Security identifiers

Security identifiers (SIDs) are numeric values that identify a user or group. For each
access control entry (ACE), there exists a SID that identifies the user or group for whom
access is allowed, denied, or audited.

Well-known security identifiers (special identities)

Well-known
Description
SID
Anonymous
A user who has connected to the computer without supplying a user name
Logon
and password.
(S-1-5-7)
Authenticated Includes all users and computers whose identities have been
Users authenticated. Authenticated Users does not include Guest even if the
(S-1-5-11) Guest account has a password.
Batch Includes all users who have logged on through a batch queue facility such
(S-1-5-3) as task scheduler jobs.
A placeholder in an inheritable access control entry (ACE). When the
Creator Owner
ACE is inherited, the system replaces this SID with the SID for the
(S-1-3-0)
object's current owner.
A placeholder in an inheritable ACE. When the ACE is inherited, the
Creator Group
system replaces this SID with the SID for the primary group of the
(S-1-3-1)
object's current owner.
Dialup Includes all users who are logged on to the system through a dial-up
(S-1-5-1) connection.
On computers running Windows XP Professional, Everyone includes
Authenticated Users and Guest. On computers running earlier versions of
Everyone the operating system, Everyone includes Authenticated Users and Guest
(S-1-1-0) plus Anonymous Logon.

For more information, see Differences in default security settings.

Interactive Includes all users logging on locally or through a Remote Desktop
(S-1-5-4) connection.
Local System
A service account that is used by the operating system.
(S-1-5-18)
Network Includes all users who are logged on through a network connection.
(S-1-5-2) Access tokens for interactive users do not contain the Network SID.
A placeholder in an ACE on a user, group, or computer object in Active
Self (or Directory. When you grant permissions to Principal Self, you grant them
Principal Self) to the security principal represented by the object. During an access
(S-1-5-10) check, the operating system replaces the SID for Principal Self with the
SID for the security principal represented by the object.
Service A group that includes all security principals that have logged on as a
(S-1-5-6) service. Membership is controlled by the operating system.
Terminal
Includes all users who have logged on to a Terminal Services server that
Server Users
is in Terminal Services version 4.0 application compatibility mode.
(S-1-5-13)

For more information on the Administrators (S-1-5-32-544), Power Users (S-1-5-32-

547), Backup operators (S-1-5-32-551), and Users (S-1-5-32-545) groups, see Default
security settings.

For more information, see Well-Known Security Identifiers at the Microsoft Resource
Kits Web site.(http://www.microsoft.com/)