Last Articles

Most popular password

Network Information Security: Myths and Realities Omnipotence hackers

Hackers and crackers, or what is good and what is bad?

Chronology of the ARPANET - INTERNET

Protection system in Windows - Fact or Fiction

The basic principles of security

Manager SAM and Active Directory

Administrative boundaries: the forest or domain?

Can you trust a domain that is connected to the Internet?

Идентификаторы защиты (SID)

Why can not I log in as an administrator from any location?

Network security model and resource sharing

Remote attacks on distributed computing systems

Characteristics and mechanisms of implementation of standard remote attacks

Fake ARP-server on the Internet

False DNS-server on the Internet

Substitution of one of the subjects TCP-connections on the Internet

Malfunction host on the network

Mythical remote attacks on the Internet

Dedicated channel communication between objects distributed CS

Идентификаторы защиты (SID)

  So far we have talked about the elements of security, using their "common" names, such as the administrator of the Domain Admins group or Domain Admins. But inside the Windows NT family of systems, each of these objects is represented globally unique 48-bit number, called a security identifier or SID (Security Identifier). This approach allows the system to distinguish between, for example, the local Administrator account the same name of computer A and the local Administrator account on your computer.

  In the SID consists of several parts. Consider an example of such an identifier.


  Prior to the SID, the letter S, and its parts are separated by hyphens. The first number (in this case 1) is the revision number, the second - the value of office identifier (for Windows Server 2003, it is always 5). This is followed by four options under the authority (in this example is 21, and three long strings of numbers), and the latter indicates a relative identifier (RID - Relative Identifier) (in our example, the value is 500).

  The SID may seem complicated, but it is important to understand that one part is unique to the installation, or domain, and another - is common to all installations and Wamena (relative identifier R1D). After you install Windows Server 2003, a local computer randomly selects the SID. The same thing happens when you create a domain under Windows Server 2003 - he also gets a unique identifier SID. Thus, for any computer or domain that is running Windows Server 2003, under the powers will always be unique (unless these are fake and do not overlap, as happens in certain types of low-level copying of disks).

  In any case, the value of R1D is constant for all computers and domains. For example, the identifier SID, whose value is 500 RiD, always belongs to the Administrator account of the local machine. RID 501 is used to account Guest. For the domain RID starts from 1001 and shows the number of user accounts (eg, RID 1015 will fifteenth user domain). Suffice it to say that renaming the account does not affect the corresponding S1D, so the account will always be identified. Renaming the account Administrator, you just change its name, Windows Server 2003 (or an attacker, using special equipment) is always defined by the value of CE R1D 500.

Top 5 most read

The basic rules of safe behavior on the Internet

Manager SAM and Active Directory

You forget your password. What should I do? Part 3

Social engineering as a way of committing crimes in the sphere of computer information

Идентификаторы защиты (SID)

Copyright © 2010 BRV ISTCOM S.R.L.- раскрутка сайта