SID: S-1-0
Name: null
Authority
Description: Identifier issued agency.
SID: S-1-0-0
NOBODY
Description: No safety main body.
SID: S-1-1
Name: World
Authority
Description: Identifier issued agency.
SID: S-1-1-0
Name: Everyone
Description: Groups of all users (even anonymous users and guests). Member identity is controlled by operating system.
SID: S-1-2
Name: Local
Authority
Description: Identifier issued agency.
SID: S-1-3
Name: CREATOR
Authority
Description: Identifier issued agency.
SID: S-1-3-0
Name: CREATOR
Owner
Description: Can inherit access control items
(ACE)
The placeholder in the middle. when
ACE
When it is inherited, the system uses the object of the founder.
SID
Replace this
SID.
SID: S-1-3-1
Name: CREATOR
Group
Description: Inherited
ACE
The placeholder in the middle. when
ACE
When it is inherited, the main group of the system's creator
SID
Replace this
SID. The main group is for
POSIX
Subsystem use.
SID: S-1-3-2
Name: CREATOR
Owner
Server
Description: Windows
2000
Do not use this
SID.
SID: S-1-3-3
Name: CREATOR
Group
Server
Description: Windows
2000
Do not use this
SID.
SID: S-1-4
Name: non-unique
Authority
Description: Identifier issued agency.
SID: S-1-5
Name: NT
Authority
Description: Identifier issued agency.
SID: S-1-5-1
Name: Dialup
Description: A group that includes all users logged in by dial-up connection. Member identity is controlled by operating system.
SID: S-1-5-2
Name: NetWork
Description: A group including all users logged in through the network. Member identity is controlled by operating system.
SID: S-1-5-3
Name: Batch
Description: A group that includes all users logged in through the Batch Tool. Member identity is controlled by operating system.
SID: S-1-5-4
Name: interactive
Description: A group that includes all users logged in interactively. Member identity is controlled by operating system.
SID: S-1-5-5-X-Y
Name: Logon
Session
Description: Login session. These ones
SID
of
X
with
Y
It varies depending on the session.
SID: S-1-5-6
Name: Service
Description: A group including all security mains as a service login. Member identity is controlled by operating system.
SID: S-1-5-7
Name: anonymous
Description: A group of users who are logged in in an anonymous manner. Member identity is controlled by operating system.
SID: S-1-5-8
Name: Proxy
Description: Windows
2000
Do not use this
SID.
SID: S-1-5-9
Name: Enterprise
Controllers
Description: One by use
ActiveDirectory
Group of all domain controllers in the forest directory service. Member identity is controlled by operating system.
SID: S-1-5-10
Name: Principal
Self
Description: ACTIVE
Directory
Account objects or group objects can inherit
ACE
One placeholder in the middle. when
ACE
When it is inherited, the system uses the security main body holding this account.
SID
Replace this
SID.
SID: S-1-5-11
Name: Authenticated
Users
Description: A group of users who have already verified when logging in. Member identity is controlled by operating system.
SID: S-1-5-12
Name: restricted
Code
Description: This
SID
Before retaining.
SID: S-1-5-13
Name: Terminal
Server
Users
Description: A group including all users who log in to the terminal service server. Member identity is controlled by operating system.
SID: S-1-5-18
Name: Local
SYSTEM
Description: The service account used by the operating system.
SID: S-1-5-19
Name: NT
Authority
Description: Local service
SID: S-1-5-20
Name: NT
Authority
Description: Network Service
SID: S-1-5- Domain-500
Name: administrator
Description: System administrator's user account. By default, it is the only user account that can fully control the system.
SID: S-1-5-Domain-501
Name: Guest
Description: User accounts for people without personal accounts. This user account does not require a password. By default, guest
Account is disabled.
SID: S-1-5-Domain-502
Name: KRBTGT
Description: Key Distribution Center
(KDC)
Service account used by the service.
SID: S-1-5- Domain-512
Name: Domain
Admins
Description: A global group that is authorized to manage the domain. By default, Domain
Admins
Group belongs to all joined domains (including domain controllers)
Administrators
group. Domain
Admins
Is the default owner of any object created by any member of the group.
SID: S-1-5- Domain-513
Name: Domain
Users
Description: A global group, which includes all user accounts in the domain by default. When you create a user account in the domain, the account will be added to the group by default.
SID: S-1-5- Domain-514
Name: Domain
Guests
Description: A global group, by default it has only one member, ie the domain's built-in
Guest
account.
SID: S-1-5- Domain-515
Name: Domain
Computers
Description: A global group that includes all clients and servers in the joining domain.
SID: S-1-5-Domain-516
Name: Domain
Controllers
Description: A global group including all domain controllers in the domain. By default, the new domain controller will be added to the group.
SID: S-1-5- Domain-517
Name: CERT
Publishers
Description: A global group including all computers of all running corporate certification authorities. CERT
Publishers
Authorized
Active
Directory
middle
User
Object release certificate.
SID: S-1-5-root domain-518
Name: Schema
Admins
Description: General Groups in the pure mode domain; global groups in the hybrid mode field. This group is authorized
Active
Directory
Change the architecture. By default, the only member of the group is a forest root domain.
