Where Windows 2000 uses SIDs

This excerpt from Chapter 5 of "The definitive guide to Windows 2000 security" describes three major access control structures where SIDs are used.

Get a glimpse inside Paul Cooke's e-book "The definitive guide to Windows 2000 security" with this series of book excerpts, courtesy of Realtimepublishers.com. This excerpt is from Chapter 5, "Configuring access control." Click for the book excerpt series or get the full e-book.


Where Windows 2000 uses SIDs

Now that you're becoming familiar with SIDs and recognize that I'll be dealing with them for quite some time, you're probably getting curious about all the places where SIDs are used. Maybe surprisingly, Windows 2000 uses SIDs in only three major access control structures.

  • Access tokens
    Two types of SIDs are used in an access token: One SID identifies who the token represents, and the other SID identifies the security groups that the user is a member of.
  • Security descriptors
    Two types of SIDs are used in a security descriptor: The first SID identifies an object's owner, and the second SID identifies the owner's primary security group affiliation.
  • ACEs
    A SID is used in every ACE to identify the accounts or security groups for which access is allowed, denied, or audited.

I'll discuss the details of each of these structures in later sections of this chapter; for now, it's enough to know where Windows 2000 uses SIDs.

Click for the next excerpt in this series: The structure of a SID


Click for the book excerpt series or get the full e-book.
This was first published in November 2004

Dig deeper on Windows Disaster Recovery and Business Continuity

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close