Please Clarify foir me...

  • Thread starter Thread starter Robert Bollinger
  • Start date Start date
R

Robert Bollinger

Hello All -

IF a windows securty principal is this:

any object that has an SID attached to it,. then does that make (really) any
object in active directory, the file system, services, dns records etc.
Security Principals?

I understand that user accounts, computer accounts, serivce accounts are
security principals but am i correct that "Any Object" is considered a
security principal if it has
an SID assigned to it?


Thank You,

Robert
 
Hi Robert,

I think you may be confusing SIDs with GUIDs and other
forms of UIDs (unique identifiers). SIDs have a specific
form, with a part that represents the domain or machine,
so, other than the well-known (like for Administrator) a
SID is unique among installs (of machines or domains).

It is true to say that all security principals are internally
each represented by a unique SID. These are normally
stated as being accounts and groups, but note that these
these include the so-called built-in, well-known principals
(ex. Interactive, Network, etc.).

I think it is also true to state the reverse, that any SID
represents a security principal. (i.e. having a unique object
id, a unique rid, etc. is not the same as having a sid).

Roger
 
Back
Top