Administrator
account.
SID: S-1-5-root domain-519
Name: Enterprise
Admins
Description: General Groups in the pure mode domain; global groups in the hybrid mode field. This group is authorized
Active
Directory
Changes in the forest scope of the project, such as adding subdomains. By default, the only member of the group is a forest root domain.
Administrator
account.
SID: S-1-5- Domain-520
Name: group
Policy
Creator
Owners
Description: An authorized
Active
Directory
The global group of the new group policy object. By default, the only member of the group is
Administrator.
SID: S-1-5- Domain-533
Name: ras
and
IAS
Servers
Description: Domain local group. By default, there is no member. Server pair in this group
Active
Directory
Domain
User
Objects have "Read Account Limit" and "Read Login Information" access. By default, there is no member. Server pair in this group
Active
Directory
middle
User
Objects have "Read Account Limit" and "Read Login Information" access.
SID: S-1-5-32-544
Name: administrators
Description: Built-in group. After the first installation of the operating system, the only member of the group is
Administrator
account. Domain when the computer is joined in the domain
Admins
The group will be added to
Administrators
Group. Enterprise when the server becomes a domain controller
Admins
Group is also added to
Administrators
Group.
SID: S-1-5-32-545
Name: Users
Description: Built-in group. After the first installation of the operating system, the only member of the group is
Authenticated
Users
group. Domain when the computer is joined in the domain
Users
The group will be added to the computer
Users
Group.
SID: S-1-5-32-546
Name: guests
Description: Built-in group. By default, the only member of the group is
Guest
account. Guests
Group allows temporary or disposable users to log in to the computer's built-in
Guest
account.
SID: S-1-5-32-547
Name: Power
Users
Description: Built-in group. By default, there is no member. Power
Users
You can create local users and groups, modify, and delete previously created accounts, delete
Power
Users, users
with
Guests
Users in the group. Power
Users
You can also install, create, manage, and delete local printers and create and delete file sharing directories.
SID: S-1-5-32-548
Name: Account
Operators
Description: A built-in group that exists only on the domain controller. By default, there is no member. ACCOUNT by default
Operators
Authority
Active
Directory
All containers and organizational units create, modify, and delete accounts, Builtin containers and
Domain
Controllers
OU
except. Account
Operators
No right to modify
Administrators
with
Domain
Admins
Group, no right to modify accounts for members of those groups.
SID: S-1-5-32-549
Name: Server
Operators
Description: A built-in group that exists only on the domain controller. By default, there is no member. Server
Operators
You can log in to the server in interactively, create and delete network shared directories, start and stop the service, backup, and restore files, format your computer's hard drive, and turn off your computer. Computer.
SID: S-1-5-32-550
Name: Print
Operators
Description: A built-in group that exists only on the domain controller. By default, the only member of the group is
Domain
Users
group. Print
Operators
You can manage printers and document queues.
SID: S-1-5-32-551
Name: Backup
Operators
Description: Built-in group. By default, there is no member. BACKUP
Operators
You can back up and restore all files on your computer, regardless of those privileges that are subject to this. BACKUP
Operators
You can also log in and close your computer.
SID: S-1-5-32-552
Name: Replicator
Description: A built-in group used by a file replication service on a domain controller. By default, there is no member. Do not add users to this group.
The following groups are in a certain set
Windows
Server
2003
Domain controller is specified as the main domain controller
(PDC)
Operating the host role, will always be displayed
SID. ("Operation Host" is also called a flexible single-mode operation or
FSMO. )
Windows
Server
2003
When the domain controller is added to the domain, the newly created built-in groups are:
SID: S-1-5-32-554
Name: Builtin / Pre-Windows
2000
Compatible
ACCESS
Description: Windows
2000
Added alias. A backward compatible group allows all users and groups in the domain to read access.
SID: S-1-5-32-555
Name: Builtin / Remote
Desktop
Users
Description: An alias. The group of members is granted remote login permissions.
SID: S-1-5-32-556
Name: BUILTIN / NETWORK
CONFIGURATION
Operators
Description: An alias. The group has some permissions that manage network function configurations.
SID: S-1-5-32-557
Name: Builtin / incoming
FOREST
Trust
Builders
Description: An alias. Members of this group can create unidirectional trust in the incoming in the project.
SID: S-1-5-32-557
Name: Builtin / incoming
FOREST
Trust
Builders
Description: An alias. Members of this group can create unidirectional trust in the incoming in the project.
SID: S-1-5-32-558
Name: Builtin / Performance
Monitor
Users
Description: An alias. Members of this group can be remotely accessed to monitor this computer.
SID: S-1-5-32-559
Name: Builtin / Performancelog
Users
Description: An alias. Members of this group can be remotely accessed to plan the log of the performance counter on this computer.
SID: S-1-5-32-560
Name: Builtin / Windows
Authorization
ACCESS
Group
Description: An alias. Members of this group can be accessed
User
Object calculation
TokenGroupsglobalanduniversal
Attributes.
SID: S-1-5-32-561
Name: Builtin / Terminal
Server
License
Servers
Description: An alias. Terminal Server License Server Group.
