницу просматривали 5005 раз.
Была ли эта статья полезной?
If you are trying to rename user profile folder or to change some registry specific data for the current user, then you might want to find the Security Identifier (SID) for that user account to determine which key under HKEY_USERS in Registry belong to that particular user account.
A security identifier (SID) is a unique value of variable length used to identify a trustee. Each account has a unique SID issued by an authority, such as a Windows domain controller, and stored in a secure database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token. The system uses the SID in the access token to identify the user in all subsequent Windows security interactions. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group.
There are many other reasons you need to know the Security Identifier (SID) of a User, but there are various methods to find the SID in Windows 10. So without wasting any time, let’s see How to Find Security Identifier (SID) of User in Windows 10 with the help of the below-listed tutorial.
Table of Contents
Make sure to create a restore point just in case something goes wrong.
Method 1: Find Security Identifier (SID) of Current User
1. Open Command Prompt. The user can perform this step by searching for ‘cmd’ and then press Enter.
2. Type the following command into cmd and hit Enter:
whoami /user
3. This will show the SID of the current user successfully.
Method 2: Find Security Identifier (SID) of User in Windows 10
1. Open Command Prompt. The user can perform this step by searching for ‘cmd’ and then press Enter.
2. Type the following command into cmd and hit Enter:
wmic useraccount where name=’%username%’ get domain,name,sid
3. This will successfully show the SID of the current user.
Method 3: Find Security Identifier (SID) of All Users
1. Open Command Prompt. The user can perform this step by searching for ‘cmd’ and then press Enter.
2. Type the following command into cmd and hit Enter:
wmic useraccount get domain, name,sid
3. This will successfully show the SID of all user accounts present on the system.
Method 4: Find Security Identifier (SID) of Specific User
1. Open Command Prompt. The user can perform this step by searching for ‘cmd’ and then press Enter.
2. Type the following command into cmd and hit Enter:
wmic useraccount where name=”Username” get sid
Note: Replace username with the account’s actual username for which you are trying to find the SID.
3. That’s it, you were able to find the SID of the specific user account on Windows 10.
Method 5: Find User Name for specific Security Identifier (SID)
1. Open Command Prompt. The user can perform this step by searching for ‘cmd’ and then press Enter.
2. Type the following command into cmd and hit Enter:
wmic useraccount where sid=”SID” get domain,name
Replace: SID with the actual SID for which you are trying to find the username
3. This will successfully show the username of that particular SID.
Method 6: Find SID of Users using Registry Editor
1. Press Windows Key + R then type regedit and hit Enter to open Registry Editor.
2. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
3. Now under ProfileList, you will find different SID’s and for finding the particular user for these SID’s you need to select each one of them then in the right window pane double-click on ProfileImagePath.
4. Under the value field of ProfileImagePath you will see the username of the particular account and this way you can find the SID’s of different users in Registry Editor.
Recommended:
- How to Add a PIN to Your Account in Windows 10
- Rename User Profile Folder in Windows 10
- Set Default User Logon Picture for all Users in Windows 10
- How to Add a Picture Password in Windows 10
That’s it you have successfully Find Security Identifier (SID) of User in Windows 10 but if you still have any questions regarding this tutorial then feel free to ask them in the comment’s section.
When you need to find the security identifier (SID) of a user in Windows environments, understanding the right tools and methods becomes essential. While Microsoft has refined this identification system since Windows NT, administrators need reliable methods to locate and verify these identifiers for effective system management and troubleshooting.
Core methods to find a Windows user’s Security Identifier (SID)
There are several ways to retrieve a SID, depending on your access level and Windows version. Let’s look at the most effective methods.
Command prompt techniques
The command prompt provides straightforward, reliable methods to retrieve SID information across all Windows versions. These commands work efficiently in both standalone and domain-joined environments.
- Open Command Prompt as an administrator.
- Type “whoami /user” to see your current user SID.
- Use “wmic useraccount get name,sid” to list all user accounts and their SIDs.
- Enter “psexec -s cmd” to access system context if needed.
- Run “dir /q” in user directories to view SID ownership.
PowerShell get user SID
You can use PowerShell to get the user SID. These commands offer advanced flexibility and automation capabilities for SID retrieval, making them ideal for managing multiple systems or performing bulk operations.
- Execute “Get-WmiObject win32_useraccount” to retrieve a complete list of user accounts and their associated SIDs.
- Run “$objUser = New-Object System.Security.Principal.NTAccount($env:USERNAME)” for current user details.
- Use “Get-LocalUser | Select-Object Name,SID” to display local user accounts.
- Access Active Directory user SIDs with “Get-ADUser -Identity username -Properties SID.”
- Query remote computers using “Invoke-Command” with SID retrieval scripts.
GUI-based discovery
For those who prefer visual navigation, Windows provides built-in graphical tools to locate SID information. This method proves particularly useful during one-off queries or when training new team members.
- Access Computer Management through Windows Administrative Tools.
- Navigate to Local Users and Groups.
- Right-click the user account and select Properties.
