In Windows environment, each user is given a SID (Security Identifier). It is a unique identifier that can be used to control access to many resources like Files, network shares, Registry keys, etc. In this page, you are going to find out how to find the SID of User in Windows.
FINDING A USER’S SID WITH WMIC
If you want to a user’s SID in Windows via WMIC, you are able to follow these steps below:
- At the first step, you have to open Command Prompt.
- In Windows 10 and Windows 8, if you are using a keyboard and mouse, the fastest way is through the Power User Menu, accessible with the WIN + X shortcut.
- If you do not see Command Prompt there, simply you are able to type cmd into the search bar in the Start menu, and then choose Command Prompt when you see it. For note: You do not have to open an elevated Command Prompt for this to work. Several Windows commands need it, but in the WMIC command below, you are able to open a regular, non-administrative Command Prompt.
- Now, you need to type the command below into Command Prompt:
wmic useraccount get name,sid
- After that, simply you are able to press Enter.
- If you know the username and want to grab only that one user’s SID, so you have to enter this command: wmic useraccount where name=”USER” get sid. But you have to replace USER with the username (keep the quotes) like this: wmic useraccount where name=”Bella” get sid. For note: If you get an error that the wmic command is not known, so you are able to change the working directory. For your information, you are able to do that with the Change Directory (CD) command.
- Next, you should view a table displayed in Command Prompt. This is a user account list in Windows that is listed by username and then followed by the user’s SID.
Right now that you are confident that a particular user name corresponds to a particular SID, you will be able to make whatever changes you want to in the registry or do whatever you need.
In other case, if you happen to have a case where you need to discover the user name but all you have is the SID (security identifier), so you are able to reverse the command like below:
(Just replace the SID with the one in question)
wmic useraccount where sid=”S-1-5-21-993879714-4043243874-2616560337-1101″ get name
…to get a result like this:
Name
Bella
FINDING A USER’S SID IN THE REGISTRY
Also, you are able to specify a user’s SID by looking through the Profile Image Path values in each S-1-5-21 prefixed SID listed under this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
You have to know that the Profile Image Path value within each SID-named registry key lists the profile directory, that includes the username. For example, the Profile Image Path value under the S-1-5-21-993879714-4043243874-2616560337-1101 key on the computer you see above is C:\Users\bella, so we know that the SID for the user “bella” is “S-1-5-21-993879714-4043243874-2616560337-1101“.
This method of matching users to SIDs is only going to show those users who are logged in or have logged in and switched users. To continue using the registry method for specifying other user’s SIDs, you are going to need to log in as each user on the system and repeat those steps. However, we think that you are much better off using the wmic command method above.
WHAT ARE SECURITY IDENTIFIERS?
A security identifier or simply called as SID is used to uniquely identify a security principal or security group. Security principals are able to represent any entity which can be authenticated by the operating system, such as a user account, a computer account, or a thread or process which runs in the security context of a user or computer account. Each account/ group, or process running in the security context of the account has a unique SID which is issued by an authority, such as a Windows domain controller. It is stored in a security database. The system generates the SID which identifies a particular account or group at the time the account or group is made. When a SID has been used as the unique identifier for a user/ group, it is able to never be used again to identify another user/ group.
Each time a user signs in, the system makes an access token for that user. For your information, an access token contains a SID of the user, a user rights, and the SIDs for any groups a user belongs to. This token gives the security context for whatever actions the user does on that computer. The Security Identifiers are the fundamental building block of the Windows security model. They work with special components and access control technologies in the security of Windows Server operating systems. This is going to help protecting access to network resources and also give a more secure computing environment. The content in this topic applies to computers which are running the supported versions of the Windows operating system.
HOW SECURITY IDENTIFIERS WORK
The users refer to accounts by using the account name, however the operating system internally refers to accounts and processes which run in the security context of the account by using their security identifiers (SIDs). For domain accounts, the SID of a security principal is made by concatenating the SID of the domain with a RID (Relative Identifier) for the account. SIDs are unique within their scope (local or domain), and they are never reused. The operating system generates a SID which identifies a particular account or group at the time the account or group is created. The SID for a local account or group is generated by the LSA (Local Security Authority) on the computer. It is saved with other account information in a secure area of registry. While the SID for a domain account/ group is generated by the domain security authority which is saved as an attribute of the user or group object.
AUTHOR BIO
On my daily job, I am a software engineer, programmer & computer technician. My passion is assembling PC hardware, studying Operating System and all things related to computers technology. I also love to make short films for YouTube as a producer. More at about me…