SID: S-1-0 Name: Null Authority Description: Identifier issued agency. SID: S-1-0-0 Name: Nobody Description: No safety main body. SID: S-1-1 Name: World Authority Description: Identifier issued agency. SID: S-1-1-0 Name: Everyone Description: Groups of all users (even anonymous users and guests). Member identity is controlled by operating system. SID: S-1-2 Name: Local Authority Description: Identifier Authority. SID: S-1-3 Name: CREATOR Authority Description: Identifier issued agency. SID: S-1-3-0 Name: CREATOR OWNER Description: The placeholder in which the access control item (ACE) can be inherited. When the ACE is inherited, the system replaces this SID with the SID of the object creator. SID: S-1-3-1 Name: CREATOR Group Description: Inherited placeholders in the ACE. When the ACE is inherited, the system replaces this SID with the main group SID of the object creator. The main group is for use only in the POSIX subsystem. SID: S-1-3-2 Name: CREATOR OWNER Server Description: This SID is not used in Windows 2000. SID: S-1-3-3 Name: CREATOR Group Server Description: This SID is not used in Windows 2000. SID: S-1-4 Name: Non-Unique Authority Description: Identifier issued agency. SID: S-1-5 Name: NT Authority Description: Identifier Authority. SID: S-1-5-1 Name: Dialup Description: A group including all users logged in by dial-up connection. Member identity is controlled by operating system. SID: S-1-5-2 Name: NetWork Description: A group of users who are logged in through the network. Member identity is controlled by operating system. SID: S-1-5-3 Name: BATCH Description: A group of users who are logged in through the queue tool. Member identity is controlled by operating system. SID: S-1-5-4 Name: Interactive Description: A group including all users logged in interactively. Member identity is controlled by operating system. SID: S-1-5-5-X-Y Name: Logon Session Description: Login session. These SIDs x and y are varied due to sessions. SID: S-1-5-6 Name: Service Description: A group that includes all security principals as a service login. Member identity is controlled by operating system. SID: S-1-5-7 Name: anonymous description: A group of users who are logged in in anonymous way. Member identity is controlled by operating system. SID: S-1-5-8 Name: Proxy Description: This SID is not used in Windows 2000. SID: S-1-5-9 Name: Enterprise Controllers Description: A group consisting of all domain controllers in the forest using the Active Directory directory service. Member identity is controlled by operating system. SID: S-1-5-10 Name: Principal SELF Description: Account objects in Active Directory or group objects can inherit a placeholder in the ACE.
When the ACE is inherited, the system replaces this SID with the SID of the security main body holding this account. SID: S-1-5-11 Name: Authenticated Users Description: A group of users who have already verified when logging in. Member identity is controlled by operating system. SID: S-1-5-12 Name: Restricted Code Description: This SID is reserved for later use. SID: S-1-5-13 Name: Terminal Server Users Description: A group that includes all users who log in to the terminal service server. Member identity is controlled by operating system. SID: S-1-5-18 Name: Local System Description: The service account used by the operating system. SID: S-1-5-19 Name: NT Authority Description: Local Services SID: S-1-5-20 Name: NT Authority Description: Network Service SID: S-1-5- Domain-500 Name: Administrator Description: System administrator's user account. By default, it is the only user account that can fully control the system. SID: S-1-5- Domain-501 Name: Guest Description: User accounts for people without personal accounts. This user account does not require a password. By default, the guest account is disabled. SID: S-1-5- Domain-502 Name: KRBTGT Description: Service Account used by Key Distribution Center (KDC) service. SID: S-1-5- Domain-512 Name: Domain Admins Description: A global group, its member is authorized to manage the domain. By default, the Domain Admins group belongs to the Administrators group on all joined domains (including domain controllers). Domain admins is the default owner of any object created by any member of the group. SID: S-1-5- Domain-513 Name: Domain Users Description: A global group, by default it includes all user accounts in the domain. When you create a user account in the domain, the account will be added to the group by default. SID: S-1-5- Domain-514 Name: Domain Guests Description: A global group, by default it has only one member, ie the domain's built-in guest account. SID: S-1-5- Domain-515 Name: Domain Computers Description: A global group that includes all clients and servers in the Domain. SID: S-1-5- Domain-516 Name: Domain Controllers Description: A global group including all domain controllers in the domain. By default, the new domain controller will be added to the group. SID: S-1-5- Domain-517 Name: CERT Publishers Description: A global group including all computers of all running corporate certificate issuing agencies. CERT Publishers is authorized to publish a certificate to the User object in Active Directory. SID: S-1-5-root domain - 518 Name: Schema admins Description: General Groups in the pure mode domain; global groups in the hybrid mode domain. This group is authorized to change the architecture in Active Directory. By default, the only member of the group is the Administrator account of the catalog forest. SID: S-1-5-root domain - 519 Name: Enterprise Admins Description: General Groups in the pure mode domain; global groups in the hybrid mode domain.
This group is authorized to make changes in the forest range in Active Directory, such as adding subdomains. By default, the only member of the group is the Administrator account of the catalog forest. SID: S-1-5- Domain-520 Name: Group Policy Creator Owners Description: A global group that is authorized to create a new group policy object in Active Directory. By default, the unique member of the group is administrator. SID: S-1-5- Domain-533 Name: Ras and IAS Servers Description: Domain Local Group. By default, there is no member. The server in this group has the user object in the Active Directory domain has "Read Account Limit" and "Read Login Information" access. By default, there is no member. The server in this group has the user object in Active Directory with "Read Account Limit" and "Read Login Information" access. SID: S-1-5-32-544 Name: administrators Description: Built-in group. After installing the operating system for the first time, the only member of the group is an Administrator account. When your computer is joined the domain, the Domain Admins group will be added to the Administrators group. When the server becomes a domain controller, the Enterprise Admins group is also added to the Administrators group. SID: S-1-5-32-545 Name: Users Description: Built-in group. After installing the operating system for the first time, the only member of the group is an Authenticated User Group. When your computer is joined the domain, the Domain UserS group will be added to the User Group on your computer. SID: S-1-5-32-546 Name: Guests Description: Built-in group. By default, the unique member of the group is a guest account. The Guests group allows temporary or disposable users to log in to the built-in guest account of the computer using limited authority. SID: S-1-5-32-547 Name: Power User Description: Built-in group. By default, there is no member. Power Users can create local users and groups, modify, and delete previously created accounts, delete users in Power Users, Users, and Guests groups. Power Users can also install, create, manage, and delete local printers and create and delete file sharing directories. SID: S-1-5-32-548 Name: Account Operators Description: A built-in group that exists only on the domain controller. By default, there is no member. By default, Account Operators has the right to create, modify, and delete accounts in all containers and organizational units of Active Directory, except for the Builtin container and Domain Controllers OU. Account Operators No need to modify the Administrators and Domain Admins groups, and no need to modify the account for members of those groups. SID: S-1-5-32-549 Name: Server Operators Description: A built-in group that exists only on the domain controller. By default, there is no member. Server Operators can log in to the server in interaction, create and delete network shared directories, start and stop service, backup, and restore files, format your computer's hard drive, and turn off your computer.