- Choose the Security tab.
- Click Advanced to view the SID.
- Document the SID for future reference.
In Windows operating systems, security identifiers act as digital passports for every user and group, enabling precise access control and system management. For administrators tasked with maintaining security across enterprise environments, understanding these unique identifiers unlocks powerful capabilities for permission management and user tracking.
SID structure explained
The structure of a security identifier follows a precise format that Microsoft developed for the Windows NT architecture. Each SID contains multiple components: a revision level, an authority identifier, and a variable number of sub-authority values.
These components work together to create an identifier that remains unique across your entire domain infrastructure. You might see a typical SID displayed as S-1-5-21-3623811015-3361044348-30300820-1013.
Breaking it down:
- S: Stands for SID
- 1: The revision level
- 5: The identifier authority
- 21-3623811015-3361044348-30300820: A domain or computer-specific identifier
- 1013: The unique relative identifier (RID) assigned to a user or group
Why SIDs matter in Windows security?
Windows security relies on SIDs as the foundation of its access control system. Rather than depending on usernames or group names — which users can modify — the system tracks permissions and access rights through these unchangeable identifiers.
When a user attempts to access a resource, Windows examines the SID associated with their account against the access control list of the requested resource. This verification process occurs seamlessly in the background, maintaining security without disrupting user workflow.
The importance of a unique identifier
It is often necessary to find the SID of a user during security audits, access control updates, or troubleshooting scenarios. These permanent identifiers provide stability in user management, remaining unchanged even when usernames get modified.
Organizations operating across multiple domains or implementing complex security policies rely on these identifiers to maintain consistent access control and conduct thorough user activity audits.
Windows SID location map
Registry path navigation
The Windows Registry serves as a central database for storing critical system information, including SID data. Use these steps to safely navigate and locate the SID information you need.
- Launch the Registry Editor by typing “regedit” in the Run dialog.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList.
- Look for subkeys that start with S-1-5.
- Expand each key to view the ProfileImagePath value.
- Match the profile path to identify the correct user.
- Record the SID from the subkey name for reference.
Locating SIDs in system files
Windows stores SID information across various system files and directories, creating a complex web of security relationships. Your operating system maintains these identifiers in both the Security Accounts Manager database and the NTUSER.DAT files within user profiles.
When Windows creates a new user account, it generates a unique SID and stores this information in multiple locations to support various security functions. The system also maintains backup copies of this data through Volume Shadow Copy Service, providing redundancy for these mission-critical identifiers.
Access permission setup
Configuring proper access permissions requires precise SID mapping. Follow these steps to establish appropriate security controls.
- Open Windows Explorer and locate the target resource.
- Right-click and select Properties.
- Navigate to the Security tab.
- Click Advanced to view SID-based permissions.
- Select Add to include new permissions.
- Choose Principal to specify the user or group.
- Enter the SID in the object name field.
- Set appropriate permission levels.
- Apply changes and verify access.
Advanced SID management tools
Managing SIDs in enterprise environments requires sophisticated tools and methodologies. Whether you need to track user activities, implement domain-wide policies, or create security templates, choosing the right approach streamlines your administrative tasks.
Domain controller methods
If your system operates in an Active Directory (AD) environment, you can manage SIDs using these methods:
- Active Directory Users and Computers (ADUC): A centralized GUI for managing user accounts and their SIDs.
- NTDSUTIL: A command-line tool for database maintenance and SID history management.
- Group Policy Objects (GPOs): Helps enforce SID-based security policies across the domain.
- Replication Health Checks: Ensures SID synchronization across domain controllers.
- SID Filtering: Restricts cross-domain authentication to prevent unauthorized access.
Network user tracking
Continuous SID monitoring helps track user activity and detect anomalies or security threats. The tracking system maintains detailed logs of SID usage, providing valuable data for both real-time security monitoring and forensic analysis.
Security template options
Security templates provide structured approaches to implementing standardized SID management policies. These templates serve as the foundation for consistent security implementation across your organization.
Security templates provide structured frameworks for implementing consistent SID management policies throughout your organization. You can develop customized templates that align with your security requirements while maintaining compatibility with existing systems.
SID security best practices
Proper SID access control forms the foundation of your Windows security infrastructure. Regular audits of access patterns help identify potential vulnerabilities and opportunities to strengthen your security controls.
Your granular permission settings create trackable access paths throughout your network infrastructure. Setting up role-based access control with SIDs enables precise management of resource permissions across departments.
Backup documentation methods
Documentation serves as your security blueprint, providing records of SID configurations and changes. These records prove invaluable during audits, system recovery, and security investigations.
- Generate automated SID mapping reports on a scheduled basis.
- Store offline copies of SID assignments in secured locations.
- Document changes to SID configurations through version control systems.
- Maintain detailed logs of SID modifications and access pattern changes.
- Create standardized templates for SID backup procedures.
Managing SID security requires a strategic balance of documentation, access controls and troubleshooting protocols. Your organization’s security posture depends on implementing and maintaining these best practices effectively.