In Windows, to uniquely identify a security principal or group, we use security identifier (SID). Whether it is items such as group, account, or process, each of them has a unique SID in security context of the account. When a user logs in to the system, the OS will create an access token. Those access token contains user’s SID, rights granted to that user and the SID for user’s parent group. In this article, we’ll see how to get security identifier (SID) of any user in Windows 10.
As an end user, you may locate everything by name such your user account name, a group or the process. However, the system recognized these entities only by their SIDs.
You must know about these facts about security identifier (SID):
- The SID for a local account or group is unique for the machine on which they’re created.
- On client system, the SID for local account or group is issued by Local Security Authority.
- On client system, the SID is stored in a secure area of registry along with other account information.
- On server system, the SID for domain account or group is issued by Domain Security Authority.
- On server system, the SID is stored as an attribute of the User or Group object in Active Directory Domain Services.
- Default SIDs: for built-in administrator account have SID ending with 500, while for Guest account it ends with 501. For DefaultAccount, it ends with 503. For first administrator account created on the system, it ends with 1001.
If you wish to read about SIDs in detail, you must checkout this official Microsoft documentation. To identify the SID of any user in Windows 10, you can refer methods presented below.
Page Contents
Get Security Identifier (SID) Of Any User In Windows 10/11/8/7
Method 1 – Find SID Of Any User Using Command Prompt
1. Right click on Start button () and choose Command Prompt (Admin).
2. In administrative Command Prompt window, type following command and press Enter key to locate SID for currently logged in user:
whoami/user
3. To locate the SID of all user accounts present on the system, execute this command:
wmic useraccount get domain,name,sid
You can also locate SIDs via registry, as mentioned in Method 2 next.
Method 2 – Find SID Of Any User Using Registry
- Open Registry Editor by running
regedit
command. - Go to this registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
. - Under ProfileList registry key, you can locate all the SIDs for account as well as for services/processes. To identify an account/process corresponding to a SID, check Value data of ProfileImagePath registry string (REG_EXPAND_SZ).
That’s it!
Leave a Reply