This is basically the internal identifier used by Windows to uniquely determine a user/group/machine.
Local machine administrator SID will always end with -500.
Guest SID will end with -501
User SID will end with -1001 (1001 signifies the first user and will auto increment with subsequent user)
This is how ACL determines if a user is allowed access to files/services/etc.
Net use
1) net use \\192.168.1.2\ipc$ password /u:domain\administrator
2) Useful sid tool (user2sid and sid2user)
user2sid \\caesars administrator
sid2user \\caesars 5 21 124532423423 4234234234234 4235234234-500
whoami /user /groups
Windows Impersonation
Let the server notify the subsystem that it is temporarily adopting the token of the client making the resource request.
*Restricted token is assigned to child processes that has more limited access than the parent token.
The token consist of all the SID that the logged user is a member of.
Eg John Smith, who is a member of group Developers, Webmaster and Requester logs into Windows. The token will consist of John Smith's SID, Developers group SID, Webmaster group SID and Requester group SID.
Assuming John tries to access file A (which is assigned to Developers group). The ACL will check if John's token consist of the Developers group SID. If yes, John will have access to file A.
No comments:
Post a Comment