Security Identifier (SID)
Every user and every entity for which the system needs to make a trust decision is
assigned a security identifier (SID). The SID is created when the entity is created and
remains the same for the life of that entity. No two entities on the same computer will
ever have the same SID. The SID is a unique identifier that shows up every place a user or
other entity needs to be identified. You might think, ???Why doesn??™t Windows just use the
username to identify the user???? Imagine that a server has a user JimBob for a time and
then that user is deleted. Windows will allowyou sometime later to create a new account
and also name it JimBob. After all, the old JimBob has been deleted and is gone, so there
will be no name conflict. However, this new JimBob needs to be identified differently
than the old JimBob. Even though they have the same logon name, they might need different
access privileges. So it??™s important to have some other unique identifier besides
the username to identify a user. Also, other things besides users have SIDs. Groups and
even logon sessions will be assigned a SID for reasons you??™ll see later.
SIDs come in several different flavors. Every system has internal, well-known SIDs
that identify built-in accounts and are always the same on every system.
Pages:
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703